No they’re not. They can’t even finish a single solution, let alone actually make anything functional when you’re not using their proprietary servers. They’re becoming Microsoft.
A SaaS solution that claims to be private but won’t provide the backend code to prove it. You don’t find it at all suspicious that they claim releasing backend code would make it less secure? What kind of security product is not open for inspection? The same kind of “security” you get from Microsoft.
I imagine it probably is inspected, just not by the public. They probably do it themselves.
And they may have contracts with certain companies specializing in this sort of security that also inspect it.
And there’s also the cybersecurity companies that test it whether they’re contracted or not. At some companies, their entire job revolves around finding bugs (especially security bugs) in other companies’ software.
Just because it’s not on GitHub doesn’t mean it’s not a good product that hasn’t been thoroughly tested.
You don’t find it at all suspicious that they claim releasing backend code would make it less secure? What kind of security product is not open for inspection?
No, because Proton has 3rd party audits all the time and they share the results openly.
So, if you want to have any sense of a service respecting you, it should be hosted on a server you can control?
No difference at all between the server of the world’s biggest advertiser and a server by a company that opens itself for audits and is in a country whole laws require no bullshit? Are you sure those two are the same? All or nothing?
Because their primary audience is those gullible enough to believe they somehow can’t read your messages, yet they can easily capture your private password.
It is entirely possible to keep secure data on a server that only someone else with the password can access. They don’t store your password in plaintext, they don’t test whether what you typed is the same thing they keep on their servers. If the password works to decrypt your data then your client can read the emails. If not, your client gets gibberish and knows your password was wrong. With a secure system our password should never be sent to the server at all.
Now, that doesn’t mean it’s trustworthy. There could be holes in the security, and I certainly would feel better controlling my own server, but it’s not automatically insecure just because it’s hosted by them.
timewarp@lemmy.world 5 months ago
No they’re not. They can’t even finish a single solution, let alone actually make anything functional when you’re not using their proprietary servers. They’re becoming Microsoft.
micka190@lemmy.world 5 months ago
Gee, it’s almost as if that’s the whole point of an ever-evolving SaaS platform.
slooopy_potatoe@lemm.ee 5 months ago
Releasing unfinished products and expect users to just make do while they launch the next product can’t be the solution either.
micka190@lemmy.world 5 months ago
Then it’s a good thing all of their products are fully functional and working as advertised, I guess.
timewarp@lemmy.world 5 months ago
A SaaS solution that claims to be private but won’t provide the backend code to prove it. You don’t find it at all suspicious that they claim releasing backend code would make it less secure? What kind of security product is not open for inspection? The same kind of “security” you get from Microsoft.
Gestrid@lemmy.ca 5 months ago
I imagine it probably is inspected, just not by the public. They probably do it themselves.
And they may have contracts with certain companies specializing in this sort of security that also inspect it.
And there’s also the cybersecurity companies that test it whether they’re contracted or not. At some companies, their entire job revolves around finding bugs (especially security bugs) in other companies’ software.
Just because it’s not on GitHub doesn’t mean it’s not a good product that hasn’t been thoroughly tested.
deezbutts@lemm.ee 5 months ago
Yeah because enterprises primarily use a ton of open source security tools…
ಠ_ಠ
micka190@lemmy.world 5 months ago
No, because Proton has 3rd party audits all the time and they share the results openly.
Cyberjin@lemmy.world 5 months ago
All Their services are online based right? I don’t understand why using their proprietary servers is an argument here.
claudiop@lemmy.world 5 months ago
So, if you want to have any sense of a service respecting you, it should be hosted on a server you can control?
No difference at all between the server of the world’s biggest advertiser and a server by a company that opens itself for audits and is in a country whole laws require no bullshit? Are you sure those two are the same? All or nothing?
Cyberjin@lemmy.world 5 months ago
Was that reply for me?
timewarp@lemmy.world 5 months ago
Because their primary audience is those gullible enough to believe they somehow can’t read your messages, yet they can easily capture your private password.
Excrubulent@slrpnk.net 5 months ago
It is entirely possible to keep secure data on a server that only someone else with the password can access. They don’t store your password in plaintext, they don’t test whether what you typed is the same thing they keep on their servers. If the password works to decrypt your data then your client can read the emails. If not, your client gets gibberish and knows your password was wrong. With a secure system our password should never be sent to the server at all.
Now, that doesn’t mean it’s trustworthy. There could be holes in the security, and I certainly would feel better controlling my own server, but it’s not automatically insecure just because it’s hosted by them.