Comment on Standard notes: what about don’t put all your eggs in one basket rule?
furrowsofar@beehaw.org 7 months agoAll security is porous. So there is every reason to believe that Proton or any other org will have a major breach at some point.
Imprint9816@lemmy.dbzer0.com 7 months ago
“All security is porous” is FUD pure reasoning and completely disregards the security audits Proton does to make sure its not anything like lastpass.
You are also assuming if proton was breached that it means all encrypted data would be available to the malicious party which is also extremely unlikely.
furrowsofar@beehaw.org 7 months ago
Security audits do not guarantee security. They are just the best we have. Just as code reviews do not guarantee good and trustworthy code. In the end, we do not know what we do not know. In the end, every system has its weaknesses.
Sure I believe Proton is a reasonable supplier. Even with that Proton for example is on the record of giving out user info to governments. I am sure they did not meet the expectations of that activist.
Imprint9816@lemmy.dbzer0.com 7 months ago
My point is Proton did something every legit business would do.
If your threat model is such that governments are going after you, you should be aware enough to not create an email with an IP that identifies you.
furrowsofar@beehaw.org 7 months ago
Well that is the point isn’t it. Companies are not very reliable. The only thing they can be relied on to do is whatever butters their bread and that can change at any time. There is also a PR component and a fact component and they do not always agree.
Proton is really no different. I seem to remember they changed what they said on their website after outing that activist. Presumably to be a little less misleading. Again, I am impressed with Proton but not infinitely impressed.