i have free proton accounts as am not loggin in to close them because lazy. but i havent really used it anymore...maybe for trashmail stuff. mullvad is cooler and 1$ rootboxes anywhere also. disroot,riseup and so many other mailproviders are cool too. i dont get why proton is so relevant to some. did you guys buy a lifetime package or why?
this post was submitted on 31 Jan 2025
183 points (89.3% liked)
Proton
5721 readers
6 users here now
Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.
Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.
Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.
Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.
Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.
Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.
SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.
founded 2 years ago
MODERATORS
I use Azire for vpn since they own their servers and let you use a plain old wireguard client. Before that I used Mullvad but I need port forwarding and a few sites I frequent blocked it for some reason. Only use Proton’s VPN for less sensitive stuff and being able to exit in lots of countries. The inconsistency in all the apps’ UIs sort of irks me, and the lack of a drive client for Linux is a negative.
I only recently finished migrating all my email to Proton so I’m probably leaving it for now. But I’m eyeballing replacements. His comments on X seemingly sucking up to Trump weirds me out… especially after the shock and awe shit show happening this week
Me +wife were seriously considering switching to proton, but we had been "considering" for like half a year. So while the transfer now has been officially put on hold indefinitely, that's in practice no different from how it was before :)
Have considered tuta but there are several reasons I'm not sold on that service - primarily that they manage to give me (who isn't a techie!) the impression (I might be wrong...) of a walled garden where all the benefits /convenience of the service evaporate (??) as soon as you need to talk to a non-tuta user.(??)
From your description it sounds like the feature you might be thinking of as walled-garden-ing is end-to-end encrypted (e2ee) emails, which they call "confidential". The idea is that you can encrypt a message and send it to someone. The message they receive is actually just a link to a publicly-accessible page that Tuta hosts. You give the other person a password that they can enter on that page to read the email you sent and respond to it. If your recipient is also using Tuta, though, when you send an encrypted email it just shows up in their inbox like a regular email.
This is the standard way to handle secure emails, and it's actually a limitation of the email protocol. The way you would send an encrypted message to someone on another email server is to encrypt the email with your recipient's public key. Then the message goes to their email inbox like a regular email and they can use their private key to decrypt it (which is what Tuta does if you're sending an encrypted email to another Tuta user--they already have the recipient's public key). Email servers don't have a standard way to send each other public keys for accounts, so if you want to encrypt an email you either have to get the recipient's public key yourself and tell your email software to encrypt the message with it, or have your provider send a password protected link.
I actually just switched to Tuta. You can still get and receive normal unencrypted emails. The encryption is optional and not enabled by default. I don't have strong feelings one way or the other yet on the service as a whole. They just added the ability to import emails exported from another service, which is usually something email providers do pretty early on. Currently it's only available at the $8/month tier, but it's speculated that they'll roll it out to the $3/month tier once it's stable. That'll be a non-starter for a lot of people. The client UI is simple but functional. It was easy to set up my domain so I don't have to go into each account and update my email address. Yeah, no complaints so far, but also nothing that blows me away. There's a free tier if you wanted to just poke around.
Of course, bolting security on top of email is going to be a challenge, and require trade-offs between convenience and security.
It's likely that there are aspects of how Tuta works that I have misunderstood, but based on my understandings, this is my take:
For my use case, I believe tuta's choice of increased security isn't worth the added inconvenience for the people I'm communicating with who have to access our communications through a separate webpage instead of within their normal email inbox. (Perhaps they can export the emails from that site, but if so, they'd be unencrypted on their machine unless the user took manual steps to reenceypt, no?)
Secondly, I do not, IRL, know anybody else who uses Tuta, but I know a handful of people who do use PGP (for example through Proton). That would mean that communications with them would need to be unencrypted, or go through Tuta's portal, just as if they were regular gmail users. In contrast, if I were to choose a PGP based encryption, communicating with them - encrypted - would be more convenient. Less secure? Yes, but as I said above, that's a trade-off that I'm willing to make. Not to mention, if I no longer liked the service next year I ought be able to move on without ruining access to old emails, or really, even seeing an interruption in ongoing email conversations. Yes, that does require a custom domain to work in practice - I've set that as a precondition for whatever service I'm going to sign up for.
