I know the CEO dug himself a pretty deep hole recently.

I had been meaning to switch all the services I currently use over to proton - but his remarks gave me pause.

Is it still worth considering?

  • chrand ( chrand@lemmy.ml ) 
    link
    fedilink
    English
    arrow-up
    35
    ·
    7 months ago

    Yes. If you don’t agree with the CEO, keep in mind that he is not the owner, they moved to a nonprofit structure. Proton’s CEO is not the first one saying stupid things, the same happened with Mozilla, Brave, and perhaps many other reputable groups.

    Proton products are good, IMHO the layout is OK.

    It’s good, but not the only one. If you don’t feel comfortable with Proton, go to Mailbox.org, Posteo, Tuta. They are smaller, with less products on their portfolio, but reputable and as good as Proton.

    • pirat ( pirat@lemmy.studio ) OP
      link
      fedilink
      arrow-up
      4
      ·
      7 months ago

      Yeah - mostly was the hope of this post to see what others you put up.

      I had looked at tuta but I’m looking to be able to move my digital workspace (email, calendar, storage, docs, etc) over.

      • haverholm ( haverholm@kbin.earth ) 
        link
        fedilink
        arrow-up
        6
        ·
        7 months ago

        FWIW, tuta offers email, calendar and contacts. That’s a good part of it sorted out.

        For storage, if you’re not up for self hosting Seafile or Nextcloud, look at https://filen.io/

        Or, check out https://disroot.org/en which has email, storage, calendar and contacts.

        AFAIK none of the above have office suites like you might expect coming from Google or Microsoft, but in my experience installing LibreOffice on your local machine solves that. Not everything needs to run in a browser.

        • pirat ( pirat@lemmy.studio ) OP
          link
          fedilink
          arrow-up
          4
          ·
          7 months ago

          It seems murena has all in looking for with the exception of supporting custom domain names (unless you self host). The workspace aspect is important to me as I do a lot of collaborative work that is much easier with shared access to a spreadsheet.

          • haverholm ( haverholm@kbin.earth ) 
            link
            fedilink
            arrow-up
            4
            ·
            7 months ago

            murena

            Sure, if at this point you’re still comfortable trusting the same entity with all your cloud services as well as your phone OS (which seems to just be a hardened LineageOS) — go right ahead.

            • cabbage ( cabbage@piefed.social ) 
              link
              fedilink
              English
              arrow-up
              6
              ·
              7 months ago

              For me personally this is the selling point, as I can fund their (open source) work rather than sending money to some company that does not contribute to open source. And since everything they offer is based on FOSS, migrating to another provider is easier than for closed source competition.

              That said, I get your point. It is a corporation, and it is putting several eggs on one basket.

              • haverholm ( haverholm@kbin.earth ) 
                link
                fedilink
                arrow-up
                2
                ·
                7 months ago

                I’m wary of Signal for the same reason that — although both products are at least nominally open source — for all intents and purposes, their strategy is corporate. And this centralisation makes Murena as well as Signal single points of potential failure.

                You do you, just consider that the minute somebody from the Murena/e Foundation board has a public meltdown you may have to find a new home for all the cloud things 🤷

            • pirat ( pirat@lemmy.studio ) OP
              link
              fedilink
              arrow-up
              3
              ·
              7 months ago

              Totally fair point there.

              I do want to move to a more secure OS for my mobile device, and I’m just in the babysteps of understanding the wide world of the Linux ecosystem.

              • haverholm ( haverholm@kbin.earth ) 
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                If that’s where you’re at, go for it. Every decision in this game is a tradeoff between convenience and privacy. We all need to start somewhere!

                I’m old enough that I used to casually flash Android KitKat ROMs, and self hosted Nextcloud for a decade or so. I’ve seen platforms rise and fall 🤣 After a while it’s easy to become jaded.

                • pirat ( pirat@lemmy.studio ) OP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  7 months ago

                  Yeah, long term I do want to self host and I’ve now been doing reading on next cloud.

                  I used to flash to cyanogenos on a galaxy2 back in the day and I’m looking at different ROMs to try out now (suggestions welcome).

                  That being said, I’m new to Linux and haven’t done much home server stuff, but am motivated to learn more.

    • Océane ( oceane@jlai.lu ) 
      link
      fedilink
      Français
      arrow-up
      1
      ·
      edit-2
      7 months ago

      Politics aside, the OpenPGPjs library would be a viable alternative with a client side checksum program, but sure enough, the builds are reproducible.

      Until then, this isn’t even technically true.

      For example, you can’t import your emails with the POP3 so when your mailbox gets full you can’t even pay for one month and download them all while deleting them from the server.

      It isn’t usable for free accounts and there was pre-4.0 a cult-like trend on the support subreddit to disclose your tier. I’m not aware of any moderation post, or note, asking users to stop this practice (u/ProtonMail was listed as a mod account).

  • Obelix ( Obelix@feddit.org ) 
    link
    fedilink
    English
    arrow-up
    10
    ·
    7 months ago

    I think that there are several things to consider here:

    1. Is is usable software? Yes
    2. Is the company trustworthy? In my opinion not, a MAGA CEO is a security risk when you take a look at what is happening in the USA right now.
    3. Does it feel good to support a MAGA CEO? No
  • cabbage ( cabbage@piefed.social ) 
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    7 months ago

    If you are going to spend time and money migrating to another service, choosing one that seems to be headed in the wrong direction seems ill-adviced.

    European-alternatives.eu seems like a good resource to find alternative services.

    Personally I am waiting to see if Murena.com restores their nextcloud offering, as I am planning to move to /e/OS on my phone again and wouldn’t mind sending a little money their way. I’m not into hypersecurity though, if you have very particular needs others will have better insights. For me having it hosted in the EU is good enough.

