Should i trust proton?

If you're using Gmail, and you're considering alternatives for privacy reasons, then 100% without a doubt, objectively and unequivocably, Proton is the better choice of the two.

There are other email providers with privacy assurances, and yes, you can self-host, but don't let perfection be the enemy of the good.

To address the trustworthiness of Proton directly: I've been a Proton user for about 10 years. It gets the job done. I have complaints, but privacy is not among them.

Proper analysis. .. The only issue with proton is lack of focus on the people who use their product and bootlicker CEO tried kisisng pedo king's ring
- They over hype their marketing which can lead to a false sense of security. Reign in the marketing department and present their tools for what they are and they’d be more trustworthy.

You shouldn't "trust" as a basis for security or privacy. Eg for protonmail, Proton can still read your incoming emails if they arrive unencrypted; the only way to avoid that is to send E2EE email, which unfortunately most email is not. You should assume that if they can, then they are.
If you have to use proton for whatever reason (can't afford to pay to self-host things, don't know how to and don't have time to learn, etc), it's perfectly fine for everyday use for things that are not particularly sensitive ie you don't have a highly resourced state actor actively trying to obtain that data. Just always keep the first thing in mind. Too many people treat anything that calls itself "encrypted" as a silver bullet.

Proton just completed their SOC 2 Type II audit:
https://proton.me/blog/soc-2

Accomplishments like this are why I continue to trust Proton and remain a paid user.

Gonna be honest after working in the industry and seeing how corrupt auditing is (incompetent auditors, even some auditors getting paid off) these things don't make much of a dent to my decision making.
I say this as someone who pays for Proton.
- Valid to an extent. I've personally experienced various audits whether for ISO, PCI or SOC and the quality of the auditor certainly does vary though I've not encountered one I would consider incompetent; the audits have always been rigorous. I've not personally seen bribery though I have seen where an auditor might relax how aggressively they look for issues over the years of getting to know the people and quality of the company.
I think soc 2 type ii is nice, but I also don't think it really says much about privacy in the context of me trusting what a business will do with my personal data. its been 4 or so years since if done an soc audit, so please correct me if I'm wrong. From what I recall its primarily geared toward security in general and when they say privacy, they mean securing your data from use unauthorized by the business.
The distinction im making here is that, from what I recall, soc 2 type ii says nothing about what can be done with your data (e.g. selling data to brokers, training ai, targeting ads, unclear/communicated eula changes, etc.). During these, and most other, security audits you can make business arguments as to why you should be exempt from various security mechanism or configs. These systems also don't protect from techno fascist douchebaggery like feeding the government information on individuals without warrant or just cause, to assist in targeting minorities or activists for example.
To be clear, I use proton, I think its great, and MOSTLY trust them with my data. I do also like that they got soc 2 type ii, i wasnt aware till now so thanks for the heads up. I'm not accusing or trying to infer any wrong doing either. Mostly trying to point out this doesn't resolve potential abuses some folks may have concerns about after ceo/board member/whateverthefuckingtitleis drama.
Thanks for coming to my ted talk...

I think you can trust the operational side of it. I don't think they've had many detrimental oopsies, the services work. I used them for a year and then jumped ship. One reason is the favorable comments by their CEO about the 47 administration, which I didn't like. Another reason is the nitty gritty - they don't clearly advertize what's part of what package and I felt that was by design to get you to upgrade. And they definitely see themselves as a basket for all of your eggs. If you are moving there because you want to degoogle your life you end up just protonizing it. It's better to spread around your stuff so you're not dependent on one provider. If you just want a good VPN and don't care about the rest of their services and the politics, you could make worse choices.

I want to boost this approach. At first I just whole sale swapped to the full Proton Suite as a G-Suite replacement. But I quickly decided I did not want all my eggs in their basket, so I kept their VPN because it’s got good interfaces for mobile while also playing nice with OpenVPN on Linux, and then I’ve used other solutions for email and cloud and such, self hosting wherever possible.

I was actively looking to move my family over there.

When the CEOs spouted his Trump BS it made me look a little harder.

I see that they've doxed an activist.

They claim to be open source and then as you drill down you find out that some of their stuff is open source and some is not.

Switzerland looking at amending their privacy laws to further force companies to log and dox VPN users. Proton claim they would be willing to move the company outside of Switzerland if these laws take effect but will have to wait and see I guess.

There's a crap ton of either PR or fanboying going on for this company. I really want to see them get their shit together but you can't just discount this stuff like it's not happening. 400 people running around going I have never had any trouble with them privacy wise, and I don't think they all sell any of my data, It's not a good indicator of a company's privacy prowess.

I think we have good enough reason not to trust the CEO from his Twitter, and I think their marketing department is slimy as shit. I think the country they're based out of is going to force them to comply with too many court orders.

I'd say there less likely to market your data than Google/Microsoft. But they're also less likely to anonymize it correctly if they do so. Since Google runs their own ad network they don't need to sell your private data to other people to use it to market against you.

If Trump called up Andy Yen and asked him for a name, home address, IP address, phone number, and credit card mapping for all of his users he would fall over himself to provide that for hopes of a government contract. That doesn't sit well with me for a privacy concept.

If you're not worried about being doxed by a state agency, and would just prefer your data not be sold rather than it being a absolute critical thing because they might not sell your data, there definitely good enough.

If you're a little worried about putting all your eggs in one basket and want to be able to move from company to company without turning the world over, I would look at tuta and disroot, mulvad and backblaze. Or maybe even self-hosting nextcloud for the storage component on one of those services that allows you to just spin up nextcloud on a vps with single click.

For what ? Security or anonymity ? Likely yes for the first but no for the second. For example

https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification

People get their panties in a twist over this one, but they still operate within the law. What should they have done here, not complied? It’s a court order, from their country.
- I think OPs question is still relevant in that context. Does that case reduce their effort towards privacy? I believe the answer is yes.

