If the owner of the standard notes will now be a proton, doesn’t that contradict this principle? I have a proton email account but I don’t want it linked to my standard notes account. I don’t strongly trust companies that offer packaged services like google or Microsoft. I prefer to have one service from one company. I am afraid that now I will have to change where I save my notes. What do you guys think about this?

Sips'
link
fedilink
English
59M

While I generally also try to live by that rule and only use Proton for its mail service. Having another Suite option that actually is private. Is what Proton needs to become for “normal” people to adapt to other options outside of Google, Microsoft etc…

@solrize@lemmy.world
link
fedilink
English
79M

What is standard notes exactly and why would anyone use it? I hadn’t heard of it before today’s proton announcement. Private files should stay on your own PC, preferably airgapped, not on someone else’s server .

@brisk@aussie.zone
link
fedilink
English
49M

It’s e2e encrypted and locally encrypted. So the practical impact of the server is for syncing between devices.

The software has caused me endless problems though, and the free version has no support for formatting of any kind

@solrize@lemmy.world
link
fedilink
English
19M

Why not use rsync or even git?

@gamedeviancy I decided to change the way how I save my notes. More specifically: Markdown

I got accustomed to it on spezzit FWIW, even without knowing about it in the first place, but then it felt so natural. I even use it here on Friendica, despite it being mostly relied on BBCode.

Now, how do I enjoy it? There are certain apps that save your notes as Markdown files in any folder of your choosing. You can then sync that folder through a cloud storage provider or through Syncthing so you can have your notes available on any device. And that’s it. If I do not like an app (even on one device) I switch to another. My notes stay with me an I can read them even in a normal text editor.

I did not encrypt my notes, but since these are just regular files, I assume you can use something like VeraCrypt to add the folder containing the notes in there and move them that way.

I have been doing passive research on proton to maybe make a switch… I agree with you. At this point, i think I’d rather have my required services with multiple/different providers and use syncthing in-house whenever possible.

@mark@programming.dev
link
fedilink
English
8
edit-2
9M

Just depends on what works best for each of us. But personally, I agree with you. It’s not that I think one company owning a ton of the services is a bad thing in itself. But history has shown us that, when a company starts to dominate a certain market, they tend to start becoming tone-deaf to our interests, because they know we can’t (easily) switch and go somewhere else.

@Jinx2756@lemmy.world
link
fedilink
English
29
edit-2
9M

To be honest, I was really happy about the news. I love Standard Notes, and I think that Proton acquiring it bodes well for its longevity. Proton is so big now that it is difficult seeing them being bought by someone else. You cannot say the same about Standard Notes. And I would have died if one day we would have seen a “Skiff situation” with Standard Notes. With Proton it is different. It is s company that I really trust.

But I do 100% get the not all eggs in one basket point. In my personal case, I have opted not to use Proton’s VPN or Password Manager services. Specifically not to put all my eggs in the same basket.

I couldnt easily find financial data for Proton AG, but they are still tiny. 100m proton mail users vs 1.5b gmail users. If one of the really big players wanted to, I am sure they could make proton an extremely tempting offer.

Dont forget that 20 years ago, Google/GMail was well trusted as well, once Proton reaches a critical mass with sufficient lock-in, there is nothing stopping them going down the same path Google did.

@herrcaptain@lemmy.ca
link
fedilink
English
69M

I’m actually shocked at how big that userbase is for Proton. Your point stands that they’re comparatively small against the truly big players, but I would have guessed a few million proton users at most.

wagoner
link
fedilink
English
59M

That includes free users, in case that wasn’t apparent

@herrcaptain@lemmy.ca
link
fedilink
English
39M

I figured as much, but it’s still a lot higher than I would have guessed.

@Jinx2756@lemmy.world
link
fedilink
English
89M

You are right. There are no certainties in this matter. Proton’s values look and sound good. But things can change and big enough offers can be hard to resist. My revised point is then that since we now know that Standard Notes were open to being acquired, I am happy that it was by Proton and not somebody else 😉

Cyborganism
link
fedilink
English
169M

I’m on the opposite of that opinion. I’d love it if proton had a whole suite like Google drive and Google keep all bundled into one secure and private service.

@LWD@lemm.ee
link
fedilink
English
49M

Bundles in general are not great

Companies and businesses benefit from the bundling bias, which usually is an indication that consumers are losing out. By creating bundled packages that people do not fully take advantage of, businesses are getting more money than they usually would and reap a greater profit.

And that’s before we factor in whether it’ll keep people from searching out alternatives thanks to convenience:

The successful deployment of a platform expansion strategy requires leveraging a customer group (composed primarily of end consumers) from one interaction to another, which would entail multiple contractual and technical tactics that differ in their degree of interference with customer choice. The more coercive these tactics are, the more they will resemble the effect that tying and bundling practices have on consumer behavior and thus the more likely to trigger competition law scrutiny.

Companies like Apple also keep people in their ecosystem by offering nice things upfront and then introducing sunk cost issues.

