F/OSS hacker, mostly working on #OpenVPN
- speaks only for himself.
ex-Twitter account (now inaccessible): https://twitter.com/DavidSommerseth
“Don’t aim to be someone. DO something.”
#nobridge - because I believe in the real #fediverse, and I don’t want my own views/data to be abused by yet another “closed-service which can do whatever it wants for profit”.
**If you want to follow me**, you will now **MUST** have some content on your profile where we have some common ground on interests. I will no longer accept random profiles wanting to follow with no toots or no other follows or followers in the same interest sphere.
I kinda struggle to believe it’s that difficult. I mean, Tresorit has a pretty good and functional Linux client. What have they done which makes it sustainable for them?
Filen.io also has a pure sync-client, which is distributed as an AppImage. This also works, but the FUSE integration Tresorit provides is quite awesome and performing quite decently.
I would actually recommend Proton to start the development on an older Linux distro. Like RHEL/Alma/Rocky 9 or Debian 11 (which is EOL, though) and make it run there. Moving from that distro to newer distros will then go smother and you’ll get other distros supported quicker.
The mistake too many Linux efforts does is to take the “latest and greatest” distro version - often coupled with what a single Linux developer considers the “most used distro” and then hits lots of challenging when needing to support older distros. That’s going to be painful.
@protonprivacy Please take note and forward to Andy and other managers.
@Dave It actually works quite nicely with Tresorit. And the latency lag is acceptable.
I’ve been doing this via Rclone + Jotta Cloud with Rclone encryption, which still works better than Rclone + Proton Drive. But not as smooth as Tresorit. Rclone + Backblaze B2 + encryption is also better than the Proton Drive approach.
I’ve also used this approach in read-only mode with @borgmatic too, which is a great way to restore data from a backup. And that’s almost as smooth as Tresorit (even though a very different use case).
I’ve used Rclone with Proton Drive to mount a directory … it is dreadfully slow. Maybe directory/file sync (where copies are both places) are better.
I cannot recommend Rclone for Proton Drive in “mount mode” currently.
@protonprivacy This is why I’m still using Tresorit on Linux … One of two reasons (the other one is access to shared folders with read/write access).
I can understand the confusion. But it kinda makes sense… if my hypothesis is correct.
Proton Drive has the concepts of “My Files” and “Computers”. Files stored under “Computer” (where you can have synced files for up to 10 computers, according to docs) tracks the files for each computer individually.
So when you uninstall Drive and delete the files, they are only stored in the cloud. But after reinstalling it again, it sees the files locally for that computer is gone … so it gets removed in the cloud.
Had these files been moved to “My Files” in before the reinstall, this should not have happened.
At least, that’s my theory.
Here. I found a suitable profile picture for you.
So once again it is basically a premature announcement; since all of those features already available, already exists in the ordinary Proton Business plan … As none of them are basically Pass specific.
And the difference then between “ordinary” Pass and business “Pass” is zero … Both have unlimited vaults and 2FA in the more costly plans.
What is the difference between Proton Pass for business vs ordinary Proton Pass?
To me it looks like “same sh*t, new wrapping”.
Uhm … ever heard of Computer Science at universities and such?
Just one quick example:
https://www.eecs.mit.edu/research/computer-science/
So I spent a little bit time to dig up what Notion is.
This is what I found when searching for it … https://www.notion.so/about
And I honestly have no idea why Skiff would be interesting for Notion. From what I can grasp the only Notion features overlap are Skiff Pages and perhaps Skiff Calendar. It’s so off I struggle to fully grasp this.
First of all, Notion is not a service talking about privacy at all, afaict. And that was one of the main arguments Skiff had.
And then the first thing this merges states is that Skiff services are closing down.
I hate to say this, but Skiff founders couldn’t really have cared that much about privacy then, when they chose to close down so quickly and abruptly like that, without a continuation plan on bringing privacy to Notion.
I believe the Skiff founders, if they really cared strongly about privacy, realised their service was not sustainable in a longer run, with too high running cost and too low income. In addition they might have seen that they would need to invest a lot more into further development and that it was too hard to improve their revenue stream. So the alternative was either to go down with a bang (bankruptcy), or they could sell “something” to another company and make it sound nicer.
Right now I just wonder what Skiff managed to actually sell to Notion. Most likely manpower, if I should guess.
