Proton is such a hassle and implements security in a completely illogical manner. I honestly can’t believe that people are content with such mediocrity.
They’re not bad, you’re just misinformed at a fundamental level.
Proton Mail is like Bitwarden, it encrypts data client side and stores the encrypted blob server side, which is exactly what they’re doing with your private key. Otherwise, you’d have to carry it around on a USB or do some other voodoo to be able to read your emails.
That paper is god awful bad. They’re basically saying things like “it can’t be secure because they rely on the client code to be delivered by TLS and you could have a MITM that results in different client code being sent!” and "proton allows you to set passwords that are weak, thereby not looking out for your best interest!
Their conclusion can be summarized as “Proton can’t provide a secure web mail application, because nobody can.” Their suggested remedy is also actually a thing now because there is a Proton Mail desktop application.
The whole thing is pretty ridiculous in any case because someone would have to have control over your DNS server, you’d have to go to a phishing instance of proton instead of the real one, you’d be logged out because the cookies wouldn’t be decryptable by their server, so you’d then finally have to login handing over your password.
If you use Proton VPN (or some other trustworthy DNS) that situation can happen. For most people it’s an extremely unlikely situation. It’s not a Proton problem though, it’s a web technology problem.
For most people this situation will never happen (but it would be nice if someone would solve the problem).
When using TOR or a VPN, they also force you to verify your account with SMS.
People are going to abuse services that allow anonymous signups… Proton does not claim to be an anonymous email service, merely a private email service.
They can’t. I’ve seen similar critiques popup and I’m certain it’s a shill trying to move people away from proton. Why? To what end? No clue on either front.
Proton is the shiznit. They answer to no one except their customers. They are self funded with lots of help from us. They never took any money from the investment firms that would try to control how they do things usually to the detriment of quality, security, etc.
That still doesn’t negate what I said and I specifically worded it the way I did for a reason. There is a difference between taking funds from an incubator that runs as a non profit and taking money from the vulture investors who demand a large chunk of the company and therefore control for the funds they inject.
Go ahead but I’m sure I can explain in much more technical depth than you… there is a reason I’m guessing you can’t even figure out how to use GnuPG so you just rely on some hosted solution to claim they are keeping you safe.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !protonprivacy@lemmy.world
Empowering you to choose a better internet where privacy is the default. Protect yourself online with
Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.
Proton Mail is the world’s largest secure email provider. Swiss, end-to-end encrypted, private, and free.
Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.
Proton Calendar is the world’s first end-to-end encrypted calendar that allows you to keep your life private.
Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It’s open source, publicly audited, and Swiss-based.
Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.
SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.
Proton is such a hassle and implements security in a completely illogical manner. I honestly can’t believe that people are content with such mediocrity.
deleted by creator
They’re not bad, you’re just misinformed at a fundamental level.
Proton Mail is like Bitwarden, it encrypts data client side and stores the encrypted blob server side, which is exactly what they’re doing with your private key. Otherwise, you’d have to carry it around on a USB or do some other voodoo to be able to read your emails.
That paper is god awful bad. They’re basically saying things like “it can’t be secure because they rely on the client code to be delivered by TLS and you could have a MITM that results in different client code being sent!” and "proton allows you to set passwords that are weak, thereby not looking out for your best interest!
Their conclusion can be summarized as “Proton can’t provide a secure web mail application, because nobody can.” Their suggested remedy is also actually a thing now because there is a Proton Mail desktop application.
The whole thing is pretty ridiculous in any case because someone would have to have control over your DNS server, you’d have to go to a phishing instance of proton instead of the real one, you’d be logged out because the cookies wouldn’t be decryptable by their server, so you’d then finally have to login handing over your password.
If you use Proton VPN (or some other trustworthy DNS) that situation can happen. For most people it’s an extremely unlikely situation. It’s not a Proton problem though, it’s a web technology problem.
For most people this situation will never happen (but it would be nice if someone would solve the problem).
People are going to abuse services that allow anonymous signups… Proton does not claim to be an anonymous email service, merely a private email service.
deleted by creator
The fuck you smoking
removed by mod
I’d be down to hear you out but you gotta first provide proof/evidence backing up that claim
it’s been just fine for me for years.
Can you give an example? This is the first criticism of Proton I’ve heard
They can’t. I’ve seen similar critiques popup and I’m certain it’s a shill trying to move people away from proton. Why? To what end? No clue on either front.
Proton is the shiznit. They answer to no one except their customers. They are self funded with lots of help from us. They never took any money from the investment firms that would try to control how they do things usually to the detriment of quality, security, etc.
You are right that Proton is currently self-funded by its paying customers, but to be accurate, they have actually taken VC money before.
That still doesn’t negate what I said and I specifically worded it the way I did for a reason. There is a difference between taking funds from an incubator that runs as a non profit and taking money from the vulture investors who demand a large chunk of the company and therefore control for the funds they inject.
removed by mod
Find me a company that’s going to deny a court order for $5 a month.
Proton promises privacy and security. Not collusion in whatever illegal shit you’re doing.
removed by mod
Where did I say anything about the law? You clearly have an agenda and you can fuck right off with that.
I’m blocking you now because I don’t have time nor do I think you would understand me or anyone else explaining this, even at a 1st grade level.
Go ahead but I’m sure I can explain in much more technical depth than you… there is a reason I’m guessing you can’t even figure out how to use GnuPG so you just rely on some hosted solution to claim they are keeping you safe.
You use Chromium, don’t act elitist
So you think GrapheneOS is insecure? It uses Chromium for their browser engine, which was picked because it provided more security than Firefox.
Lol he does ? And is bitching about proton being unsafe oh the irony is killing me .
What are some better options?
https://github.com/docker-mailserver/docker-mailserver
Utilizing a good mail client with GnuPG/PGP support.
Have you considered self hosting?
/s
After reading the adventures of https://io.mwl.io/@mwl trying to roll his own mail server, I’ll probably avoid that option.
What did you read? Can you share a link?
His #ryoms hashtag on Mastdon covers it. He plans to publish a whole book about it at some point.
Thanks!