If you want to read about how Proton is the king of privacy, there are literally hundreds of thousands of webpages available.
There are far less sources that give the other side of the story.
So suck it up.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Proton Drive Encrypted Cloud Storage App Now Available for Mac
- Thread starter MacRumors
- Start date
- Sort by reaction score
If you want to read about how Proton is the king of privacy, there are literally hundreds of thousands of webpages available.
There are far less sources that give the other side of the story.
So suck it up.
You should read your own links to "see what you're getting into" instead of scanning headlines.Good to know what you’re getting into:
Lesson Learned from ProtonMail Incident: Do Not Pay Cybercriminals - Wiadomości bezpieczeństwa | Trend Micro (PL)
End-to-end encryption email service ProtonMail learned a costly lesson about cyber ransom tactics: just because hackers demanded a ransom, it doesn’t mean the attacks are going to stop once you pay up.www.trendmicro.com
ProtonMail Code Vulnerabilities Leaked Emails
Twitter @Hackread - Facebook @ /Hackreadwww.hackread.com
#1 is a DDOS attack on their IPs which has nothing to do with their security/privacy.
#2 starts with......
So you can't fault Proton for being a moron.
It's kind of nonsensical to say they can get a blob of data that's encrypted.
If it's encrypted it means they don't have the data.
I hope it happens this fast. Imagine if we can get into all NSA and CIA servers and all Congress servers, and all Senate servers and have complete oversight what all these nefarious actors are up to!
Anyway back on topic:
It's very important they are located in Switzerland!
It doesn't matter if you keep encryption keys safe when they simply shut down your company, raid your offices, throw your leadership team in jail, and eventually find the encryption keys anyway.
To be safe, you have to be in a Jurisdiction where that can't happen - far from the reach of the US authorities. The USA is a banana republic, no different from China or Russia when it comes to these things. There's no justice, recourse, law, or jury that can protect you.
Before proton mail, there was some american guy who had a secure email service - I forgot the name now but same idea. The US government shut him down and forced him to hand over the keys. Which eventually he did by printing the key over many pages and hand delivering the papers to the FBI... he was a one man shop, but even if he'd been a bigger corporation, the government will just shut you down anyway.
Stop. Your naivety is dangerous to yourself, and evangelizing won't soothe what ails you. A blanket statement like this is a lemmings meme taught by the corporate overlords that want to cleave you from your self determination and personal freedom. Its obvious to anyone that these private for profit companies are the daily, imminent threat to all aspects of your rights and privacy. Its a rhetorical failure to try to equate warrant searching with data harvesting and corporate incompetence, and even malfeasance.
There will always be laws and government in a functioning society. Only governments have the tools to help folks like you, who are frequently their own worst enemies. And we haven't assigned you the credibility to state unequivocally the "govmint" is the threat unless you can cite some specific case you law or personal injury you were a party to and have first hand, convincing argument for. We're all ears. In the meantime, the corporations fail your test daily, in headlines so numerous we don't even read them anymore.
No, what is more likely is that you are conflating your need to hide your activities presumably because they are not just "private" but likely untoward and possibly legally dubious, and simply concocting a victimhood narrative to disguise yourself by blending in, and stealing it from those with authentic experience of having actually been harmed by their government.
Last edited:
You don't know how good you have it. When I was a young man, a boy really, my government (the U.S.) grabbed me out of college, sent me 1,200 miles from home to a forced labor camp in San Antonio for 6 weeks, put me in a uniform and sent me another 12,000 miles away, where I had to work 24/7 in 100 degree heat and constant rain, for no money (except goverment scrip) for a year. Then sent me home with an opiod addiction to deal with on my own.
But it's not the end of the story. I've heard it said that living well is the best revenge. And I'm getting my revenge. And now that I'm an affluent white geezer, Uncle Sam has left me pretty much alone!
We’ll see - when you quote some sources perhaps. This far it’s your rant about the fact you feel ripped off, and that you feel they’re somehow duping you with ‘things’ when it’s clear what they’re offering and more importantly what they’re not offering.
I don’t care either way. But a rant such as yours isn’t the killer blow you think it is
I don't have time to respond to the entire novel you wrote (so there, you beat me by attrition 
). Just two things:
So if they ever suffer a breach where the attackers obtain access to the credential database (which happens to web sites every day, as proven by all the large password dumps you can find in the darker corners of the Internet), their users are screwed. It would be much better if they let you use a strong password instead of the PIN.
If I had to pick a new email provider, I would prefer Fastmail over Mailbox.org.
And about the "sales funnel": they have over 100 million accounts. They are by far the largest encrypted provider.
). Just two things:The problem is not the IMAP/SMTP access (they use app password for that), but that your main account login becomes a four (!) character PIN plus TOTP code when you turn on 2FA. The TOTP seed key cannot be stored in hashed form on their end, since they need it to verify the TOTP codes you enter. The PIN can be stored in hashed form, but a 4 character "password" is trivial to de-hash.