Tuta seems to be driven by idealists and privacy activists as well. AFAIK, they also don’t have venture capital and their user base of paying users is what keeps them alive. Which is also why it’s still a small company.
I don’t recall how Tuta got their initial funding to get startet. I don’t think they were crowdfunded in the same way Proton did.
But the idealsism goals of both Tuta and Proton is what generally makes it less likely they will sell out.
AFAIR, Skiff was VC funded. The idealism of the founders are easily ignored when the VC backing wants to cash in on their investments. And that’s what happened here, in some way or another.
Proton and Tuta has similar challenges most others don’t care about (including FastMail) - End to End Encryption. That itself is a pretty hard nut to crack. FastMail and similar services don’t need to think about that, which makes their services simpler.
I would also not claim that Tuta has a quicker development cycle. They had a round recently where more features were highlighted. But that’s an exception. I’ve had a Tuta account for years as well, to test it out, and both the webmail and Android app is still not that feature rich.
And Proton delivers new features and updated apps quite regularly now compared to just a few years ago. Can it be better? Yes, of course. But still, they are doing alot than just 2-3 years ago. And 2-3 years was even better than the years before that.
Also consider that Proton delivers on a broad range of products and services. Mail, Calendar, Drive, Pass and VPN. Tuta basically has Mail and Calendar, where both of these Tuta services being fairly reduced in features still.
My experience (mostly using Mail and a little bit Drive these days) is that Protons releaes are also pretty solid. It’s extremely seldom I’m hit by bugs these days. To have that kind of quality requires quite some QA efforts. I’m not claiming the other services are equally good, but Mail and Drive is now very stable - and Mail is especially crucial for my 15-20+ users abd myself.
Finally, Proton serves more than 100 million users by now. Tuta has reached a bit over 10 million, IIRC. That requires Proton to have more staff on support and operations tasks. So even if Proton has more than 400 employees, that’s not 400 developers.
I need to look at that video (thx for the time marker). So my comment may miss his point.
If Linux is so hard, I wonder how Tresorit manages it quite nicely across multiple distros. They use fuse to mount the remote repository.
And the file attributes on files/dirs have a standardised API via libc and kernel syscalls. This is needed for the sync capabilities, to have data locally and in Drive. These APIs are identical across all distributions and are file system agnostic. Otherwise the tar command would have had a really hard challenge to be so widely useful for both file distribution as well as backups.
But I’ll catch up on the video later.
@case2tv @unruhe @Tutanota @protonprivacy
A while ago, I summarised my mailbox.org impression … https://infosec.exchange/@dazo/111453908525787194
TL;DR … Proton is way ahead of most competitors in overall user experience and ease of use, and yet providing a pretty good feature set.
I thought a bit more on these complaints since this post. And I realised these complaints can also be ignored by applying some basic mathematics and common sense.
Proton has more than 100 million users by now. So let’s say 100 million in this example. How many public complaints would it need to be from these users to really “catch fire”? Meaning - how often do you read about complaints and from how many users? More than 100.000 users? Okay. Let’s say there are 1 million dissatisfied users.
If half of that million users complained loudly on the Internet, I would say that would probably be quite noticeable. Media would most likely pick it up, and it would brew up to media storm right?
Have you noticed anything like that? Do you see that many users complaining?
And if yes, that would still only represent 0.5% of the whole user base of Proton. If you include the other half complaining “silently”, it would represent 1% of the Proton users.
That still leaves 99% users which are at least to some degree satisfied with Proton.
Even if you pull it up to 20 million dissatisfied users, they would still be in the minority compared to users finding Proton’s services being just fine. And 20 million dissatisfied users - that would definitely have caused some media traction, don’t you think?
They could even have a Fedora Copr repo, where they push out the updated .spec file and get a proper package build for all Fedora, RHEL/CentOS and more distros. With proper RPM packaging and repository. Push a new build and all users gets an updated package at their next update cycle.
That’s a reasonable path to get started with preparing packages to become part of the native yum/dnf repos at least. And that across a lot of distributions and releases in a single go.
@protonmail could start by actually attending various open source conferences. There are several of them only in Europe. #FOSDEM is the largest one (actually happening this weekend), @devconf_cz is another one, with lots of #Linux distribution focus as well.
Sending HR folks and developers to these conferences, having a stand somewhere, meeting people is a solid way to find new hires with a specific skill set.
