I do think this video lays out a clear case that Proton is not as open and anonymity focused as it could be. While going from those facts to a postulation that it’s a fed honey pot is probably a stretch, to use this as grounds to say “Proton isn’t as trustworthy as they claim to be” seems reasonable.
Proton's trustworthiness requires framing the service properly. First, they only guarantee E2EE for stored data and data between Proton users. Data passing into the general email stream is not protected after it leaves. Second, they don't claim to be anonymous, but "secure and private." You should absolutely expect that you're not anon.
Yeah, I think that’s a reasonable expectation from the service. The notion that it’s an end-all-to-beat-all service is foolish, but when properly incorporated into an otherwise robust personal protection plan, it can probably help with security.
DahGangalang@infosec.pub 1 year ago
That’s fair.
I do think this video lays out a clear case that Proton is not as open and anonymity focused as it could be. While going from those facts to a postulation that it’s a fed honey pot is probably a stretch, to use this as grounds to say “Proton isn’t as trustworthy as they claim to be” seems reasonable.
Thoughts on that line of thinking?
Melpomene@kbin.social 1 year ago
Proton's trustworthiness requires framing the service properly. First, they only guarantee E2EE for stored data and data between Proton users. Data passing into the general email stream is not protected after it leaves. Second, they don't claim to be anonymous, but "secure and private." You should absolutely expect that you're not anon.
DahGangalang@infosec.pub 1 year ago
Yeah, I think that’s a reasonable expectation from the service. The notion that it’s an end-all-to-beat-all service is foolish, but when properly incorporated into an otherwise robust personal protection plan, it can probably help with security.