- cross-posted to:
- privacyguides@lemmy.one
- cross-posted to:
- privacyguides@lemmy.one
Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates”
You must log in or register to comment.
Moving all my shit across Outlook to Proton took forever, I swear I’ll shoot a mf if I have to move email providers AGAIN
I was subconciously always thinking “man, imagine if Proton screws up some day and all the people who switched to it have to switch away, that would suck” but didn’t think it would actually happen, but man, with enshitification, it’s actually possible lmao
“Privacy is important, so you can follow our latest updates exclusively on the platforms that don’t give a shit about privacy”
Privacy isn’t particularly good in the fediverse. Any federated instance can track you as much as they want without you ever knowing or consenting.
Self hosting Lemmy is straightforward. Then subscribe to all communities and now you have a treasure trove of data to mine. If you modify the code a bit you can do more like keep deleted posts around or surveil user activities in real time.
Only if you use privacy as the opposite of public. “Privacy”, though, generally refers to counter/non-surveillance. It’s not surveillance to be able to access data that you explicitly publish publicly.
That’s not what privacy means. Mastodon is incredibly transparent that everything you do publicly is public - the threat model is very clear here.
Also you can’t compare public tool used for tool interactions to a suite of private tools that is Proton or any other service.
Finally if all of the data is available public for anyone to access this means it’s not exclusive to bad actors like ad machines, government spies etc.
Sure, but at least the fediverse doesn’t try to fill your browser of ads and tracking cookies
On a platform, that will ban you if you look at it wierd
TBF, they push the same content via their email newsletter.
due to limited resources
Either:
- We have lost our password
- Our C and V keys are broken and we can not copy paste our social media messages anymore
It might be the Control key which broke.
Since I have found it historically hard to engage on this (broader) subject around here, just yesterday I put together my own thoughts at https://loudwhisper.me/blog/proton-fediverse-burnout/
Personally, I did not see the value of their Mastodon presence, it was write only marketing communication, no engagement with the community anyway. That happened only ever on Reddit, which I think is going to continue being the case.
They push the same info via email newsletter, if someone really wants that stuff.
Either way, the post above covers my take on the whole drama, not just this last small chapter.
Read your entire post. You claim people will say you come off as an apologist and you do.
As a person who was seriously considered switching to Proton this just reminds me of why I should not. It is clear no matter what corner of the Internet we run to as long as it is into the open arm of corporations it is a mistake.
Blue sky, Proton, etc. are not a solution to a problem. They are just the newest version of putting lipstick on a pig. We need to move beyond corporate control and it is clear Proton, even being a nonprofit, is no solution.
I find your hand waving of the CEOs position particularly distasteful. There are a lot of CEOs out there that don’t decide to get all political. They don’t do this because they have an image or brand to protect. Maybe I just like a good illusion though.
In this respect I am glad he opened his ignorant mouth and showed he has no business commenting on politics. He is no political scientist, just another person drunk on his accomplishments trying to pretend he knows fuck all about anything.
Thanks for the response, despite the fact we disagree quite substantially.
I think it’s OK that different people have different points of view. Everyone’s opinion also should fit within a broader (political) praxis and strategy that they support.
There are a lot of CEOs out there that don’t decide to get all political. They don’t do this because they have an image or brand to protect. Maybe I just like a good illusion though.
This is something I particularly disagree, as you probably have already read. Ignorance on once’s position doesn’t mean that position doesn’t exist. I appreciate Jeff Bezos for example writing that memo (just yesterday’s published), compared to acting the same way without my full knowledge.
He is no political scientist
If this was the criteria to comment on politics, honestly we should shut down everything (including Lemmy) :)
Your don’t really have much of opinion except as an apologist. A devil’s advocate defender of corporate and political nonsense without stating your actual thoughts beyond, “it is more nuanced that that” is pretty disingenuous.
It is okay to have differing opinions when someone’s opinion smells like shit. All the while you pass out the verbal/written clothespins is really just your version of carrying water. I know, I know it is more nuanced than that. Only it really isn’t.
