Yeah, Proton is awesome, that’s for sure. Now, being a “security and privacy” company, it blows my mind that they put so much effort on making apps for Windows and Mac first, leaving Linux behind, and when they finally get to it, they just dump in a glorified PWA. This world is really weird 🤣🤣
And that they decided to go with RPM and DEB instead of just doing a Flatpak
Are you kidding me? Doesn’t bother me that much, as I use Thunderbird with Protonmail bridge. I’m still waiting on Proton Drive for linux. Well, I’m gonna end up self hosting at this point. :(
Tbh it should have simply been a flatpak
it blows my mind that they put so much effort on making apps for Windows and Mac first, leaving Linux behind
Because most people use Windows and Mac, including their clients. It’s not the world that is weird, it’s people who don’t understand such basic things. You don’t focus on 5% of your users.
It’s a native app on Windows and Mac?
I don’t use either OS, but the apps are .DMG (Mac) and .exe (Windows), so I believe they are, yes.
deleted by creator
Are you confusing security and privacy?
I’m not, the comment I was replying to literally called proton a “security and privacy” company.
They mutually imply one another.
If something was private, but not secure, well, that implies there are ways to breach the privacy, which isn’t very private at all.
If it’s secure, but not private, that implies it’s readable by someone other than the consenting conversational parties, which makes it insecure.
Privacy: I have blinds on my windows. I control whether they are open or closed, but they aren’t secure. You could break a window and look inside if you really wanted to.
Security: my glass storm door has a lock. But privacy is only there when I close the front door.
There is overlap between these two concepts but one does not imply the other.
…and proton advertises as both, which as pointed out, isn’t true
Companies have to comply with law enforcement. If anything, the little amount of data they were able to give after being forced is a good proof of their overall claim. If there is someone to blame here are courts using antiterrorism laws to catch environmental activists.
exactly if it’s a company they have to comply with laws. This is not a service to rely on if you doing espionage or something. It’s for people who want more privacy and choice.
I mean, if you want secure/private communication, email should not be your go-to. It’s a horrible platform by today’s standards. It was never designed to have any serious level of security. Once they have an unencrypted email on the target with timestamps and mail headers, all they need to do is see who was communicating with Proton at that point. I don’t know if anything has changed since the PRISM days, but back in the 2000s, they definitely had that level of insight into the web.
Not much has changed. It’s really only secure if you are sending emails between addresses within the same local network like gmail to gmail. Thankfull with end to end encryption it can be pretty safe just good luck finding someone that knows how to use it. but thankfully proton makes that pretty seamless.
That’s why I put “security and privacy” between quotes. I have absolutely Jo way to confirm if they are secure and private or if they’re not, other than all the contradicting mentions all over the internet. Also, while security and privacy may not be mutually dependent in the physical world, it stands to reason that something insecure cannot be private, and something not private is inherently insecure, as @[email protected] clearly pointed out. As for controlling my own email infrastructure, I’d love to, as everything else I do self-host, and only with FOSS software. However, email hosting is a seriously complicated animal that requires too much effort and maintenance, and most of us dont have the knowledge and time to invest in that, so compromises need to be made. I am well aware that there’s always risk on using something I have no real control over, but the alternative meets the reason for the phrase “the treatment is worse than the decease”.
Removed by mod
"Anyone can download the app, but free users will be given a 14-day trial to test drive it.’
So it’s only for premium users ?
Hey it takes effort to make a WebView for mail.proton.com
They need to see how to package the dedicated browser for all the different distros and operating systems, make a nice icon and so ok. It takes hours
They should sell this masterpiece for much more
Yup
“After years of pushing their proprietary and closed solutions to privacy minded people Proton decided that it was in their best interest to further bury said users into their service as a form of vendor lock-in. To achieve this they made more non-standard desktop clients for their groupware features (contacts and calendars) and the bridge will be discontinued soon.”
Only if there wasn’t CardDAV, CalDAV, IMAP, SMTP and dozens of other highly standardized protocols to handle e-mailing and groupware.
Speaking of mail apps, has anyone used Thunderbird recently? I had used it for a year or two up until . . . a year or two ago (probably two or three, actually) and then switched to kmail to satisfy my masochism. Thunderbird just hadn’t been doing it for me with meh functionality and slightly more meh looks.
Fast forward to yesterday when I’m updating my steamdeck desktop to use nix stuff instead of rwfus+pacman and I couldn’t get kmail from nix to behave right so I thought I’d give thunderbird another look. I’m several hours into tinkering with it and holy hell has it changed pretty much completely from a few years ago. Looks fantastic and works pretty much exactly how I want/expect it to. Good job mozilla!
Yes Thunderbird is getting really nice nowadays.
