Comment

Comment on Standard notes: what about don’t put all your eggs in one basket rule?

gamedeviancy@discuss.tchncs.de ⁨7⁩ ⁨months⁩ ago

Ok, but what does it mean, is that, when proton will be compromised, all of your data also can be compromised. When we have our data divided between different independent services, compromising one does not mean violating the others.

source

Sort:hotnew top

Imprint9816@lemmy.dbzer0.com ⁨7⁩ ⁨months⁩ ago
This whole line of thinking seems to be based on FUD more then anything else.

There is no evidence or reason to believe some major compromise of proton will happen.

source
- gamedeviancy@discuss.tchncs.de ⁨7⁩ ⁨months⁩ ago
  No, I’m not saying that I don’t trust proton at all. I think that they have great services but as I wrote in the title - don’t put all eggs in one basket.
  
  I think I won’t trust any company with holding ALL my data.
  
  source
  - Imprint9816@lemmy.dbzer0.com ⁨7⁩ ⁨months⁩ ago
    If all your eggs are encrypted, having those eggs in one basket or five doesn’t matter from a security perspective. Its the same reason you wouldn’t split up your passwords to multiple password managers.
    
    source
    LWD@lemm.ee ⁨7⁩ ⁨months⁩ ago
    There’s a lot of metadata Proton passes around, and two of their oldest flagship products (email and VPN) require you to put a lot of trust in one company. For email, you trust them to encrypt them without snooping. For VPN, you trust them to not collect logs about where you’re going.
    
    And in the former case, they were compelled to give up at least a little data in the not-so-distant past.
    
    source
    -> View More Comments
- furrowsofar@beehaw.org ⁨7⁩ ⁨months⁩ ago
  All security is porous. So there is every reason to believe that Proton or any other org will have a major breach at some point.
  
  source
  - Imprint9816@lemmy.dbzer0.com ⁨7⁩ ⁨months⁩ ago
    “All security is porous” is FUD pure reasoning and completely disregards the security audits Proton does to make sure its not anything like lastpass.
    
    You are also assuming if proton was breached that it means all encrypted data would be available to the malicious party which is also extremely unlikely.
    
    source
    furrowsofar@beehaw.org ⁨7⁩ ⁨months⁩ ago
    Security audits do not guarantee security. They are just the best we have. Just as code reviews do not guarantee good and trustworthy code. In the end, we do not know what we do not know. In the end, every system has its weaknesses.
    
    Sure I believe Proton is a reasonable supplier. Even with that Proton for example is on the record of giving out user info to governments. I am sure they did not meet the expectations of that activist.
    
    source
    -> View More Comments
cyborganism@lemmy.ca ⁨7⁩ ⁨months⁩ ago
I don’t know about that. If I use Google to sign in to different separate services, if my Google account is compromised, then so are all the other services, no?

If they’re all independent services then it becomes a hassle. Having to have multiple apps or accounts to manage.

You make a valid point, but I think there should be some kind of middle ground between the two.

source