And yes, you should have a degree or really just some critical thinking skills before deploying your wanna be political commentary on the world when you are in a leadership position. Otherwise please keep that shit to yourself and keep it out of your business if you ever want my money.
I felt that was really uncalled for. The whole post elaborates quite a lot in thousands of words, and I feel like your summary is not really accurate. Unfortunately, I have no way to debate accusations that follow a circular logic, so I won’t attempt to do so.
Otherwise please keep that shit to yourself and keep it out of your business if you ever want my money.
I reiterate that I find curious that you seem to prefer ignorance of those positions, as if the reality is suddenly better if you don’t know a problem exists. You would rather pay for Proton not knowing that Andy Yen thinks what he thinks than having more information so that you can choose to stop paying. Obviously just an example, same thing applies to the WaPo or Tesla, or any other similar case.
There is nothing to debate because my summary and all your replies just reinforce my opinion of you. This is just my critical opinion though and it is not meant as an attack, but a wake up call. I appreciate the time and effort you put into this even if it is misplaced at best
We all know problems exist. We all know speech has consequences. A leader, particularly in business, has a special fiduciary responsibility to their business. If they choose to expose themselves as politically ignorant and supporting positions that are indefensible the consequences are they will lose business. This is all I am pointing out.
You conflate two things here which are a person’s right to speak their mind and their responsibility to bigger issues. I get you want to hear their opinions and then play devil’s advocate about them because that is just what you do.
You are clearly technically minded but you are also clearly not politically minded. Much like our errant CEO and reminiscent of when a US congressman tries to grasp web technology. They say a lot of ignorant things about tech just like Andy says ignorant things about politics.
Clearly you feel a kinship with this man because you are also heavily invested in the tech world. You defend him because you also admire him. No amount of debate or hand waving will change this immutable fact.
If they choose to expose themselves as politically ignorant and supporting positions that are indefensible the consequences is they will lose business. This is all I am pointing out.
Very easy to understand. But why should we (the customers, citizens, etc.) care? My interest is to have that knowledge, it’s the shareholder interest to have the business succeeding, and they take care of that. So why from your words you seem to imply that it’s “better” if they keep their mouth shut (and therefore protect the businesses)?
I get you want to hear their opinions and then play devil’s advocate about them because that is just what you do.
Unnecessary ad-hominem, which is also easily proved wrong. I hear the opinions of Musk, of Bezos (but also of Zuckerberg, of the Nvidia guy, of Altman and many others) and I am happy because with that information I can (and do) distance myself from their companies. In this case, I feel differently and therefore I take another decision. I like to think that I can critically evaluate situations, but if the conclusion I end up with is different from yours it doesn’t mean that mine is wrong by definition.
You are clearly technically minded but you are also clearly not politically minded.
You are clearly wrong about this. I have nothing to prove obviously, but you can easily also see that by just browsing through other posts on my blog, for example this. I will even go a step further and say that the purism and localism (as defined in this book) that emerges from your words is something I explicitly want to distance myself from, because it has proved to be a complete failure in terms of political battles.
I am referring at things like:
It is clear no matter what corner of the Internet we run to as long as it is into the open arm of corporations it is a mistake.
Clearly you feel a kinship with this man because you are also heavily invested in the tech world. You defend him because you also admire him.
I don’t. I actually can’t care less about him, and I barely know anything about him. My involvement is very limited to this case, and that is because wanting to understand inevitably forced me to learn certain things and inform myself. Please don’t assume other people’s positions.
You can only see better from your point of view that you want more knowledge. Keeping their mouth shut is what leaders do everyday to protect their business, their profits, their coworkers, etc.
I suppose you have to be a knowledgeable leader to understand this. We often thrust people into leadership positions and we end up with people like Andy as a result.
I don’t pretend to the arbitrator of what is right or wrong, but I have learned a lot in my lifetime and calling a spade a spade is something I believe is important. You take all this so personally and thus show a certain level of immaturity as you probably feel I display as well.
