so now proton completely blocking account creation through their onion adress? I have standard protection, javascript enabled. Time to swith for those who use this service as they are ditching tor and switzerland?
so now proton completely blocking account creation through their onion adress? I have standard protection, javascript enabled. Time to swith for those who use this service as they are ditching tor and switzerland?
Proton always felt like a scam to me. Their claims on privacy and security are questionable at best.
My issue exactly. Their marketing isn’t careful, which I would expect from a security focused business.
to me it’s not that they market their security, I think it’s still meaningful. if they actually dont keep unencrypted messages, that rids them of the need to hand over past data when police comes knocking. but the way they do discounts, the way they publish prices on the pricing page, and things like that that make me question whether do I really want to recommend this to others.
If they still hold the private key, your mails aren’t encrypted. And even if it’s the case you still have to trust them that they don’t save the plaintext email somewhere else before they run tbeir encryption.
and that’s what I do. I trust that they are doing it. what better can I do? the other option is to use a provider that 100% is not doing that, which does not seem to be better. or hosting it for myself, which maybe a small minority of people are capable to do it
Thus this feature is a “nice-to-have” that should not be relied on.
Yeah, thats the issue. At some point you have to trust the provider or host yourself. I know from friends who worked at my email provider that they actually encrypt and not save it but thats a luxury not everyone has.
That’s an inherent issue with email though, not Proton specific
Their software is open source and you can verify it yourself.
You can’t verify that they actually run that on their servers.
So, they operate a repo of open source code as a cover for their internal repo of completely different code?
I’m not saying they do that. But you have to trust them that they don’t do it. You can never proof it.
Are there any non-self-hosted services where that’s not the case?
No. That’s why I wouldn’t trust protections that depend on something serverside, like encryption in the web client.
No. It’s an inherit comoromice you have to deal with. At least with email hosting.
Now with LLMs to provide extra security (not)