I’m trying to get rid of my Google dependency and one of those steps was moving over to Protonmail. Now in the past few days i have been picking up signals that even Protonmail is not as clean as it might be.
Does this really impact the privacy of how i use email and so is moving to Protonmail a step forward from Google, or is Protonmail just as bad?
If so, what could be alternatives?
edit:
Some of the alternatives being mentioned in the comments are:
Email:
VPN:
edit 2 (2023):
There seems to be some new activity around this post. At the time of writing the post (2 years ago) there were some stories going as user @UnfortunateShort described in their comment. This made me question the best options available at that moment. Currently i am still a Proton user, using their Mail and Calendar service, and Mullvad for VPN.
Is this post two years old? If so I think we can wait a long time for a reply from OP. I too would like to know what signals they picked up on.
Yeah what’s all that about?
Protonmail is just the “latest” (it’s been open for a few years now) in the technocratic “online privacy” bubble. They probably willingly give backdoors to the NSA.
Basically they sell you the peace of mind, not really any actual security as far as anyone can tell. Until their code is open-source and can be independently reviewed, it’s worthless. That they are based in Switzerland doesn’t mean much because backdoors are meant to be secret. Like in any other country, there is no official organ in Switzerland that will evaluate your app and say “yes, this app is secure. We give it five stars”. However if you find they don’t respect Swiss law you have to open a lawsuit, retain a Swiss lawyer, travel there for the court date, and at that point you start to realize they’re based over there more to protect themselves than you.
There has been another encryption company operating since the 50s in Switzerland that was somewhat recently found to just be a front for the CIA. So clearly being based in Switzerland is not a gage of quality.
Their support of the Hong Kong protest was also kinda suspicious because as far as I’m aware, they’ve never been that interested in any other event. And it wasn’t just a press release that gets picked up by a few hobbyist magazines; it was a full-length email sent to every protonmail customer, even those like me who hadn’t used their account in years.
I also just read that ProtonMail would start using Google infrastructure. While the actual usage of Google’s services would be “limited”, again Proton does not explain the exact nature of this partnership and which services will be routed through Google.
I don’t believe there is any way to be completely secure on the Internet unfortunately. Snowden showed how far backdoors run. So whether you want to keep using protonmail is up to you, but outside of a decentralised p2p system, I don’t think we could fully be anonymous and secure. Maybe though it would be possible to open your own email service – you just have to rent a space on a shared server like you would when hosting a website, and then encrypt it if possible… or open your own mail server in your basement lol. Email doesn’t consume a lot of resources.
I’d argue that this:
Basically they sell you the peace of mind, not really any actual security as far as anyone can tell.
Is demonstrably false, as their encryption methods for emails at rest as well as other options (PGP) are tested. They’re also upfront with their threat protection model ("the ProtonMail threat model document specifically states that, “we cannot guarantee your safety against a powerful adversary.”) and as far as coming from Google or another free provider is concerned are a definitive step in the right direction. A good overview if OP is interested is this writeup here: https://www.techspot.com/news/82776-protonmail-review-secure-email-really-secure.html
Personally I’d be hesitant to recommend self-hosting email unless really necessary (since that has it’s own risks/threat model) and think OP would do well to start off with Tutanota or Protonmail.
As an aside if we’re alluding to Protonmail being a honey pot with the Hong Kong riots I’d rather see it stated as such; this is the second place on Lemmy I’ve seen such criticism levied when a company that has a privacy/security based product and did a statement on the protests and I don’t find it that suspect that they would be interested in furthering their brand or “putting their money where their mouth is” by coming out in support of anti-censorship/CCP measures.
Hong Kong riots
support for the riots is not “support of anti-censorship”. it had nothing to do with censorship. a brief summary of how things began:
- a man murdered his pregnant girlfriend while on holiday in taiwan
- taiwan wanted the man extradited to face charges but hong kong did not have an extradition treaty with taiwan
- an extradition bill is introduced in hong kong listing 46 crimes for which extradition may be requested by taiwan, macau, and the PRC. nine crimes listed were financial (these were later removed)
- angry rich kids realized they would not be able to commit the same financial crimes their parents did
it was never about being censored. it was about wanting to continue to exploit others without consequence.
protonmail didn’t just “come out and support” the color revolution by merely making a statement. i’m not making the assertion that their support means that they are a honey pot. i am asserting, however, that their support means that, unlike their claims, they are decidedly not “pro-freedom” (unless, of course, their definition of “freedom” is getting away with murder).
I’ve been using protonmail/vpn for a few years now. I’ve had nothing but positive experiences. That said, I think its healthy to question any business, especially those that claim to care about your privacy. I’m curious to hear what signals you’ve picked up on.
There was this thing where a court forced them to log the IP and recipients mail addresses of a Prortonmail user, which was used as evidence against them in a legal process.
They released a statement that they do not collect this data unless a court orders them to, that they can’t and won’t collect the content of mails, which is within the law apparently, and that the law cannot force them to collect data from their VPN. They also removed the promise to never collect any data from their sites and documents, because they felt it was not appropriate under the legal circumstances.
If you want to hear my opinion about it: I give them credit for handling this transparently, explaining exactly what happened and removing a false claim from their marketing voluntarily. I do also agree that they should have never misled people into thinking Protonmail is an anonymous way of communication.
As the data collection is very limited and has to be ordered by a Swiss court, I do not feel threatened and continue to use their services.
Frankly, I think if you’re actually fearing to be persecuted for something and don’t want people to figure out who you talked to, you shouldn’t use mails to begin with. And if you do, at least use a VPN or Tor. That’s how they got the user, because they didn’t and law enforcement figured out they use Protonmail + their IP with the help of the ISP.
deleted by creator
Very true, thanks for the remark 👍
I heard Tutanota is worser. But I been a long time customer of Proton, since they started. Its been great for me.