Your proof of your political commentary only supports my assertion that you are very technically minded. Your critique of cloud computing shows your technical understanding is profound, but does little to forward a feeling that you are politically minded. You state yourself you are just learning about this which is very clear.
Fuck Proton.
Will be missed /s
Proton can now officially go fuck themselves.
First, their CEO supports Trump. Then this, ditching Mastodon in favour of nazi-Twitter. Proton is not safe anymore and people need to migrate away ASAP.
Was it ever? I ditched them years ago when they tried to gaslight people that e2ee in javascript in browser is secure.
Security is hardly a binary property.
Given you mention the specific technical setup, I would say yes - that is secure against most risks relevant for most people.
At least, it’s totally fine according to my own threat model, where I looked specifically at broswer-based encryption vs “manual” encryption (I.e. using PGP tools locally).
It is nuanced, but having the ability to selectively serve malicious javascript stealing keys to specific people only on one access is considerable issue in practice, compared to distributing binary where you would generally have the same binary for everyone and you are able to archive and analyse it. Especially if you use third party distributions, like github releases or flatpaks.
Well, yes-ish.
An organization with resources to coerce or compromise Proton or similar wouldn’t have trouble identifying individual users “well enough” (trivially, IP address). At that point there is absolutely nothing stopping a package distributor to serve different content by IP. Not even signatures help in this context, as the signature still comes from the same party coerced or compromised.
Also most people won’t (or are unable to) analyze every code change after every update, which means in practice detection is even more unlikely for OS packages than it is for web pages (much easier to debug code and see network flows). The OS attack surface is also much broader.
In general anyway, this is such a sophisticated attack (especially the targeted nature of it) that it’s not relevant for the vast, vast majority of people. If you deal with super sensitive data you can build your proton client directly, or simply use the bridge (which ultimately is exactly like other client-side tooling), so for those very rare corner cases where this threat is relevant, a solution exists. Actually, in those cases you probably don’t want to use mail in general. So my question is, who is the threat actor you are concerned about?
All in all I think that labeling “insecure” the setup for this I think is not accurate and can paint a wrong picture to people less technically competent.
Bridge did not exist back then.
As for it being sophisticated attack, I think it is relative.
Regardless, if Proton said it did not matter to most people, I would respectfully disagree and move on. They did not. They claimed it is not at all less secure than a native app, which is BS.
I can see a threat model already from 2014.
Anyway, I think it’s a tradeoff that it’s hard to assess quantitatively, as risk is always subjective. From where I stand, the average person using native clients and managing their own keys has a much higher chance to be compromised (by far simpler vectors), for example. On the other hand, someone using a clean OS, storing the key on a yubikey and manually vetting the client tool can resist to sophisticated attacks better compared to using web clients.
I just don’t see this as hill to die on either way. In fact, I also argue in my blog post that for the most part, this technical difference doesn’t impact the security sufficiently to make a difference for the average user.
I guess you disagree and that’s fine.
doesn’t impact the security sufficiently to make a difference for the average user.
I think it is borderline. I am not advocating for PGP, I like the Signal model where you trust signal for introductions but have the ability to verify, even in retrospect. Trust but verify. Even a few advanced users verifying Signal keys forces Signal to remain honest or risk getting caught.
I think the lack of meaningful verification for proton is a significant security weakness, though average user probably has bigger things to worry about.
Lmao that second paragraph. This guy is not just a tool, he’s the whole toolbox.
To be fair, the only platform I’ve been banned from is Mastodon… because of political ideas
“We hate that our CEO keeps getting called out and slammed by our followers so we’re gonna stick our fingers in our ears”
Also good time to remind everyone Tuta exists :) https://tuta.com/
I’ve been using Tuta Mail for a few years now. No complaints. Most of the features you would expect. Lack of IMAP support is kinda disappointing but survivable. Their email security is very strong though — they encrypt every part of your email, including subject (some providers only encrypt the body). They’re also rolling out post-quantum encryption of email data at rest, which tickles my crypto nerd side.