Thirdly, I mentioned a walled garden. Assume I were to use Tuta for a couple of years. People I regularly exchange encrypted mail with have gotten frustrated by having to use the portal and signed up for Tuta as well. One day, I decide that I would like to move elsewhere for whatever reason. Now I'm the one who have to use Tuta's portal whenever I want to communicate with my friends, because there's no other service that I can go to, that's compatible with Tuta's encryption. That's why I consider Tuta to be a walled garden.
I am glad that they finally did add import/export. When I took the service for a spin maybe a year and a half ago, import and export wasn't yet possible and a another reason too why I didn't join them already in mid 2023.
(BTW, have they fixed the Linux desktop app so that it can be used on a hi-dpi (4k) screen without a magnifying glass? Back then, that app refused to listen to any display scaling commands. I had to reconfigure the display resolution from 4k to 2k to be able to interact with the app.)
That all makes sense. You described yourself as a non-techie, so I misunderstood and thought you had assumed that all emails had to go through their portal.
You're correct that Tuta doesn't support PGP or S/MIME, which I didn't realize. I assumed that any email service that has the word "privacy" on their website would support both. I don't use personal email for sensitive communications, so I'm not in the habit of using PGP or S/MIME, but still... come on.
Their reasoning seems a bit silly. They say they don't support PGP because it doesn't encrypt the subject line, and it doesn't support post-quantum algorithms or forward secrecy. That's, at most, a warning line in the GUI, not something you just don't implement.
They say they don't implement S/MIME because of EFail, a seven year old vulnerability. They can't confirm that all external services have a mitigation in place for it. But again, just put a warning on the UI. Could even build a list of external providers that mitigate it and only show the warning if the user is sending to a system not on the list.
There are a lot of places on Tuta's website where they say they're working on features but don't specify a timeline, and a quick scan through their github issues finds some conversations where they indicate developer resources are low and they're focused on post quantum encryption first, but they said that for years. Seems they didn't implement basic features because they wanted the one big QC feature. They stated in 2020 that they intend to support PGP and Autocrypt, but they removed those from their roadmap. They're not a current priority.
"Once our PQ-encryption is in place we can consider how to best interop with others keeping benefits of perfect secrecy and post-quantum encryption." So it looks like they're letting Perfect be the enemy of Good.
Yep, I can totally see the walled garden aspect. If you want PGP, Autocrypt, or S/MIME, find another provider until Tuta gets around to implementing them. A lot of their communications read as though they don't have enough development staff to chew what they're biting off.
ETA: I don't see any scaling option in their desktop app, but you can launch it with GDK_DPI_SCALE=1.25 (or some other number) to embiggen it.
There are a few alternatives in mind for me. Mailbox, posteo, disroot. Disroot is the only one among these with a free email. But posteo and mailbox do have cheap tiers. Posteo doesn't have support for custom domains last I checked.
That's just email. I've already not been using proton for almost everything else. KeepassXC for passwords, Addy.io for aliases, Syncthing and offline storage across my 3 devices instead of any Drive. VPN I rarely use so free proton is enough for that. Mullvad exists on the off chance I need it for a while (it's a constant price per month how many ever months you choose, and you can just "top up" with some amount and it will last you the appropriate number of days).
Mailbox and Posteo doesn't have their app in F-Droid 🤔
I know Tuta has, and just looked up Disroot, they also have...
You can use Thunderbird with Mailbox and I think Posteo too? Does disroot even have an app? Even their official pages directed me to other clients like Thunderbird
I was never on Proton. Back when I decided to degoogle my digital life I landed on a short list between proton and tutamail. So I deep dive into both. When I researched Proton it stank of corporate technobro culture. The crypto wallet, trying to be an everything platform/brand, style over functionality programming, the communications. It all reeked of corpo bs.