    • pirat ( pirat@lemmy.studio ) OP
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      Well the company’s board has a choice on who represents them and what their values are as a whole.

      If the company thought that this person (CEO on this case) doesn’t represent their values effectively they can remove them.

  • illi ( illi@lemm.ee ) 
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    I’m quite happy with the products. Not as happy with the company after the event you mentioned. I upgraded my plan not long before that happened (they had a pretty good deal going) so I will stay with them for now but I will need to consider what to do once the prepaid time is up.

  • Océane ( oceane@jlai.lu ) 
    link
    fedilink
    Français
    arrow-up
    3
    ·
    edit-2
    7 months ago

    I’m tired but:

    • you’d need to compare the checksums of their web-based cryptography at every login,
    • you could use their bridge but you’d need to give your OpenPGP passphrase to change your settings, for no reason
    • they have the CIA at their administration council,
    • they have an history of unethical behavior toward Twitter survivors,
    • they have an history of spreading conspiracy theories,
    • they have an history of contacting hosting providers asking them to remove blog posts,
    • they didn’t share the Lavabit fundraiser so they could get quietly issued a US National Security Letter (overriding the First Amendment and preventing Ladar from appealing),
    • they can access to your entire mailbox anyway, not just to the email contents,
    • this has enabled the arrest of Social and Climatic Justice activists, they replied they couldn’t resist a Swiss court order (so that’s not their fault I guess, the tech is just bad)…

    Why would you trust them for your opsec, and why would you enable them further?

    Alternatives include Disroot, Nubo, and Zaclys.

    #Proton #ProtonMail

    • pirat ( pirat@lemmy.studio ) OP
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      For being tired this outlined a lot of great points and good alternatives. Nubo has my eye and I’m going to look into starting the process with them.

      • Océane ( oceane@jlai.lu ) 
        link
        fedilink
        Français
        arrow-up
        1
        ·
        edit-2
        7 months ago

        Tired. In auto-pilot mode for the last 3 hours.

        Part of it is based on the OpenPGP standard itself, e.g. you only need the passphrase to decrypt your emails, not to encrypt them and certainly not to change your settings.

        Part of it is based on experience.

        Part of it actually needs a few sources; the Lavabit part is speculative but solid, there are bread crumbs all over the web.

          • Océane ( oceane@jlai.lu ) 
            link
            fedilink
            Français
            arrow-up
            4
            ·
            7 months ago

            I was going to add sources anyway, I’ve only had 3 hours of sleep last night, but you need to understand that we don’t owe you resources. I, for one, don’t know you. I wasn’t talking to you when you approached me with a nominal sentence, and you need to acknowledge that you base your tone on the assumption that I didn’t consent to this conversation.

            So of course I’m still considering blocking you. Going this route, you would keep the same entitled, passive-offensive tone.

            As rude as it is, people will only adapt to this by drawing boundaries in a more cohesive, efficient way. You need to check your attitude, and to embrace the resource-centric nature of the internet. Improve your tooling.

            • pirat ( pirat@lemmy.studio ) OP
              link
              fedilink
              arrow-up
              3
              ·
              7 months ago

              I am genuinely curious about other sources - I tried to do digging on some but couldn’t verify all the claims. No rush, get some rest and whenever you get a chance I’d love to read / learn more.

            • 0x0 ( 0x0@programming.dev ) 
              link
              fedilink
              arrow-up
              2
              ·
              7 months ago

              So of course I’m still considering blocking you.

              👋 kthxbye

              Some issues on Proton are widely known, like their CEO’s shenanigans… If you’re gonna claim other less known issues don’t act shocked and surprised (or offended or whatever) when someone asks for evidence.
              You’re not obliged to provide such evidence nor am i obliged to believe your BS.

              Get some sleep.

              • Océane ( oceane@jlai.lu ) 
                link
                fedilink
                Français
                arrow-up
                2
                ·
                7 months ago

                You’re missing the point. I will source my post (because I’m a nice and, frankly, jobless person) even tho I was answering to the OP, because this is a public document.

                But you’re the one coming out of the wood with baseless claims. Every serious privacy guide claims that you shouldn’t use OpenPGP for opsec, which is well beyond degoogling anyway, so why are you even recommending ProtonMail over cheaper offers like Nubo, Mailo, or any other indie mail provider? Why are you suggesting another data silo in a degoogling community?

                • 0x0 ( 0x0@programming.dev ) 
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  7 months ago

                  why are you even recommending ProtonMail

                  I’m not. I don’t really like it myself. I’m just allergic to source-less claims, and you’ve got a lot of them.
                  Shouldn’t you be asleep? Get some rest.

            • 0x0 ( 0x0@programming.dev ) 
              link
              fedilink
              arrow-up
              2
              ·
              7 months ago

              Make no mistake: any company that wants to operate above board, be it a VPN provider, a privacy-focused mail provider or whatever, always has to comply with the local law. If the “local” happens to be an oppressive regime like the US, tough luck… even in Switzerland if their gov forces a company to comply with something they will comply. Proton’s no exception.

  • maybe not important to some, but I was super-unpleasantly surprised a couple months ago because proton deleted my dormant account. my recovery account received a couple of warning emails (didn’t check that one in ages) and when I finally got around to it, gone.

    so if you’re thinking of using it for anything long-term, know that you have to log in once in a while or it’s gone.

  • anothermember ( anothermember@feddit.uk ) 
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    Apart from the CEO, I’ve been a bit concerned with the number of outages recently with quite poor and inconsistent communication or updates - not especially long outages but made much more stressful. There’s something really off about the way they communicate things I’ve found. So that combined with the idiot CEO has made me start the process of moving away from Proton, I don’t trust them any more.

    I think the best strategy is to spread thinly, don’t become reliant on any one provider.