Regarding password managers:
All password managers keep data unencrypted in memory. You can’t encrypt the data in memory because then the application cannot use the data while it is running. It’s an universal issue for password managers, and not something that can be fixed.
While you can obfuscate the data, this is really security theater, because it is trivial to reverse engineer the obfuscation. In the future, Proton Pass may also obfuscate, but it doesn’t actually add any security.
If you enable PIN lock, the data is encrypted locally and cleared from memory when the PIN lock is activated. The security benefit of this in the case of a compromised device is likely marginal, as malware on a device would be able to key log the pin and bypass it in that manner. However, PIN lock can be desirable on a shared device (although somebody with access to the shared device could also install a keylogger…).
In the previous version of Proton Pass, after the PIN lock, it can take up to 30 minutes to clear data from memory, while the new version clears it immediately. It was previously immediate, but a code regression set it back to up to 30 minutes, but this has now been fixed. In general, for the reasons previously explained, we would not advise people to rely upon the PIN to secure against malware or shared devices, and that’s why PIN is not enabled by default, as the security benefit is likely marginal.
By the way, to even take advantage of this, somebody would need to have access to the device and the ability to access the device memory, in which case the PIN is not going to be effective because the device is already compromised. Unfortunately protecting against this type of device compromise is beyond the scope of Proton Pass (or any other password manager).
The team states the following regarding Firefox:
Support for running language models locally is currently only available in the Firefox Nightly builds. In our testing with Firefox, we haven’t been able to get Proton Scribe to run reliably on a variety of devices. We will see how the situation evolves before adding support.
There is also this support article explaining the link security:
Just to answer here in the thread also, as answered on reddit:
IKEv2 has been discontinued on iOS for security reasons:
https://protonvpn.com/support/discontinuing-ikev2-openvpn-macos-ios/
You’ll have to use an app, whether that is the Proton VPN app, Open VPN app, WireGuard app or something like Passepartout.
The OpenVPN app works with the OpenVPN protocol and thus with the OpenVPN configuration files.
The WireGuard app works with WireGuard configuration files.
Passepartout works with both, OpenVPN and WireGuard configuration files.
The team states on reddit:
By cursor movements we don’t mean mouse movement, but only the typing indicator. Mouse movement is not recorded. It is only shown when you choose to collaborate with someone by sharing access to view or edit the document to make the collaboration possible. Moreover, the contents of your documents including these movements, comments, and replies are end-to-end encrypted, so that no one, not even Proton, can see the contents of your documents.
Thunderbird mail syncing (without paid plan?)
No, the bridge is available for paid plans.
Thunderbird calendar syncing
Nope
Calendar sharing
With a link to anyone: https://proton.me/support/share-calendar-with-proton-users
With Proton users:
https://proton.me/support/share-calendar-with-proton-users
Easy move from google drive to proton drive
Not yet there, something like that is planned.
Sync android photos like google photos
Not sync but backup:
https://proton.me/blog/proton-drive-photo-backup-android
Offline file saving for specific files in proton drive on android
Offline availability in the Proton Drive app exists.
Sync with folder or mount on linux (smb or similar)
Out of the box not. rclone has some support.
See the discussion here:
. But this doesn’t really matter because autofill is almost completely non-functional anyway. Maybe 5% of the time it works. so you end up having to go back and forth copying and pasting username/email/TOTP
This is certainly incorrect and I wouldn’t be too much worried about that. There has been huge improvements since the realease. If there are certain sites that aren’t working, they can be reported to the team and it will be fixed. Same as with other password managers.
According to Andy the timeframe depends on the level of the integration they want to achieve. Andy said he could see an Ubuntu version arriving in the next probabably 24 months, longer to be at the point where the major linux distributions are supported and lets say 90% of Linux is supported.
TL;DR: No further info or ETA.
https://youtu.be/Dp7ght2fMR4?t=2584 (Interview is from December 2023)
Generally, as a Linux user, I’d suggest the interview above.
There is a reason this works and why another provider with static portfowarding removed portforwarding :)