Yupp, that’s my understanding as well.
But Proton also insists on doing the packaging and distribution of it outside the ordinary distribution paths Linux distros uses (apt/yum/dnf repos or flatpak) … So they waste time and energy on getting stuff working properly across a broader range of Linux distributions.
The end result will therefore most likely be a poorer user experience where some features don’t work well on some distros. Depending on how their “package” will manage to integrate on the distro installing it.
Where did they say that? They don’t even have possibilities for remote work?
@Prototype9215 @LunchEnjoyer @LinkOpensChest_wav
That’s what really happens when @protonmail insists on doing everything on their own, not even doing the continuous development in the open. They provide source code updates only on stable releases, and even that can be delayed some days until after the release.
That’s not how you build a community of users, developers and package maintainers.
Had they instead spent resources getting their Linux packages into the native package streams for the most important distros, they would have solved more bugs earlier with help from the community.
That is probably the most disappointing aspect of Proton. They still don’t grasp how to interact with a broader community, to get real help.
They would still need to review contributions, just as I expect they do with changes from their own employees. So it wouldn’t reduce the security.
Also, they can’t really hide behind the code not being ready to be published; they code is being published in the end.
But they really miss the opportunity to get their packages into the standard Lunux repositories. Which would help resolving all the incompatibility issues they now have with certain Linux distributions.
On top of that, all the needed tooling required already exists. It just need to implemented correctly in their processes.
Just do me a favour, don’t follow all the suggestions from random blogs, wikis and such. There are tons of them, the vast majority is rubbish and too often even making things worse or harder to cleanup afterwards. Most of it is even out of date.
@nixCraft is one of the saner ones to pay attention to. Or read the blogs and docs for #Fedora or even Red Hat Enterprise Linux (aka RHEL). The latter one goes through quality checks, often done by tech people knowing their stuff.
Linux Foundation and Red Hat also got some free courses too.
A few starting points:
https://training.linuxfoundation.org/training/introduction-to-linux/
https://www.redhat.com/en/services/training/rh024-red-hat-linux-technical-overview
https://access.redhat.com/products/red-hat-enterprise-linux/
Yeah, some. You need to learn some new tools, like ssh, command line usage and how to keep the system up-to-date. That’s the bare minimum. Then it’s good to learn a bit of network firewalling, to secure the host better.
Then you need to deploy a VPN server. OpenVPN Access Server is easily installed and can help settings things up reasonably quickly. The unpaid install allows you to have 2 devices connected at the same time.
Alternatively, there is the Cloud Connexa service. That will function a bit more like the Proton VPN Secure Core when fully set up (you can can connect from your devices from a different region from your VPS’s location). You run a few commands on your VPS which the Cloud Connexa wizard setup guides you through. The free plan here includes 3 connected devices (in your case VPS + 2 devices).
With both alternatives you can install the OpenVPN Connect app on your devices, provide the username/password/otp for the account you’ve created in Access Server or Cloud Connexa, and you’re basically ready. The Connect app downloads the proper config file and you can connect just as the consumer VPNs.
There are few alternatives to Proton Drive. Filen.io is the closest one in features. But it’s a small company, so it development takes time.
Another alternative is Tresorit. Feature wise it is far beyond Proton Drive and Filen, with more advanced sharing possibilities. But it’s quite expensive, closed source and uses Azure under the hood on the server side.
Filen and Tresorit are the only ones with Linux apps. Proton Drive can be accessed via rclone, but that is quite slow tbh.
Regarding Proton VPN. That is probably the only consumer VPN service I’m willing to give some trust. But consumer VPNs are in general questionable services. They promise a lot more than they can really deliver.
Since I trust one of the ISPs I use where I live, I host my own VPN server there and use that instead. I would even claim that you probably get a more reliable with the same type of privacy if you just use a VPS host in a trusted country and set it up as a VPN server for only your own stuff.
This one is worth a read: https://gist.github.com/joepie91/5a9909939e6ce7d09e29
VPNs do have a purpose, when used correctly and for the problem a VPN was designed to solve. Consumer VPN services generally falls out of that scope.
So I use Proton VPN only when my direct access to my own VPN server is inaccessible. And I use Proton VPN to get through restricted networks, so I can get a connection to my own VPN server (double tunnel/tunnel in tunnel).