If you like Thunderbird, I recommend checking out Betterbird fork as well that adds more features.
Yeah I installed it recently on my widows and it is super sleek.
Yeah I’ve started using it again the past year. I use Proton Bridge with Thunderbird, and it works well. Much prefer it to webmail interfaces.
Proton Drive though 😭. The Windows app is so nice, wish we could get that for Linux.
I’ve set up an Rclone for the time being, not great but it works well enough for basic bisynchronisation.
Ugh, they took too darn long. I’m probably going to switch to Nextcloud.
You should do it. Easy to setup using either their official AIO image or the community-driven micro service one. I am using the latter and it’s been amazing. It’s completely replaced Google Drive, Calendar, and Contacts for me and with the DAVx5 Android App it feels like a drop-in replacement. I am also using the auto upload feature to back up my photos to it.
Working on that right now. Wish me luck. :)
I would too, but after like a week I get bored of maintaining it myself when all the expenses summed together aren’t much cheaper than Proton or likewise. This is what I was doing before submitting my independence to Proton.
Furthermore Nextcloud is just too damn sluggish. The web interface makes it seem like my server’s idea of a CPU is a kid with a calculator and WebDAV isn’t designed for cloud storage. I’ll take new features being slow over my whole experience being even slower any day of the week.
I feel that. However, Proton’s a non-starter for me as I’m using Linux, so no Proton drive client. Really scratching my head since Linux attracts the security conscious.
(Webmail provider releases a bespoke desktop app)
(me, old fart, bumbles out from behind the cables and servers and muck)You fools! Have any of you whippersnappers ever heard of IMAP? No? Thought so.
[I’m not that familiar with ProtonMail. Chances are they already support IMAP. In which case: … …why? Why this? Why in this day and age?]
It’s worse than you thought.
The webmail provider released a dedicated browser that can only open the webmail and called it a “desktop” app.
Additionally, they don’t support IMAP. There’s an app to run on your computer that becomes a bridge. The proprietary protocol is translated to IMAP. You can’t use your favorite client if your operating system can’t run that bridge and you’re not a premium user because for “reasons” only premium users can run that local bridge
On a lighter note, the protocol might be proprietary but the bridge still seems to be fully open source : https://github.com/ProtonMail/proton-bridge
I don’t think think Proton shows bad will on this one. The only alternative I can think of (as a non expert) would be IMAP + GPG encrypted emails but very few desktop clients support GPG, which would make them less accessible 🤷♂️ Having their own protocol also probably makes it much much easier for them to iterate on it, opening up usually makes think much robust but also slower.
The bridge Is “open” but somehow it works only for premium users.
Cool. Now please do Proton Drive and Calendar. Please and thank you Proton.
I sure hope they make a Flatpak like they did for VPN (although it’s not working properly at all rn). I don’t get why they are still troubling themselves to support two other formats already during beta, when this is probably just an Electron app.
On a related note? When my friend on proton send me (regular imap, openpgp) and several others (gmail, outlook) an email with all of us as recipients, it seems that proton cheats? I get to decrypt the message, where’s the others just read plain ø, unincrypted text.
At first i thought this smart. But now i kind of realize how much of a nightmare this seems to be.
On the other hand, i am not really sure how they do it? Is it to different mails, with fake headers? Or is it more like: if no encryption is available, show thisb (dentical) text instead?
So, what is general concesus about Proton, is it safe or not? I dont use it because you need to pay for Bridge to use it in Thunderbird. Maybe I would use if it has a dedicated app.
It’s pretty great. Especially considering that you get a full ecosystem with Mail, Calendar, Drive, VPN and Pass.
I would also like to take this opportunity to shout out murena.io. They host open source cloud solutions. You get a Nextcloud with OnlyOffice and lots of other goodies and their pricing is pretty good
The people behind Murena are also the devs of /e/OS, a de-Googled Android OS that they also sell phones they pre-load it on. My one critique of it so far, owning one of the phones, is that I wish they would work on making it compatible with more well-known phone models available outside Europe. They sold this model I’m using, the Murena One (some Chinese OEM they slapped their name on), here in the US through their website, but I had to run around for two days trying to find a carrier whose service would work on it (or who would even try - eventually T-Mobile worked, the European-based carrier, what a surprise…) and I can’t get anyone to do repairs on it because it’s not one of the well-known brands. The case they gave me for it is essentially purely cosmetic, and only a week or so into owning it, I dropped it at a restaurant and it got a huge area of dead pixels at the bottom of the screen that nobody will fix because they can’t get a new screen for it. If I could install /e/OS myself on more than just the Google Pixel (paying Google to not have to use Android, fun…) that would be great and solve my problems.