They’ve still a loong way to go to match Proton’s product suite though, as they only offer Email, Contacts and Calendar for now. They’re working on Drive storage next, which is the main reason I currently use Proton.
Tuta is great, I will start from that. But they encrypt the subject line, in addition to the body afaik. It is technically impossible to encrypt “every part of the email” because that would break delivery (e.g., metadata such as recipient or timestamps).
This also has the cost of a nonstandard protocol (not plain PGP), with all that implies in terms of compatibility, maintenance needs etc.
That’s a fair point about the portability of their protocol. And yeah, you’re right that they don’t encrypt everything. I’d meant to say “they encrypt everything you can encrypt without making the email undeliverable” but my fingers decided to type something else.
They’ve still a loong way to go to match Proton’s product suite though, as they only offer Email, Contacts and Calendar for now
honestly that’s a plus for me, I’d rather they focus on a small set of products and do really well with them. before I left Proton I was wary of their scope creep, and then the crypto wallet shit
Funny that the crypto wallet also upset people in the space who like crypto. Because crypto, IF USED CORRECTLY, can be a privacy tool (because it is the main way to pay online that can be utilized without KYC). However, such people got upset not just with Proton broadening their product scope for no reason, but also the fact that Monero was not even considered, despite it having built-in privacy protections unlike Bitcoin, and overall being agreed on as today’s “digital cash”.
This is the first time hearing about Tuta, Thank you
Would’ve switched in a heartbeat with IMAP support but that’s not in the cards. Stuck with Proton for now.
Wait… neither Proton supports IMAP! (unless you install their local bridge)
Yeah I use the bridge.
A better way to put it is that email clients don’t support Proton. And I doubt any are going to make an effort to, unless the way Proton works becomes the norm. You would have to completely redesign the email client.
It’s far easier for everyone to write an app that can then be used by any email client.
Tuta is fantastic.
How does this factor in to all this? https://archive.ph/xoleo
Btw, their Mastodon account has more followers than their Bluesky and Threads accounts combined, both of which they are keeping. What a stupid decision.
It’s not stupidity; it’s censorship. They can control what gets posted on their own Reddit community. They can’t control what people are actually saying on the fediverse.
People need to realize that Proton has gone to the shitter; stop paying for them and migrate away as soon as possible.
And reddit has been extra aggressive in allowing mods ban users more easier too, as of this month. Now some mods are “cahoots with admins”
Hmm good point. Honestly didn’t think about that. In that case I’m surprised they’re keeping the Bluesky account up, the replies are 90% negative there.
Checked both out of curiosity and seems like they are active on twitter but stopped posting weeks ago on bluesky after their feelings got hurt there from ceo backlash.
I predict they will mostly be on X and Meta platform
They will leave Blue sky for twitter once , people find out as well, mark my words, and they will add Facebook eventually, since it’s still the place where right wingers flee to have more administrative control over their groups, of they get ousted from reddit
Does this have anything to do with the CEO expressing his support for Trump? I can’t imagine how, but there are some odd decisions being made at Proton lately.
Almost certainly, yes.
People on Mastodon are not happy about those statements, and called Proton out on it relentlessly with every post Proton made. This is Proton running away with their tail between their legs, back to platforms where they have more control and/or are already full of right-wing nutjobs.
If anyone’s looking for secure email, look at tuta.com instead. The email service is very similar in terms of UX and offers better encryption. They don’t offer the rest of Proton’s suite, but…maybe that’s a good thing? I mean, do you want to get locked into an ecosystem?
Tuta is really good. The push notifications work perfectly without delay on de-googled devices. top.
…“the reality is that Republicans remain more likely to tackle Big Tech abuses.”
Like doge having our social security and Treasury wallet+keys? >.>
He can suck my ass and nutts.
From a historical perspective, he wasn’t wrong. The republicans were looking more at big tech cause, in the past, big tech was very left leaning. Things have obviously changed but your quote misses that he was hopeful that Trump would do something for big tech. His hope is obviously miss placed after big tech started sicking his dick but doesn’t mean he couldn’t be hopeful
big tech was very left leaning
complete bullshit.
