Comment on Alternative to Gmail? I currently use my own domain for email, but i miss the priority inbox
CTDummy@piefed.social 3 weeks agoAre you basing this on anything? I agree with another poster that proton being the go to alternative is somewhat suspect in my paranoid brain but some of these remark here seem pretty outlandish.
https://discuss.privacyguides.net/t/proton-mail-discloses-user-data-leading-to-arrest-in-spain/18191
Before that: https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/
There are many, many more cases we don’t hear about in media.
If you consistently connect to Proton via I2P or tor and don’t link a phone number or tracable recovery mail, you’re covering up at least some of the juicy metadata.
Thanks for the links, the recovery email aspect was covered in the initial comment old mate was replying to. I was more interested in if the hand your ass over remark had anything to do with the “they cant read your emails”/encryption part. The second link is very interesting though:
After providing the activist’s metadata to Swiss authorities, ProtonMail removed the section that had promised no IP logs, replacing it with one saying, “ProtonMail is an email that respects privacy and puts people (not advertisers) first.”
Auhorities in other European countries are known to MitM SSL certs at VPS providers for years already. Switzerland is moving their legislation towards the EU direction. Proton themselves have been vocal about their concerns about this.
How long until someone realizes they can demand Proton to inject some extra JS into the webmail for desired targets? Folks in a sensitive situation should follow the established best-practice of not relying on browser JS for PGP email. To be safe against this vecor, handle your encryption and signing outside of the webmail; either in your own client or copy/pasting.
Fuck that is depressing. I had hoped I’d be able to pay for a service and not worry about this shit to avoid the hassle of self hosting. Very informative thank you.
Google it.
Burden of proof is on you.
No it isn’t.
Actually it is. You are the one saying not to trust the service.
Ok, please present us the material that causes you to mistrust.
How about you google burden of proof? Like the other user said burden of proof is on the party making the claim. It’s not on other people to prove the claim wrong by doing research for you.
green_red_black@slrpnk.net 3 weeks ago
Proton has been involved in some situations but it’s like the scenario I provided.
Accounts having an unencrypted line of entry “we can’t get the information off the Proton Server but the account is connected to a Google server so let’s go to Google instead.”
Or Proton not particularly putting up a hard fight against a government request. (Mind you no information is being handed over just an account being turned off with no means to recover)
CTDummy@piefed.social 3 weeks ago
Sure I saw yours and accept that, but “hand your ass over” doesn’t equate to “complies minimally with legal request they have to in order to remain functioning as a business” in my book.