Do you trust Proton?

No, but I trust audits

https://www.cnet.com/news/privacy/protonvpn-clears-its-latest-no-logs-audit/

I do agree they have a big tech feel that I don't like, but everything I've seen indicates they're trustworthy.

'So aside from that one instance where they gave that guy's info to the feds, is there any reason not to trust them with my data?'

They were under a court order. They still have to follow their country's laws.

That is not to say you shouldn't question them, but that particular example should not be used.

If that person had better opsec it never would have been a thing.

seem like they offer a lot for free

i gladly pay for proton knowing that i’m helping fund a critical tool for activists under oppressive regimes :)

more than google at least

Based on my own privacy/security criteria, I chose and payed for protonmail when that was the only thing Proton had. I've been very happy with them and it's nice to see how much they've since popped off.

I trust them, but always remain vigilant, because things can change over time. But the founders initially were scientists who met at CERN, not a company that launched a product. That tells me quite a lot. Yes, over time they are becoming more professional, maybe more like a regular company, but i feel that privacy is still the main priority for them. They also organize a yearly event and the money they raise goes to certain projects that are related to privacy and freedom (if i remember correctly for instance to help journalists remain free press and things like that). Yes, it's one of the few companies that i really trust.

Also, yes, they sometimes are forced to give info to authorities (and they are quite open about that and explain what happened if people ask about that), but don't forget that they don't have much info on their clients, because everything is encrypted and they just cannot see what's inside a mail, for instance. So, they can't share that.

I don't completely trust any "privacy-focused" company, but I trust proton a lot more than most others.

In my view it's either my ISP seeing everything or someone else. I don't trust my ISP, I route my traffic to a different country where I don't live in and them viewing my activity is potentially less of a problem, in my view (just in case they do manage to de-anonymize me)

For my threat model and use case, I trust them.

No.

I trust no single hosted service, but you can use them with caution.

I don't trust them implicitly, but I do believe they are less likely to do certain things than Google which is enough to use them instead of Google for Email.

Proton used to have a deal with the Israeli company Radware, for DDoS protection. They have written a few disclaimers about how Radware only handled incoming traffic still with two encryption layers intact (SSL & OpenPGPjs), as if that was some sort of real protection if a company has access to raw incoming traffic.

Honestly, a company aimed at privacy, boasting of Swiss privacy, should know better than to route anything through Israeli companies.

Not at all. It woul be trivial for them to steal your private keys from their web client. And yes, we have the code. But it's impossible to verify that the code that is on Github and the one they send to your browser every time you log in is exactly the same.

Also, they make it quite hard to make an anonymous registration. And they've been cooperating with governments. Don't get me wrong, I don't support criminal activity. But I don't trust any government with citizen's data, Snowden proved that.

Edit: Oh and they have bribed various privacy related sites with their affiliate program to recommend their services, which I consider a shady tactic.

For that one instance, not doing so would have been illegal and probably gotten them hit with a major penalty.

Any email sent to Proton in clear text is 100% accessible to them at the point of entry. They basically promise you that they won’t look at it before encrypting it for storage. So if you trust their promise, it’s all good.

Any email that comes in already end to end encrypted with OpenPGP is not accessible to them ever, kind of. If their client gets hacked and starts sending unencrypted messages to them or someone else, then they have access.

The only way to have a zero trust environment is always having people (or businesses) send you messages encrypted with OpenPGP, and never using Proton’s clients (webmail, mobile app, and desktop bridge). That’s fairly unreasonable, and you might as well use any other email service at that point.

So, you can trust them as much as any other company, because unless you write and run your own email server (which, trust me, is a huge pain in the ass*), that’s your only option.

* I wrote and run an email service called Port87, which launched recently, and there are so many obstacles to doing this, even if you’re only running one user on one domain on one server.

Depends. Are you on a wanted list?

I do not trust any company, even if it is "privacy-friendly" or "anonymous". There is no way to proofe this, sure I could view the code but there might just be a slight possibility that the company is saving and stealing your data.Self-Hostinmg is for me the way to go.

Let's say that I trust Swiss laws more than other alternatives.

Yeah I would trust them. But I don't think I would use them because I just find their mail service to have too much friction in a lack of interoperability with clients unless you not only pay money, but also download a whole extra program just to decrypt your email. It's essentially a walled garden

When Proton has a single app available on native F-Droid wirh zero anti-features, not from a different repository,conly then will I use their services. I don't use anything from them now. No Protonmail, no VPN, I don't use them.

For some use cases, perhaps. I do trust them to keel over as soon as anything looking like an authority sends a request. I don't trust them to be as good as their marketing.

No news about scams or particularly evil policies yet, which is far better than many providers.

I stopped using them because their Android app is absolute dog shit. But I would trust them more than Google.

No, mainly because they're pumping out too many services. Also free VPNs just sound really sketchy to me.

Do you trust Proton?

For starters, such a question is coming at it from the wrong perspective. One should have trust in the software -- if such sowtware is, indeed, trustworthy -- and not in the entity that created it. If one seeks privacy, then they should be of the mindset that every entity is malevolent.

Actually... this is the only internet privacy company that I trust. I just hope that they start to deliver new products and apps faster... especially on Android, so that we can de-Google our lives as much as possible.

Why is anyone using email anymore? (He said with a straight face)

Personally, email exists solely for merchant receipts, and IRS collection notices. I don't use email with any family or friends. Matrix, signal, session, most any messenger but I prefer e2e.

Maybe I'm internetting wrong.

No. I don't trust the Swiss. They're tied up with US intelligence and they'll do anything for money (that's why they're always neutral). I've gotten shit on here before for saying Protonmail might be a honeypot but I'm sticking by it.

more than google

No, and I never will

I feel the same OP. There's no good reason for it but I just don't trust them. I have no idea why.

I trust them. Yes, sometimes their marketing is unethical, but I think these are just miscalculations.

Ill get straight to the question: what should i use? I use proton currently but they are pretty sus.

I would think if someone's up to some actual shady shit that they don't want to draw the attention of any authorities, they'd be better off using a combination of several of the most popular web mail accounts, like Gmail, and manually encrypting the message before pasting it in or something I dunno, just bc it seems like surveillance systems become less effective with more collection volume, and Gmail has a lot of users

You shouldn't trust them. Won't elaborate further because the proton fanboys are extreme even by the lowest of reddit standards and arguing with them is pointless.

But no, don't trust proton.

No.

Their email service is bad. Why do I need a proton software to use thunderbird ? Why don’t you use open standards for email ?

Not at all, mental outlaw has a video why proton is a honeypot

And yeah, you can't really trust anything not self hosted by you