It was still a completely naive and idiotic thing to say and doesn’t show the forethought and strategic thinking that comes with being a good CEO, especially one of a service that could literally put people’s lives in danger if jeopardized.
So it’s naive to voice his opinion on what a Trump presidency could mean for the tech industry? Looking back to trump’s previous term big tech shunned him and Twitter even kicked him off the platform by the end of his presidency. Back then it pissed Trump off and he threatened all sorts of shit. I don’t think it was that crazy to think that he would still be upset about it and try to do something at the begining of December when Proton’s CEO made that post.
If you look at what proton is trying to do in terms of becoming a complete non-proffit that would have many safeguards in place to undo that change. I think it does show he has some level of forethought. The one caveat being that they have not completed that process and implemented everything yet so we’ll have to see if that promise follows through
Their damage was already done with that CEO statement (for me), since after those remarks I cancelled my VPN plan with them. I’m not someone who’s going to then follow them around and post negative comments on their Mastodon, X, reddit account whenever they post. I’m just going to walk away.
So, they will move to where their base is, just like trump did and they can sell there stuff to a smaller percentage of the market if they want. I will never understand why a company would actively try to cut their sales base in half or whatever.
They also can’t control the narrative on Mastodon like they do on Reddit and Lemmy through “volunteer mod” Nelizea. I’m glad I quit using them — they are becoming tech bro chuds (or maybe always were but just hid it better)
Especially since reddit is quite ban happy about political narratives right now, gearing the site like with Facebook, who only pushes right wing.
How do they control the narrative around here?
Reddit allows more control and is much aggressive in banning people sitewide as of recently. If you attempt to report a comment on reddit, you can get banned instead by the mod
They control moderation, as they also do on Reddit. I don’t know about Lemmy but I have personally been shadowbanned on their Reddit sub. They can’t do that on Mastodon.
In what way is Tuta’s encryption better?
Proton does not use end-to-end encryption for email headers. That includes the subject lines, senders/recipients, and other potentially sensitive information.
Tuta uses E2EE for email contents AND headers.
Consider for a moment what someone with access to your contacts and subject lines would know about you. For me personally, they would know which political campaigns and causes I donate to, and when. They would know when I see various doctors, and who they are. They would know my travel dates and destinations. They would know what newsletters I read (many of which are also political). Etc.
Sender and recipient can’t be encrypted e2e. How would the server know to whom deliver the email if those are encrypted and not visible to it?
AFAIK tuta encryption extends to the subject line only.
Still a nice addition, don’t get me wrong, but I believe you misunderstood something.
From their own doc:
The only unencrypted data are mail addresses of users as well as senders and recipients of emails.
Contacts and everything else is encrypted similarly in all “secure email” providers, including Proton.
Thank you for the correction.
Sender and recipient can’t be encrypted e2e. How would the server know to whom deliver the email if those are encrypted and not visible to it?
“End-to-end” is a bit of a misnomer in this case. Both Proton and Tuta apply encryption after receiving email in the general case, since email is not sent with E2EE across different providers (in general). Both Proton and Tuta can see your incoming email (body and all) from external servers in the general case — they just don’t store it that way. (This is different when sending email between two Proton users or two Tuta users.)
Yes, that’s absolutely true. Assuming a full PGP flow, (e.g., proton to proton) even in that case the recipient and other metadata (in tuta, excluding subject line) is still visible to the provider.
Hopefully the more people move to secure providers, the more the general case will be transparent PGP, but we are a long way from there…
Tuta it is then.
I used tuta for a while, while they are working the best they can, I ended up leaving the platform. The app, ui, desktop app are really annoying to me. I found their antispam really lacking too.
However their work is still very impressive and they were always honest.
