this post was submitted on 11 Oct 2023
148 points (94.6% liked)

Privacy

31876 readers
365 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been using Proton Mail and VPN for a while now, and I'm just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there's nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy's info to the feds, is there any reason not to trust them with my data?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (1 children)

Not at all. It woul be trivial for them to steal your private keys from their web client. And yes, we have the code. But it's impossible to verify that the code that is on Github and the one they send to your browser every time you log in is exactly the same.

Also, they make it quite hard to make an anonymous registration. And they've been cooperating with governments. Don't get me wrong, I don't support criminal activity. But I don't trust any government with citizen's data, Snowden proved that.

Edit: Oh and they have bribed various privacy related sites with their affiliate program to recommend their services, which I consider a shady tactic.

[–] [email protected] 1 points 1 year ago (1 children)

Why is it trivial for them to steal your private keys? Does your computer unable to verify public keys?

I'm a bit of a novice when it comes to HTTPS handshakes

[–] [email protected] 5 points 1 year ago (1 children)

One of the bold claims of proton is that all your data is encrypted and they can't see it (not 100% sure how they do it, probably your key is encrypted with your password as a symmetric key? Then when you log in, the client unlocks your private key and then that key unlocks the emails and stuff).

Now, it also turns out that they write the software that uses your key to decrypt the emails. It would be trivial for them to just send the keys back to themselves and decrypt all your stuff.

I don't think this is a huge point against proton, as AFAIK no one else even offers encrypted email. But nonetheless I would like to see an api and some third party clients.

[–] [email protected] 3 points 1 year ago

I see now, so it's more on decrypting my data rather than stealing private keys in the context of httpscommunications. I thought for some reason it was about Proton VPN specifically.

Thank you for explaining!