- cross-posted to:
- privacy@lemmy.ml
- technews@radiation.party
- hackernews@derp.foo
jet ( @jet@hackertalks.com ) English33•11 months agoWhat they can share, IP, Recovery Email, Payment information, for every email: From, To, Subject, Time, Size…
Basically all of your metadata. If you’re concerned about people knowing your metadata, especially who you’re talking to and when you’re talking to them, don’t use proton. Better not to use email at all.
jhulten ( @jhulten@infosec.pub ) 8•11 months agoThat second part. The ‘e’ in email stands for evidence.
randomguy2323 ( @randomguy2323@lemmy.kevitprojects.com ) English28•11 months agoPlease tell me of a email service that is government proof. There is none that doesn’t and will never exist. Of course Proton is private and secure as the user is. All of this boils down to the user security hygiene.
worfamerryman ( @worfamerryman@beehaw.org ) English8•11 months agoThey talk about for the number of requests has grown as the number of users has. Previously they advised users to use their onion address.
Additionally they said the emails and other stuff is encrypted so it’s really just some meta data that is being handed over.
jet ( @jet@hackertalks.com ) English5•11 months agojust some metadata…
We kill people based on metadata https://www.wired.com/2015/03/data-and-goliath-nsa-metadata-spying-your-secrets/
worfamerryman ( @worfamerryman@beehaw.org ) English3•11 months agoThen what do you suggest for an email client? My point is, you do the best you can and not make a big deal on couple thousand requests being handed over when there are 100m accounts.
jet ( @jet@hackertalks.com ) English1•11 months agoTutanota is the only email provider that I know that stores all data encrypted, AT REST.
Due to the nature of email, messages in transit are not encrypted (at least the metadata).
Depending on your risk tolerance, this might be fine.
I would recommend end to end encrypted communication for sensitive information (signal, etc).
Consult privacy guides for the tradeoffs of email and messengers.
randomguy2323 ( @randomguy2323@lemmy.kevitprojects.com ) English2•11 months agoYes as I said before its not like yes I will use Proton mail for nefarious stuff and expect that Proton will defend you against a government. The user is responsible for their data safety.
worfamerryman ( @worfamerryman@beehaw.org ) English2•11 months agoI completely agree. It’s hard for a lot if people to look at the big picture and realize that the data handed over was likely for some pretty serious illegal stuff.
Additional, most people just are trying to hide their data from advertisers.
mtchristo ( @mtchristo@lemm.ee ) 15•11 months agoNever forget every email that leaves Protonmail to other email providors are not anymore secure or encrypted as using gmail or others.
Second no one can certify that incoming emails and meta-data can’t be read and recorded to a ghost mailbox before getting encrypted. you have no control on what happens on their servers
privacy shouldn’t rely on trust
The Hobbyist ( @TheHobbyist@lemmy.zip ) 3•11 months agoIt’s really difficult if not impossible to be private with services you can’t trust… suppose you were to not trust Tor. How can you prove it to be private if you can’t trust anything they say or share? I think it’s almost impossible, isn’t it?
You’re going to have to put trust somewhere if you want to be private, whether it’s your device’s hardware, software, ISP or other…
mtchristo ( @mtchristo@lemm.ee ) 4•11 months agoI don’t think that Tor relies entirely on trust. it rather relies on the probability that there needs to be at least half of entry and exit nodes compromised for a attacker to be able to deanonymize users trying to access the clearnet. the hidden network is even harder to deanonymize as there are more than 6 hops in the path. and all nodes participating in the network are visible.
proton on the other hand can do what ever they please on their servers and can never get caught with it.
The Hobbyist ( @TheHobbyist@lemmy.zip ) 3•11 months agoI don’t disagree with you. But if you start with the assumption that a service cannot be trusted, it’s really difficult, maybe even impossible that despite it, privacy is safe. That’s a different claim. Especially as this claim would have to hold across the whole end to end. I can’t see how one can imagine having any privacy in such a scenario.
pizzaboi ( @chris@lemm.ee ) 6•11 months agoIn other news, water is wet.
auth ( @authed@lemmy.ml ) 5•11 months agoOnly private if you use gpg… But you still leak metadata