@unruhe @Tutanota @protonprivacy
Give both a shot. Both are the only ones (I know of) having zero storage access as the only option; meaning #e2ee is enforced. You may have mailbox.org as a third one (E2EE must be enabled manually there).
I ended up with Proton as I experienced it far more feature rich, flexible and mature. And the Bridge is a must for my use case. In addition, it builds on PGP which can be used to have E2EE communication with people outside of Proton. (yes, I’ve tried Mailvelope with Tuta; that does not work at all. And doing it manually with copy/paste and PGP in an ordinary text esitor is a waste of time and also turned out error prone one the receiving end; Tuta mails gets mangled on the way).
But if you’re a very lightweight mail user, Tuta might fit your need. I generally think of Tuta more like a messenger service with SMTP transport support.
Also beware, importing mails to Tuta is still not possible (unless that has changed the last months). And exporting mails are also a mess. I have migrated one user from Tuta to Proton, and I had to manually fix mail headers to get them imported. The mail export was quite poor, tbh. It took me longer than importing a handful of users from a Zimbra server to Proton - using the same Proton Mail Import/Export tool.
Finally, I just want to mention that Tuta is a company with less than 20-30 employees, serving something like 10 million users. Proton is probably closer to 500 employees these days, serving more than 100 million users. So these organisations are quite different. Which also means they have quite different approaches for developing services further and capabilities to handle sudden challenges.
@LinkOpensChest_wav @helenslunch
I’ve done the self-hosting of e-mail for over a decade. But it got so annoying and troublesome in the end it was a delight to migrate to Proton (because of all the spammers making this whole e-mail infrastructure a nightmare).
Incoming e-mail is still doable for self-hosting. But outgoing is getting incredibly hard when you’re a tiny actor; you get blocked by all these larger mail providers (gmail, hotmail/outlook.com, yahoo) and your just lucky if you’re able to get in touch with anyone willing to look into the issues. Most times you get a mail template back claiming a bad IP address/range reputation (despite being able to document it several years back). The worst one even claimed I did aggressive marketing spam (which would be absurd for the handful users I served, used it for private emailing). And then they close the support ticket and ignore you.
Proton is definitely big enough to fight back such abusive behaviours by these large actors.
@unruhe @Tutanota @protonprivacy
I dunno. I more often feel people who complain loudest about poor support comes from people who want a specific outcome but gets angry when they don’t get what they want and expect. And then let their steam out in social media angling it in a way that they are the victims.
And this trend isn’t specific to Proton, but more as a general impression.
The best way to check the support level is to actually reach out to them with an issue and then see how they respond to you.
@unruhe @Tutanota @protonprivacy
I’ve been in touch with both. I’ve let Tuta behind. The Proton support was superb. It was delightful to actually be in touch with support personnel actually understanding how e-mail and the delivery mechanisms work. Solved my issues pretty quickly.
But was on Proton business and Visionary plans when I reached out, so the support level expectations are quite higher there.
Yes, I’ll be hanging around _here_ 😁
I’ll contribute when something interesting appears in my streams.
All this conversation is happening on Matodon in my case. I don’t even know or care what Lemmy is.
You’re the one who said “Here”. And to me “Here” is on Mastodon.
Be precise in your questions if you want precise answers.
Yes. In fact, you can see their replies here, if you had bothered checking:
https://mastodon.social/@protonmail/with_replies
They reply when they have something to say. They don’t reply just for the case of replying.
I’ve received several replies from them.
@fluckx Yupp … and this is the lamest excuse I’ve seen in a long time …
This is bullshit and they try to hide it. And they know it.
That Proton logo font is unique to Proton. These guys have studied this post: https://proton.me/blog/new-visual-universe
@protonmail @protonprivacy Don’t let this pass. Let these guys feel they’ve trespassed into the wrong garden.
You know Proton has grown big when others take the time and effort to create scams like that.
It’s no longer a tiny operation which is easily ignored or forgotten.
Question is what kind of scam is it? It looks like a crypto scam on the surface. But could it be more? Password phishing? Session hijacking?
@BartrandDuGuesclin @monty33
Have you tried Proton Docs? While not the exact same thing as Standard Notes, the editing and history seems to be quite similar. All “notes” files are stored in Proton Drive too.
Or are there other features in Standard Notes not to be found in the Proton suite?