Imo it’s more like leaving the town full of bullies… completely understandable, I would do the same. Insane amount of hate, for one mistake. People can only see black and white these days…
“One mistake” would be if he didn’t double-down on it, and if Proton addressed their customers’ concerns in any meaningful way. Instead, they deleted posts and are now withdrawing from the community entirely, and directing users to three of the worst corporate hell-holes on the internet.
With US aligning with Russia and North Korea and their party taking Kremlin talking points of refusing to say Russia is the aggressor it shows a huge lack of foresight that you’d expect from a CEO. Not like the party hasn’t been accused of being pro Russian years prior or stuff like Project 2025 plans to kill democracy.
This is some amateur stuff.
Agreed. I don’t support their decision to leave mastadon but I totally understand why they did it. Proton is on our side (as much as a company can be) so I don’t get why people keep ripping into them for something that isn’t true. He wasn’t saying he supported Trump, he just hoped the republican party would do something about big tech. Not gonna happen but we can all agree we hope it’ll happen
If you read the whole thing again, he is supporting Trump and the Republicans.
Here is the CEO’s post along with a link to an article with the twitter link.
Great pick by @realDonaldTrump. 10 years ago, Republicans were the party of big business and Dems stood for the little guys, but today the tables have completely turned. People forget that the current antitrust actions against Big Tech were started under the first Trump admin.
He is supporting Trump’s pick for a roll, fair enough. But the rest of the post, he is talking about how he hopes the republicans will do something about big tech. He isn’t endorsing Trump himself or his stance of policies. Far as I’ve seen he never has. He it literally just stating what the republicans used to be about.
No, he literally STARTED by stating what the republicans used to be about and then added a wildly inaccurate statement about what the republicans are about now.
But Trump was the first president (since the US tried to break up Microsoft) to seriously start thinking about fighting big tech. Obviously for dumb reasons (they hurt his feelings) but still, I don’t think that statement is inaccurate. However, it is true he isn’t the first politician to say something against big tech. Even so, he was in a position of power to potentially do something about it (even if he never did and likely won’t now given how much they are bending the knee)
And he didn’t even need to say anything at all which is the ridiculous thing lost in all this. It was amateur hour showing a huge lack of foresight you’d expect a CEO to have when it comes to things as simple as PR.
You must be new to the internet. People make a drama out of every little shit.
Little shit like praising literal hitler for some other things he did, besides the genocide.
Lol, here comes the drama. And I say that as a person on the opposite spectrum of Trump.
Your words, they smell of lazy deceit.
Just FYI, I’m not a Proton supporter (I find the way overrated), nor an American citizen, nor a MAGA supporter (quite the opposite, actually). I just use common sense. If you’re so stupid to believe otherwise it’s exclusively your problem. Keep crying and jumping from service to service for every little shit. Have fun.
:D apparently yes. it’s still sad to see. There wasn’t a single post done by proton that didn’t immediately derail into people blaming about “the issue”, and they just couldn’t stop. Not a fun time, and there isn’t anything the company can do to convince these people otherwise, they are just a lost in hate
Did he directly express support for trump? I only saw something along the lines of “the Republican party is better than the Dems because they will address big tech”. Albeit that statement itself is misguided in many ways, but curious about what his actual post said?
because they will address big tech
That aged like milk.
Yea agreed
I don’t think I’ll be renewing
Check your renewal date. Mine auto-renewed today without any prior notification that it was coming up.
If Proton does not refer to the Steam’s Windows adapter layer for Linux, I don’t care.
Follow us on Reddit
That’s where you lost me. Not for now, for good.
Yeah damn that hurts. Just signed up for tuta. I will be leaving proton soon I guess. A shame, I had just finished moving all my communications there…
Smells like non technical reasons
Wonser if the media manager there got fired or something. Should look at their jobs board
Proton just dropping the ball over and over again these days. That’s why I’m working on migrating from their sevices, then deleting my Proton account.
Me too, but I just can’t stand Tuta UX (unless it got better recently).
It’s a little better, but still not as clean as Proton. The mobile menus really suck.
But they’re good enough, so I use them.