So if they ever suffer a breach where the attackers obtain access to the credential database (which happens to web sites every day, as proven by all the large password dumps you can find in the darker corners of the Internet), their users are screwed. It would be much better if they let you use a strong password instead of the PIN.
If I had to pick a new email provider, I would prefer Fastmail over Mailbox.org.
And yet, I have zero deliverability issues with them. They also have a domain that only paid users can send from.
And about the "sales funnel": they have over 100 million accounts. They are by far the largest encrypted provider.
Last edited:
I don't need to search. I have it running, and it works perfectly with Thunderbird, especially since they released version 3.
yup also have bridge running on macos, proxying protonmail to my mail desktop client. Zero issues. Fast, efficient, no giimmicks, provides autoconfig for most famous desktop mail clients, doesn't hog computer power or memory or network bandwidth. Not sure what more you could ask for...
….until they are acquired my one of the larger players. Been there done that with Boxcryptor. Pulled the plug on long standing clients with limited notice. Sold out. Not kidding myself, it will happen again. No thanks.
Easily solved with the use of crypomator… you can use any cloud provider. Not that this problem looks to be within their current ethos.
Too little, too late. I would’ve switched to Proton Drive, but now iCloud Advanced Data Protection exists. iCloud is cheaper, has better iOS/Mac integration, has E2EE, why should I switch?
That's wrong! Proton does also have mailservers within Germany - not only Switzerland!
You can find it at their own website: https://proton.me/blog/secure-email-server
You shouldn’t necessarily switch. Perhaps no one is asking you to.
If you use PM then it’s extra storage in the price of your email sub. Nothing wrong with that. I have 2tb of iCloud for convenience and I use Proton drive to securely share my clients portfolio’s to them.
Also calendar, contacts and email aren’t encrypted with e2ee within iCloud, if that’s important for you.
I also use Cryptomator with iCloud, PM and other storage providers’ free tiers to maximise my options.
Doesn’t have to be one or the other, but if it does it’s certainly good to have secure and privacy friendly options.
Having your file server or mail server based in a country other than the US could be a godsend to those worried about governmental overreach and privacy. The US is not a haven for privacy, hence the benefits of hosting your files in a privacy friendly jurisdiction. If that’s what you’re after.
The distinction between Germany and Switzerland is that Germany is a 14 Eyes country (part of an agreement between the intelligence services of 14 countries to share signals intelligence) while Switzerland is not.
Whether this distinction is important or not is a matter of opinion. Some say the Swiss government is not obligated to share its intelligence so email hosted there is more private than a hosting server in an “Eyes” country. Others say it’s a distinction without a practical difference since the Swiss can be easily persuaded to share important signals intelligence with allied nations.
Notwithstanding the NSA’s dragnet that was exposed by Edward Snowden, by virtue of its constitution, the United States has pretty decent privacy protection when it comes to email. If you are on a government’s radar, I’m not sure it matters where your email is hosted.
But from this respect it does very much matter. If you for example, use gmail, then your mailbox can be handed over sans encryption - therefore easily read by whoever. Proton’s is encrypted (others too), by that metric dragnets nor where the mail is hosted maters. Sure - it massively depends on who received whatever incriminating email you send hosts their mail box or whether or not you used some kind of pgp method.
For me it’s a case of advertising and 3rd party sharing in similar manners that I want to avoid. I’m not hiding from govs or whatever - I think it should be a given that no one can read your mails. Email is inherently insecure, but if you must use it (and it’s the only way for many things, then I prefer prudence over some vague ‘well it doesn’t matter at the end of the day’ notion.
Gmail is encrypted at rest. In the US it can only be “handed over” if the requesting party has a warrant. Yes, FISA makes the 4th amendment a sham in many cases, but for most there’s zero threat from the government. And if you do have that threat level, I’m not sure email is how you should be communicating.
Personally, I treat all email as if it is a public message board. So, my point of view is “get a warrant and have at it.”
And, if a rogue Apple or Google employee uses an encryption key to read my email they’ll quickly give up because of boredom. This is the only use case where I can see that services like Proton make sense. There are just too many outside variables involved to rely on Proton or Tutanota if you have a life or death threat level.
I love the idea of end to end encryption. But, for me, I just want a service that isn’t scanning my email in order to create a profile of my on line habits. Right now, I trust that Apple is not doing this. And, the ease of using the iCloud suite of services out weighs the hassle (however small)of using my Proton Plus account. As much as I want to love it, it is going largely unused and I will most likely drop down to the free level when it expires.
Last edited:
In writing this article, I’d think it would be quite easy to compare it to most used cloud services.
Is the only difference (than steep price), the alledged better encryption?
Is the only difference (than steep price), the alledged better encryption?
The higher price is because they are a relatively small company whose only monetization is the money they are paid directly. Their focus is privacy and security first. If those things are the most important things to you they're worth a look. Being in Switzerland should protect you (if it actually matters) from casual surveillance. Keep in mind that it has been shown that if you are an evil international criminal Switzerland will still (rightfully) hand over what they have on you.