Their only pro was operating from Swiss legal protections. So I landed on Tuta. Not because they were any particularly better, but because they were focused on doing one thing and one thing only at a time. They were also more focused on features over marketing buzzwords which I liked.
I still use protonmail since it's hard to move mail instances after giving so many people my address but I've reconsidered my plans to switch to their vpn or paid plans.
load more comments
(4 replies)
I know this is lazy of me, but no. I was going to, downloaded tuta and everything, but I just switched this year and finally have it where I want it. I have my stuff forwarded from my old emails, and most of my important stuff has the email. I also failed to vary my programs, so it's also my VPN and password manager. Even just getting starting with the email was giving me a headache.
And, honestly, the vpn is better than mullvad (to me). When I was attempting to switch, I started with mullvad, but it was so much slower. And I had issues on sites I normally had no issues with. I'll keep the resources and maybe start transferring little by little as time goes on.
No, I wouldn't switch unless it compromise my privacy. People are overreacting and politics makes them sensitive.
No. Because for some stupid reason, my bank will only accept a proton mail address.
Yes, I canceled my Ultimate account. Andy can believe whatever he wants in private, but publicly stepping outside of non-partisan policy advocacy at this exact moment in time was a red flag, doubly so because he espoused his personal politics through an official business account in his response to the Reddit thread.
Email/calendar went to Tuta, AirVPN for VPN, BitWarden for passwords. Everything is encouragingly smooth so far.
Fair warning: Tuta's email import is very new and only available on the more expensive tier at the moment (not sure if that's permanent). I didn't have any problems, but there were some issues a few weeks ago.
I do think people are over-reacting to Andy's words and assigning him political views he didn't express. He didn't endorse Trump or the Republican party at large, and definitely didn't "go full MAGA" or express Nazi sympathies. His statements about Democrats I partially agree with and partially disagree. His remarks about the priorities and actions of Republicans, though, were pure tailpipe-huffing fantasy. Being able to say these absurd things in public--under an official business account no less--shows poor judgement and implies he might believe other absurd things he isn't willing to say publicly.
Another factor in my decision: Proton's privacy policy specifies they can modify the policy at any time with no notification to users, and deems continued use of the services as agreement to the updated terms. The updated terms they didn't notify you about.
That being said, no service provider is perfect. I don't think Proton stores enough data to really be a concern if they turned over everything they have. But this whole thing is based on trust. Even with their clients being open-source software, you're trusting that they always serve the same browser scripts that they published. You trust that the password you provide at key generation or login isn't ever passed back to their servers. You trust that they don't keep unencrypted copies of your emails, files, or VPN activity. You trust that they aren't going to modify their privacy policy and quietly undo protections you thought you had.
The way Andy responded was enough to question my trust in the company with him at the helm. I didn't leave as a heavy rebuke, just as a "do better". There are plenty of other companies which provide equivalent services. That's the risk companies take when a major part of their market is ideological people: if you chafe their ideology they're more likely to put the effort into leaving.
I am currently still using their stuff since my husband and I just purchased a longer subscription as a bulk purchase, but we will not be renewing and I am actively researching alternatives for the VPN and emails.
The emails is the more difficult part for me, because everyone suggests hosting your own on your own domain, but to me that just seems like a great way to have any site you tie your email to to be directly linked to your house. Unless I am massively misunderstanding how that would work, in which case any resources would be greatly appreciated.
You don't have to self-host email (which is a pain) with a custom domain. Most of the providers will let you point your domain's email at their servers, with a few DNS entries. The major (IMO) benefit of that is that your email address is decoupled from your email provider, so changing providers in the future doesn't require you to tell all your contacts.
Thank you! This helps, and while it doesn't solve the issue of the @ being recognizable, it does solve a lot of issues.