As the mod of !c/e_os, I am so happy you brought this up. I use /e/ on my Fairphone 4, it’s great. The Easy Installer has come a long way, you should check it out https://doc.e.foundation/easy-installer
Edit: You can also check all the supported devices here
I’ve looked at the list. The only model that could give me what I’m looking for (5G, actually familiar to US-based carriers and repair shops) is the Pixel. I understand it’s not all the fault of the /e/OS devs since there’s factors like many bootloaders not being unlockable on US phones or other hardware complications, but I do get the feeling that the North American market does tend to be an afterthought. From what I can see, a majority of the list is either only available in Europe or will only work with very few carriers here, with lack of 5G capability being a big setback for carrier compatibility. That 5G requirement for many carriers really does hurt European based phone tech compatibility over here quite a bit.
So how would you sync your Proton Passwords with NextCloud, or with VaultWarden? Or actively sync them locally to be used with an open source app?
Oh, that’s right… you can’t. Proton will say… “Just trust our payloads bro! There is no way we’d ever deliver a modified payload to get your password. Sorry you can’t sync your calendar & contacts, just use our Windows apps.”
I wouldn’t? I suggested Murena as a Proton alternative. I don’t know if they have a password manager right know but you can always throw a KeePass database into your Nextcloud.
My sincerest apologies. I misread the thread and thought you were advocating for Proton, which IMO is a questionable company. Thanks for the clarification.
I use both. Proton fits most of my needs, Murena does the rest. I’m not attached to any of them though, if I’m given good enough a reason, I’ll drop Proton immediately
At least you’re open to moving on. I think keeping an open attitude in any scenario is prob the best option. For most people, I’d recommend they keep using whatever works for them. If you’re happy with Proton then switching may just cause frustration. However, if you’re very much security focused and also care about things like being able to access your calendars/contacts in the apps you want, then I’d prob suggest just using SimpleLogin for email with their GPG feature, vaultwarden for passwords (you can still use the BitWarden phone apps), and Nextcloud for Calendar/Contacts which also supports DAVx for mobile.
I do use the SimpleLogin aliases, it’s one of my favorite services they offer. Most of my web storage (which I barely use anyway) and calendar and stuff is all Nextcloud
It is about as safe as trusting Apple at their word to protect your privacy.
So whats more privacy friendly, using a browser to check email, og using the official Proton app?
Neither. The single app that Proton has done somewhat right with is their VPN and only because they haven’t eliminated port forwarding. Everything else they’ve utilized non-standard protocols and failed to provide source code or API docs. They basically said that users are too stupid to protect themselves, and that you should just trust them to do it for you.
They failed to provide CalDav & CardDav syncing for things like calendars & contacts, IMAPS for mail, and prioritized things like their cloud-only password store. They had no valid reason not to use standardized protocols other than to prevent their users from actively syncing local copies of their data to integrate with privacy-friendly open source software. They act like Apple & a lot of their users prob. are Apple fan bois who will trust a company no questions asked. I have no reason to trust them whatsoever.
Thank you for that.
Protonmail still does not have an official app in F-Droid. Just because of this reason I ended my paid subscription and moved to Tutanota.
Tutanota doesn’t have a good way to export emails in bulk. Their feature set is getting richer, but once invested, the exit cost is quite high, speaking from experience.
Not going away from Proton myself, but yes this is damned infuriating. Although I’d deal with a reliable Android app. The Beta Android looks good, but why Proton has struggled so much with Android is beyond my current digging.
no proton drive??
This came way sooner than expected, be grateful. It’ll arrive soon enough. Patience, young padawan
What is the point of email clients? Why not just use the web browser?
My hope, for proton, would be improved search functionality. Currently search only works for email subject, not body. It’s really lackluster.
More useful if you have several email addresses, you can more easily check all of them in one place
https://encryp.ch/blog/disturbing-facts-about-protonmail/
i’m begging you, don’t buy snake oil.
Not only is this article three years old, it is also lacking in terms of sources. Additionally, the language and phrasing is quite inappropriate for the purpose of spreading the information. Lots of text is just mean and offensive without any actual purpose.
It also seems to be largely based on speculation rather than actual solid evidence.
I’m not against investigating the legitimacy of established and trusted privacy-first providers. However, this seems a bit lackluster.
Also: Email is inherently insecure, we all know that. Proton services are open source, independently audited and verifiably E2EE, except for Mail, which uses PGP for the emails themselves and E2EE to store them.
for what claim do you want a source that isn’t provided?
All of the hyperbole and speculation? The SSL stuff with TOR for example. That’s not proof, that’s a hint at best
they say plainly what they don’t know. what they don’t know, you don’t know. and if you don’t know, you are trusting on faith, not evidence.
