this post was submitted on 26 Jun 2023

-11 points (38.3% liked)

Privacy

30749 readers

1153 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

-11

Suspicious of Proton (latte.isnot.coffee)

submitted 1 year ago by [email protected] to c/[email protected]

21 comments fedilink hide all child comments

Have people noticed how much popretary java code ProtonMail requires when using a web browser for email?

Also, why the required login on their free VPN service if they are all about privacy and encryption? Why do they want someone's network traffic in order to use their free VPN?

Over the past 6 months my suspicion grows bigger and bigger of who is behind Proton, the agenda behind starting the service, and how it caught on? Why don't free encrypted anti-government services catch on?

Until ProtonVPN removes login requirement and release VPN server code under open source license like RiseupVPN or CalyxVPN which are anonymous VPN's, no account, I will choose to treat Proton like a spy agency.

all 26 comments

sorted by: hot top controversial new old

[–] Dark_Arc 51 points 1 year ago (1 children)

Have people noticed how much popretary java code ProtonMail requires when using a web browser for email?

You mean JavaScript; particularly, https://github.com/ProtonMail/WebClients.

Also, why the required login on their free VPN service if they are all about privacy and encryption?

Because they need to limit how many instances of the VPN you're concurrently accessing somehow.

Why do they want someone’s network traffic in order to use their free VPN?

To use a VPN, you by definition are giving someone your network traffic.

Over the past 6 months my suspicion grows bigger and bigger of who is behind Proton, the agenda behind starting the service, and how it caught on? Why don’t free encrypted anti-government services catch on?

I'm not even touching this...

Until ProtonVPN removes login requirement and release VPN server code under open source license like RiseupVPN or CalyxVPN

That would be meaningless. You login to a protonmail account, which you can create anonymously. The server code can also never be verified to be what's running on the servers.

I will choose to treat Proton like a spy agency.

Go for it.

[–] [email protected] -5 points 1 year ago (5 children)

You did a good job to rebutt everything I said, props!

I'm good with letting all of your counterpoints stand on their merits.

I still do wonder how Proton caught on over other encrypted emails and why American government has not gone after Proton like they did with Lavabit, which I did use and then one day all my emails don't exist anymore.

[–] [email protected] 20 points 1 year ago

why American government has not gone after Proton like they did with Lavabit

Lavabit was based in the United States. Proton AG operates entirely in Switzerland. Ostensibly the US government would have to go through the Swiss court system to get anything out of Proton.

[–] Dark_Arc 11 points 1 year ago* (last edited 1 year ago) (1 children)

Others have already touched on the jurisdiction issue.

I'm also going to note, in the last 10 years a lot has changed. E2EE has gone from something that's fringe, to something integrated integrated into lots of products. Signal, Proton, and others launched in the wake of the Snowden revelations. Lavamail was Snowden's email provider.

It's kind of like being the "hipster nerd" playing D&D before D&D was popular vs playing D&D post popularity... It's pretty obvious to most people in 2023 that D&D isn't for demon worshiper, as it's pretty obvious in 2023 that E2EE isn't just for criminals. In other words, the value proposition of ProtonMail isn't as "sinister."

I personally suspect the US Govt (in terms of federal agencies) is adapting to the presence of encryption vs trying to kill or weaken it at every turn (similar to how Microsoft stopped trying to stomp out open source code). 9-11 was a very very very bad thing (and arguably why the US is one of the worst countries to host a privacy service). However, the "big one" when it comes to cyber attacks could be even worse (and I'm pretty sure there are people at NSA that understand how E2EE plays a role in securing the nation -- they're not dumb people after all).

Proton is also a larger company than Lavabit (I suspect), and with that comes lawyers, and money to feed them.

So long as ProtonMail isn't primarily acting to serve organized crime... I suspect "there are bigger fish to fry."

[–] [email protected] 8 points 1 year ago (1 children)

I get ya, and thank you for thoroughly articulating, I enjoy the discussion. And that's all I was looking for, a discussion, and not kick off a grand conspiracy.

[–] Dark_Arc 9 points 1 year ago (1 children)

Fair enough; I admittedly mischaracterized you and perhaps responded with a bit too "harsh" of a tone initially. I apologize.

[–] [email protected] 7 points 1 year ago (1 children)

I took what you said as honest discourse and dialogue. Maybe the slightest tone of being harsh, but I took what you said as nothing more than an knowledgable rebuttal, not criticism. Seriously, all is well, and I'm completely open to every point you rebutted me on. I sensed no mockery or hostility from you, only solid counter points.

[–] dialecticcake 3 points 1 year ago

Both of you rock. I love Lemmy. :)

[–] [email protected] 9 points 1 year ago (1 children)

@lengsel @Dark_Arc

Lavabit was formed and located in the US, while Protonmail was not. As a result, the US had jurisdiction over Lavabit, while it does not have the same level of jurisdiction over Protonmail.

[–] [email protected] 1 points 1 year ago (1 children)

That would explain it for Lavabit.

I don't put as much weight on European courts due to seeing how American corporations through American politicians can get Euroeans locked in European prison for years over torrent sitrs of American movies, surely they can force an email service to shutdown and make threats if Switzerland does not comply.

[–] [email protected] 4 points 1 year ago

It's worth noting that Switzerland is not in the European Union, which is the entity that probably has jurisdiction over copyright in a lot of the cases you're describing.

[+] Emanresu 4 points 1 year ago* (last edited 1 year ago) (1 children)

[deleted]

[–] [email protected] 4 points 1 year ago (1 children)

I miss Lavabit because of how light it ran for an ecrypted service. When I tried Proton it seems more bloated, has too much code and dependencies.

The only way to control your emails is buy a domain and run your own physical server that you maintain the software running on mail server, as in self hosting.

[–] MasterBlaster 1 points 1 year ago

Concerning how it caught on, I can tell you how it got my attention.

It is in Switzerland, which is not part of the "five eyes" nations. It is well known for it's privacy, and foreign nations cannot demand anything from them unless there is clear evidence. Even then, they aren't compelled by treaties.
Proton and Tutanota were the first ones I could find. Tutanota (sp?) is/was based in Germany - a member of "five eyes".
"Started by CERN scientists" was impressive to me.

[–] [email protected] 19 points 1 year ago

No matter who you are or how privacy focused your service, you are still required to comply with legal court orders from various countries:

https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/

[–] [email protected] 14 points 1 year ago (1 children)

Good to see this place is going to be about as conspiratorial r/privacy 😬

[–] [email protected] 7 points 1 year ago

I've come to have my own suspicions of Proton as well, but I've also leaned that's not an accepted point of view in most social media privacy communities.

[–] [email protected] 6 points 1 year ago

What's wrong with Proton? It's just a gaming focused wine branch.

Java in ProtonMail? Are you really sure?

Proton!=ProtonMail and Java!=JavaScript

Sincerely, a developer.

[–] [email protected] 5 points 1 year ago

I mean it’s not like a VPN is providing major anonymity. We already know all the major providers are tapped. You should treat any VPN like a spy agency.

If you need anonymity, a free VPN is probably not the best place to look.

Also they could correlate your network traffic without you logging in. That is not a requirement. No matter what, any VPN is going to give some kind of unique user identifier.

[–] [email protected] 3 points 1 year ago

Java, really? Doubt it