Privacy

31262 readers

598 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

148

Do you trust Proton? (lemmy.ml)

submitted 11 months ago by [email protected] to c/[email protected]

122 comments fedilink hide all child comments

I've been using Proton Mail and VPN for a while now, and I'm just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there's nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy's info to the feds, is there any reason not to trust them with my data?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 11 months ago* (last edited 11 months ago) (1 children)

Not at all. It woul be trivial for them to steal your private keys from their web client. And yes, we have the code. But it's impossible to verify that the code that is on Github and the one they send to your browser every time you log in is exactly the same.

Also, they make it quite hard to make an anonymous registration. And they've been cooperating with governments. Don't get me wrong, I don't support criminal activity. But I don't trust any government with citizen's data, Snowden proved that.

Edit: Oh and they have bribed various privacy related sites with their affiliate program to recommend their services, which I consider a shady tactic.

[–] [email protected] 1 points 11 months ago (1 children)

Why is it trivial for them to steal your private keys? Does your computer unable to verify public keys?

I'm a bit of a novice when it comes to HTTPS handshakes

[–] [email protected] 5 points 11 months ago (1 children)

One of the bold claims of proton is that all your data is encrypted and they can't see it (not 100% sure how they do it, probably your key is encrypted with your password as a symmetric key? Then when you log in, the client unlocks your private key and then that key unlocks the emails and stuff).

Now, it also turns out that they write the software that uses your key to decrypt the emails. It would be trivial for them to just send the keys back to themselves and decrypt all your stuff.

I don't think this is a huge point against proton, as AFAIK no one else even offers encrypted email. But nonetheless I would like to see an api and some third party clients.

[–] [email protected] 3 points 11 months ago

I see now, so it's more on decrypting my data rather than stealing private keys in the context of httpscommunications. I thought for some reason it was about Proton VPN specifically.

Thank you for explaining!