Swiss have one of the strongest privacy laws and Proton is pretty save to use.

This is absolutely not the case. Swiss courts compel them to act on whoever asked them for information they've doxed activists. https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification
Edit: more
https://cybernews.com/security/proton-considers-relocation-from-switzerland/
- Can you list countries with stronger privacy laws that woud not have forced Proton to provide this information to law enforcement of a friendly country?
Laws don't mean shit when it comes to national security issues and everything is a national security issue nowadays.
Also, Swiss are changinge their national security laws and proton is looking to move some servers out of there so how good these laws really are?
Proton is good for to ZK encryption that has yet to be debunked.
- Iirc just reading proton's own stories page showed that they keeled over for any and presumably every request that came their way.
Not for long: vice

run mailbox.org bring your own encryption

- i use them there good my only issue is some of there docs dont have good english versions but other then that there great and they support custom domains
- Just switched there from Tuta. I was having a lot of issues with the mobile app being slow. So far everything is working well and they also offer storage and video chat

the ceo is potentially fascist. they might be ok now, but there's no way to trust it long term if that's what you are hiding from.

if you are coming from gmail or hotmail its gonna be better, but that's kind of a low bar.

Is there more evidence for that aside for a single tweet made after the election?
- no need for further 'proof' of something he just up and said himself in a couple of tweets. with a service you don't host yourself, you have to trust they won't do funny business.
  here is the thing: you should be questioning that trust when their ceo feels like publicly praising a fascist who is already doing a lot of damage to whats left of the privacy he was supposed to uphold. it goes without saying but total surveillance and open fascism won't do well to mix.
  because of that even if the dude is doing that by ignorance (and time may tell anyway), the trust in their decisions is still eroded, except its out of ignorance instead of malice.
- https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification

It's a corporation, so, no.

You need to specify what you want an alternative to, as Proton hosts a lot of services.

OK then, what alternative do i have to Proton Mail?
- Murena Mail (Workspace, with several apps, similar to Google Docs, but better) is also a good choice. Murena products rely on open-source software, including the deGoogled operating system /e/OS and NextCloud, partner companies, among others, Fairphone. EU
- Tuta are better, but not much. They've been getting worse every year.
  I switched to Disroot early this year and it's been smooth sailing. They're not a corporation, and I can talk to them directly and not some dumb outsourced support staff.

Depends on your threat model. What are you defending against?

I am defending against anyone that uses my data for non-essential purposes. Well, not all non-essential purposes; i mean ads, personalization, AI, selling it for profit, etc.
- Then Proton should be fine. As far as I know, they don’t sell user data.
  Of course as soon as you send an email or receive it from someone else, there’s a chance it will be mined, but while it’s ”at rest” on Proton servers it should fulfill your model just fine.
- To my knowledge Proton doesn’t sell your data and there were no leaks in the past. It is also true for a lot of its competitors though.
  Note: I use Proton for some things.

That depends on your risk tolerance, which is a decision you have to make yourself.

The real question is, where do you draw the line. You can even make a convincing case that gmail can be trusted with your data. Actually, many people feel that way, so it’s not a bizarre or rare stance. Alternatively, you can also say that self hosting everything is the only way to be sure.
- Yup. I've weighed the costs and benefits, and I'm still using Gmail myself.

I think they are trustworthy and the sexy alternative to Gmail. I've been testing both Proton and Tuta as my replacement. Proton is more expensive, but provides more services. Tuta is smaller, cheaper and gives off a user centric vibe. Proton seems to be emulating bigtech a bit too much with their release of a privacy chatbot today. I'm personally leaning towards keeping Tuta over Proton.

I trust Proton's privacy aims as much as I can trust any corporation, which is to say very little but way more than Google. I do feel the company prioritizes privacy and eg. bases itself in countries with privacy respecting laws (hence leaving Switzerland after their recent legal changes that risk privacy). I think this is a more important signal than the CEO's tweet supposedly favorable to Trump (which I dont like but also dont find damning enough to override their commitment to privacy).

When I researched alternatives after leaving Google I ended up choosing Proton (I also considered Tuta) for Mail & Calendar. For me they are the best option for privacy and usability, and something my non-tech family can use, which is a major win because otherwise they would not be able to leave Gmail.

I dont use their other services because I don't want to put more eggs in the same basket.

https://techstory.in/proton-mail-faces-backlash-over-claims-of-political-neutrality-amid-ceos-praise-for-republican-party/

It’s fine, closed source is fine. Trust us bro

All Proton apps and services are OpenSource.
This article is somewhat biased, yes, they handled out an IP of an to the authorities, this is mandatory for every service in a criminal investigation if there is an court order present, they must give the data which they have about the user, even Lemmy must do it if there is an court order about an user. Any service in the web must fullfit the laws of the country in which it's operating. This has nothing to do with privacy or trust about the service, also not if it is OpenSource or Proprietary. A service also can't avoid that it is used by republicans in the US, or that one of the employees is a right winger. The CEO of the Brave Browser (FOSS) as example. Can Lemmy avoid that an Nazi use it in a own instance?
- Their LLM is not

I recently moved away from Gmail and when I was researching what my new email client would be I considered Proton seriously for a while. But what I realized is that the privacy aspect of it is pretty much useless unless everyone you are communicating with is also using Proton. I went with iCloud, it’s free and it’s good enough for my use case.

My main issue with iCloud is that it’s American and that they may open my data to institutional monitoring upon request. Great in general, but it’s not designed for privacy.
- may open
  its worse, snowden has already leaked they do open it.
- Use Filen, it's a German cloudprovider, encrypted, zero knowledge and 10 GB for free.