You would need to register your domain with someone who offers privacy from Whois lookups (they all should). Your contact information will be discoverable with a subpoena. A mail relay like Duck or Firefox would be an additional layer of anonymity but idk how they will respond to law enforcement
load more comments
(2 replies)
Mullvad VPN has worked well for me.
I was looking into proton as an alternative to Google. I am no longer looking at them because of Andy's comments and doubling down. I feel like I'm giving enough companies with questionable ethics my information and money without giving it to them too. If the company wants to come to a consensus about making a public statement that separates them from his comments I'll consider those when they happen.
honesty seems like a overreaction, if proton's goals and actions don't change I'm fine with staying (even if I disagree with trump). it's one person on the board not the entire company as well. however I have considered leaving proton due to bad linux support and no de-googled notifications. afaia proton is the cheapest for what I use it for (vpn+mail+email aliasing+drive (barely using it due to no Linux client)), please tell me if I'm wrong. protonvpn has port fowarding support which I use to host servers sometimes.
As a Linux person, I, too, am somewhat tired of being treated like a second-class user. Having no Linux client for Drive is a real pain.
This is the single-most annoying thing with Proton for me. Give us a Linux client for drive already... 😭
Supposedly rclone can work with Proton Drive, but for me at least, it seemed way too complicated to set up.
Yes, I tried to set it up before, but wasn't successful either. So I decided it's not worth putting hours of work into it, to make it work in some hacky way that will break down anyway any chance it gets.
I am still with proton since the owners being pricks doesn't change the reasons why I like them for my email: They have made it clear what they will and won't give to authorities and I can act accordingly.
That said, I did look into going mullivad+tuta but decided against it. Since tuta requires you to use their desktop client if you want an "offline" copy of their emails and that just seems like a mess when they inevitably do something shitty and I need to wait for "support" to get back to me for why I can't download my emails and go elsewhere. Whereas I can just keep the bridge running and open thunderbird every week or two with proton.
can you post their reply here on lemmy?
would be interesting to know what they have to say
No, I literally just moved to proton like 3 months prior to the comments and still in the process of moving my less used services to the new email from my Gmail. Not really willing to do it all again so soon. Maybe if something else happens which is more serious, but a single event is a bit much to make such a large decision in my opinion. If it's systemic and continues to happen then yes I will think about moving.
I downgraded from the Ultimate plan because I don't really need the VPN. It hasn't exactly achieved much because now I just have additional credit on my account.
If the CEO hasn't been replaced by the time my annual subscription comes up for renewal I'll migrate elsewhere. It's a pain because their email and calendar are half decent but I'm really not impressed with the company's failure to take responsibility.
I think leaving would be an over reaction.
Edit: I hope all of you downvoters don’t use WhatsApp, Facebook, Instagram, YouTube, Google Search, Android, iOS, Amazon, etc, etc. Otherwise, you’re a bunch of hypocrites. Every single major tech CEO gave Trump $1 million and SAT at his inauguration.
They did do some damage control. But it was a pretty terrible thing for the CEO to say.
load more comments
(4 replies)
i was using both proton and tuta, now i privilege tuta.
I moved many people from google to proton, from now on people i convince will move to tuta.
you don't move in a week, you decide to move and start modifying your @ on all the sites and offices that contact you through that address. One day, you realize that it's been months since you last needed your older address and you delete.
load more comments
(3 replies)
I've switched from Proton Drive and Calendar to Nextcloud, which is an upgrade.
I've switched from Proton Pass to Vaultwarden, which works just as well for me.
I've switched from Standard Notes to Memos, which has also been an improvement for me considering my notes needs are pretty basic and Memos fits perfectly.
That leaves Mail, Simple Login, and VPN. I have alternatives lined up with Tuta, addy.io, and Mullvad, but I haven't pulled the trigger yet. I would be paying more than I am now with Proton (2 year plan) and it would be a massive pain to switch email providers.