@gamedeviancy@discuss.tchncs.de
creator
link
fedilink
English
149M

Ok, but what does it mean, is that, when proton will be compromised, all of your data also can be compromised. When we have our data divided between different independent services, compromising one does not mean violating the others.

Cyborganism
link
fedilink
English
39M

I don’t know about that. If I use Google to sign in to different separate services, if my Google account is compromised, then so are all the other services, no?

If they’re all independent services then it becomes a hassle. Having to have multiple apps or accounts to manage.

You make a valid point, but I think there should be some kind of middle ground between the two.

@Imprint9816@lemmy.dbzer0.com
link
fedilink
English
10
edit-2
9M

This whole line of thinking seems to be based on FUD more then anything else.

There is no evidence or reason to believe some major compromise of proton will happen.

If your that worried about proton you probably should just not use the service at all.

Also using the 3-2-1 backup rules should help mitigate this fear of having everything with one service.

flatbield
link
fedilink
English
6
edit-2
9M

All security is porous. So there is every reason to believe that Proton or any other org will have a major breach at some point.

Edit: Just think of the LastPass debacle.

@Imprint9816@lemmy.dbzer0.com
link
fedilink
English
5
edit-2
9M

“All security is porous” is pure FUD reasoning and, completely disregards the security audits Proton does to make sure its not anything like LastPass.

Using LastPass as a strawman is not a compelling argument.

OP and You are also assuming if Proton was breached that it means all the user encrypted data would somehow be available to the malicious party which is also extremely unlikely.

flatbield
link
fedilink
English
49M

Security audits do not guarantee security. They are just the best we have. Just as code reviews do not guarantee good and trustworthy code. In the end, we do not know what we do not know. In the end, every system has its weaknesses.

Sure I believe Proton is a reasonable supplier. Even with that Proton for example is on the record of giving out user info to governments. I am sure they did not meet the expectations of that activist.

@Imprint9816@lemmy.dbzer0.com
link
fedilink
English
1
edit-2
8M

My point is Proton did something every legit business would do.

If your threat model is such that governments are going after you, you should be aware enough to not create an email with an IP that identifies you. That email issue was bad opsec not some specific problem with Proton.

flatbield
link
fedilink
English
18M

Well that is the point isn’t it. Companies are not very reliable. The only thing they can be relied on to do is whatever butters their bread and that can change at any time. There is also a PR component and a fact component and they do not always agree.

Proton is really no different. I seem to remember they changed what they said on their website after outing that activist. Presumably to be a little less misleading. Again, I am impressed with Proton but not infinitely impressed.

@gamedeviancy@discuss.tchncs.de
creator
link
fedilink
English
139M

No, I’m not saying that I don’t trust proton at all. I think that they have great services but as I wrote in the title - don’t put all eggs in one basket.

I think I won’t trust any company with holding ALL my data.

@Imprint9816@lemmy.dbzer0.com
link
fedilink
English
6
edit-2
9M

If all your eggs are encrypted, having those eggs in one basket or five doesn’t matter from a security perspective. Its the same reason you wouldn’t split up your passwords to multiple password managers.

That being said the much more likely scenario is that at some point in your lifetime Protons values change (either by being purchased or new leadership) and you have to move on. That’s why, regardless of how good a providers security is, its good to have backups elsewhere.

@LWD@lemm.ee
link
fedilink
English
69M

There’s a lot of metadata Proton passes around, and two of their oldest flagship products (email and VPN) require you to put a lot of trust in one company. For email, you trust them to encrypt them without snooping. For VPN, you trust them to not collect logs about where you’re going.

And in the former case, they were compelled to give up at least a little data in the not-so-distant past.

@Imprint9816@lemmy.dbzer0.com
link
fedilink
English
4
edit-2
9M

It doesn’t matter what is being discussed, if its about proton the email incident gets brought up.

Here is the deal. No major company is going to break the law for its users. Had the activist been using proton vpn to create and access their email, Proton would not have had the info they were forced to give up. The takeaway from the story is bad opsec is usually what gets people caught whether its activists or hackers.

Whether you use Proton or someone else you will need to trust that service. If you don’t trust them, don’t use them. Its that simple, no need for conjured up FUD excuses.

@LWD@lemm.ee
link
fedilink
English
79M

I bring up “the email incident” because it’s a reminder that Proton may record stuff that’s not encrypted, which includes the vast majority of emails.

And it’s not to say that you wouldn’t trust it with one individual service, but whether it’s wise to trust it with so many services at once, from a security, privacy, and even monetary perspective.

Not every concern is FUD, and I think you’ll start seeing diminishing returns every time you repeat it.

@gamedeviancy@discuss.tchncs.de
creator
link
fedilink
English
4
edit-2
9M

Had the activist been using proton vpn to create and access their email, Proton would not have had the info they were forced to give up.

What? If protonmail collects any metadata, why do you assume protonVPN doesn’t?

Create a post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…


Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

  • 1 user online
  • 1 user / day
  • 26 users / week
  • 68 users / month
  • 410 users / 6 months
  • 1 subscriber
  • 677 Posts
  • 11.2K Comments
  • Modlog