Post got deleted, posts removed…
You must log in or # to comment.
What’s reddit? Is that like a new alternative to Lemmy? ;P
how the hell did this get 51 upvotes
You’re almost there in down votes. Good job 🤣
It’s a good thing that free discussion doesn’t equate a mindless popularity contest. Oh wait, on Reddit it does, my bad …
It was a terrible sub for years much before the apicalypse. It was full of apple fanboys who believed every marketing bullshit.
Wait, what’s wrong with Proton Mail?
They gave meta information like IP to the government in Switzerland, where they are based, after the government forced them to with a court order. Not the encrypted mail, mind you, because they can’t do that, just the additional information they have on a user like email and IP.
Because of that, a lot of redditers on r/privacy think they spy on their users for the US government. It’s a stretch, yes, but you have to remember they take turns using the one brain they collectively have.
Not the encrypted mail, mind you, because they can’t do that
Just want to point out for anyone new that ProtonMail does not use E2EE for email headers. That means they CAN access your subject lines, to/from fields, and other email headers. That means they CAN be forced to hand it over to the government.
Source: https://proton.me/support/proton-mail-encryption-explained
Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.
Personally I am disappointed in a lot of Proton’s wording about this. They frequently promise they can’t access “your data” and “your messages” when they do, in fact, store potentially sensitive data in a format they CAN access.
It’s email, that’s the best you can get with email, if you want to have more privacy, DON’T USE EMAIL
This is good advice, because email is very difficult to make reliably private. However, it’s not the best you can get. Tutanota, for example, stores headers with E2EE, and still has a search function.
The goal should be to make it as private as it can realistically be. Ideally, any cloud service you use should only store end-to-end encrypted data.
I’m not trying to shit on Proton — it’s a huge step up from the popular mainstream email services, and the inclusion of cloud storage makes it a much easier transition than going piecemeal with 2-5 different services.
A bit more context is important here. They aren’t E2EE, but they are stored encrypted. In the case of the person whose meta information was turned over, ProtonMail wasn’t forced to hand over the information right away, they were forced to collect it the next time that person accessed and used their email. That tells us that they didn’t store the information beforehand and could not access it without preparing to intercept it the next time their service was used.
Ultimately, though, if something like that’s a dealbreaker, it’s likely you’re doing something that would benefit from a more secure way of communicating than email.
Yeah I agree, sounds a bit excessive. If that’s correct, it doesn’t sound like they’re reading your data and at the end of the day they have to comply with things like warrants. Thanks for the clarification.
It is all also very clearly stated in the information they must collect in order to provide their service. There should’ve been no surprises here, as you must assume that scenarios like these will happen eventually.
If all they have on you is your optional backup email and your IP, I think they’re doing pretty well in the no data-collecting part?
Well, you don’t even need to provide an email or phone number when you sign up, so if you access the site via their onion address every time, they would have no information on you at all.
I don’t think OP was trying to say Proton Mail is bad or insecure. Rather the opposite.
I would also like to know, lol.
What’s the background here? Do they censor stuff?
deleted by creator
Mention VPNs are forbidden due to spam and stuff, GrapheneOS mention forbidden because of drama
Defeats the whole purpose of the subreddit, it’s like saying you’re not allowed to talk about yellow in a community about colours…
Only reason I’d recommend signal to anyone is that its one of the few encrypted apps that doesnt have awful onboarding. A boomer can figure it out.
What do you recommend?
If Signal was not simple, my family and friends would likely use Telegram or WhatsApp. Even switching to Signal required a number of (general) newspaper articles criticising the status quo. It’s likely not optimal, but okayish and sharing opinions and holiday impressions feels a bit better.
Switching a service is a slow, difficult process and many contacts will not follow, given they would abandon other contacts among friends, family, parents at school, sports teams, … (now, I’m here, using 4+ solutions).
If training or even curiosity for the technical process is required, very few people will follow. If it takes me (with strong IT background) more than 30 minutes to understand/implement, I may have a decent private solution, but I will feel quite lonely soon.
the other decent options are matrix and simplex chat, and mayyyybe session. matrix seems to have the most users and kick to it right now. out of those options. but yeah youre not gonna get the average tech illiterate person to get on a more complicated alternative to discord, essentially
We love lemmy ❤️
deleted by creator
Oh I remember r/privacy, this comment is spot on. You expect something like the Linux communities where it is okay what ever you prefer. But privacy-nerds sometimes goes the spying government/tech-firms rabbit-hole to deep.
Lol brave sucks
Literally the kind of elitist response the OP was lambasting.
No, noons need to be told what sucks and what doesn’t.
Okay, I’ll have a go, since you’re a noob with people and how they actually learn and behave: Your advice sucks.
What advice
… so what doesn’t? Just saying <thing> sucks without saying why or providing a valid alternative is not helping anyone. Rather say something like
“Brave has done some shady things in the past and is based on chromium which is currently doing its best to kneecap adblockers and other privacy tools. If you want a good private browser, you might want to use librewolf instead”.
It does, but it’s a step in the right direction.
I’m as guilty as anyone for allowing pursuit of perfection be the enemy of good.
How is allowing crypto mining in your browser or hijacking affiliate links good for privacy?
Brave has a built-in adblocker and is not Chrome. If a user is able to make the switch to Brave, they might find it easier when they try to switch to something better like Librewolf or Firefox.
Why would switching browsers twice make it any easier?
Because once you learn how to switch browsers once, you already know what the process of changing browsers looks like and what to expect, removing the barriers if you switch again.
It’s like switching from Windows to Ubuntu. Sure, Ubuntu is not perfect, but by installing Ubuntu, you have already learned the process of installing a linux distro and what to expect if you decide to install a different one.
Except brave doesn’t teach them how to block ads or mine crypto so I still fail to see how if they were to switch to brave it would make their switch to a sane browser less painful. They just have to switch twice instead of once.
I ditched reddit, and what’s being described in this thread is largely part if why I left. I won’t go back.
“Welcome to Reddit! A community where you can determine what the mood and biases of the mod(s) are so you can safely post without getting banned or comments deleted.”
The real privacy nerds: paying for a service? Leaving a paper trail? Learn how to pwn grandma computers and push all your internet through that. /s
proton is literally cia. they are modern cryptoAG
proton is literally cia. they are modern cryptoAG
[citation needed]
I’m not saying that it’s BS. I’m asking as someone who’s on the brink of dropping 300€ on a year of “proton family”. I’d like more than an unsubstantiated “they’re crap” claim before making my decision.
I’m kind of interested on this as well. I started using proton a few months ago when my ISP stopped supporting mailservers on consumer contracts.
Should I find something else?
That’s a bold claim, I’m gonna need a proper source to believe you