I'm considering staying with Proton for only those services, but on thin ice. If they fuck up again, I'm absolutely out.
I may end up switching anyway however. This situation has left a bad taste in my mouth, and if I have the motivation and time to deal with migrating one day in the near future, I might just do it regardless. We'll see.
I honestly wasn't going to switch, but him being backed up by the official account was iffy. Even still, I wasn't necessarily making moves to switch. But I tried to use a new card to pay for my Proton subscription, and it wouldn't verify. I eventually had to make a Paypal just to pay my bill and avoid losing access to my account. So I kinda decided, "fuck it, they can't be that shitty of a company and get my money still."
I was kinda planning to switch, just not urgently. But now, I hope to be fully moved over to Tuta Mail in the next few weeks.
load more comments
(1 replies)
Cancelled auto-renew. I have a year and half to find alternatives. I'll not support this company anymore.
Personally I switched off of VPN to mullvad at least, and am looking into self hosting bitwarden and using tuta (and now addy.io too thanks to a comment here). Honestly I'd been considering switching for a bit anyway just to be less reliant on a single service for everything, so this kinda validated that since even if this specifically isn't a dealbreaker something else could definitely end up as one. Even if I don't fully move off of proton because moving emails is so annoying, it will still be nice to at least have some other options set up.
I canceled the night of and moved to a combination of Mailbox and Tuta (trying to diversify a little). I also provided a colorful reason for terminating to make sure they knew exactly why.
So far they each have their quirks, but overall I like them. I also set up two domains for email so that the next switch won't be as jarring (since I can just keep using the domain addresses).
I already used Mullvad for VPN, so that was a non-issue.
For email, I landed on Tuta as being the closest in feature parity and signed up for the €3/mo plan. Been pretty happy so far and was pleasantly surprised to see both the email and calendar apps were available on F-Droid. Personal bonus for me was they also run on renewable energy.
So far the only con I've found was lack of support for +aliases (e.g. [email protected]) but the 15 additional email addresses help to offset that.
load more comments
(2 replies)
I'm moving to Tuta, and bought some domains to use as custom domains. Accidentally clicked yearly instead of monthly in Tuta (cuz I don't want such a long commitment yet), and it doesn't let me change it to monthly, so I have to message support and ask them to change it back to monthly, 24 hours has passed and still waiting for a response... Proton usually responds within 24 hours... 🤷♂️
Edit: In like 12 hours, it'd be 48 hours... so... 👀
I sent another email to make sure it went through.
If their response takes longer than like a week, I'm gonna have to look for something else...
load more comments
(1 replies)
I'm grandfathered in to the old pricing for Proton Unlimited. I ain't cancelling until they pry the service from my cold, dead hands.
I'm in pretty deep on the email side to the point where leaving would take days or weeks of effort. I'm not above making that effort if I think it's necessary though. I do not yet think it's necessary.
I did just start using my second Proton product, Standard Notes, around two months ago. I'm not honestly sure if I'll renew it when it expires - we'll see how the year goes. I honestly have very little expectation that Proton is enshittifying or turning evil. I'll be very surprised if it becomes a recurring pattern for them.
load more comments
(2 replies)
I see a few people who don't want to switch due to the hassle it would take with changing email addresses, presumably because they use one of the @proton.me email domains. Get your own email domain! It's super cheap (if you choose one of the new TLDs, it can be as low as few dollars a year), the setup isn't really hard - you just change a few DNS values, and that's basically it - you can use whatever email you want that ends with your domain. It might take a while to slowly replace all your @proton.me emails with your domain one, but if you're not in a hurry and change any old mail you see during your day-to-day activities, you'll eventually be done with it, and you can set up mail forwarding to your domain for mail that arrives to your old @proton.me address.
And if you ever need to move to a different provider, you just change the DNS records again to a new provider, and your email will start coming to the new one immediately.