I’m trying to get rid of my Google dependency and one of those steps was moving over to Protonmail. Now in the past few days i have been picking up signals that even Protonmail is not as clean as it might be.

Does this really impact the privacy of how i use email and so is moving to Protonmail a step forward from Google, or is Protonmail just as bad?

If so, what could be alternatives?


edit:

Some of the alternatives being mentioned in the comments are:

Email:

VPN:

edit 2 (2023):

There seems to be some new activity around this post. At the time of writing the post (2 years ago) there were some stories going as user @UnfortunateShort described in their comment. This made me question the best options available at that moment. Currently i am still a Proton user, using their Mail and Calendar service, and Mullvad for VPN.

  • CriticalResist8@lemmygrad.ml
    link
    fedilink
    arrow-up
    1
    arrow-down
    2
    ·
    4 years ago

    Protonmail is just the “latest” (it’s been open for a few years now) in the technocratic “online privacy” bubble. They probably willingly give backdoors to the NSA.

    Basically they sell you the peace of mind, not really any actual security as far as anyone can tell. Until their code is open-source and can be independently reviewed, it’s worthless. That they are based in Switzerland doesn’t mean much because backdoors are meant to be secret. Like in any other country, there is no official organ in Switzerland that will evaluate your app and say “yes, this app is secure. We give it five stars”. However if you find they don’t respect Swiss law you have to open a lawsuit, retain a Swiss lawyer, travel there for the court date, and at that point you start to realize they’re based over there more to protect themselves than you.

    There has been another encryption company operating since the 50s in Switzerland that was somewhat recently found to just be a front for the CIA. So clearly being based in Switzerland is not a gage of quality.

    Their support of the Hong Kong protest was also kinda suspicious because as far as I’m aware, they’ve never been that interested in any other event. And it wasn’t just a press release that gets picked up by a few hobbyist magazines; it was a full-length email sent to every protonmail customer, even those like me who hadn’t used their account in years.

    I also just read that ProtonMail would start using Google infrastructure. While the actual usage of Google’s services would be “limited”, again Proton does not explain the exact nature of this partnership and which services will be routed through Google.

    I don’t believe there is any way to be completely secure on the Internet unfortunately. Snowden showed how far backdoors run. So whether you want to keep using protonmail is up to you, but outside of a decentralised p2p system, I don’t think we could fully be anonymous and secure. Maybe though it would be possible to open your own email service – you just have to rent a space on a shared server like you would when hosting a website, and then encrypt it if possible… or open your own mail server in your basement lol. Email doesn’t consume a lot of resources.

    • Axaoe@lemmy.ml
      cake
      link
      fedilink
      arrow-up
      3
      ·
      4 years ago

      I’d argue that this:

      Basically they sell you the peace of mind, not really any actual security as far as anyone can tell.

      Is demonstrably false, as their encryption methods for emails at rest as well as other options (PGP) are tested. They’re also upfront with their threat protection model ("the ProtonMail threat model document specifically states that, “we cannot guarantee your safety against a powerful adversary.”) and as far as coming from Google or another free provider is concerned are a definitive step in the right direction. A good overview if OP is interested is this writeup here: https://www.techspot.com/news/82776-protonmail-review-secure-email-really-secure.html

      Personally I’d be hesitant to recommend self-hosting email unless really necessary (since that has it’s own risks/threat model) and think OP would do well to start off with Tutanota or Protonmail.

      As an aside if we’re alluding to Protonmail being a honey pot with the Hong Kong riots I’d rather see it stated as such; this is the second place on Lemmy I’ve seen such criticism levied when a company that has a privacy/security based product and did a statement on the protests and I don’t find it that suspect that they would be interested in furthering their brand or “putting their money where their mouth is” by coming out in support of anti-censorship/CCP measures.

      • dengismceo@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        4 years ago

        Hong Kong riots

        support for the riots is not “support of anti-censorship”. it had nothing to do with censorship. a brief summary of how things began:

        1. a man murdered his pregnant girlfriend while on holiday in taiwan
        2. taiwan wanted the man extradited to face charges but hong kong did not have an extradition treaty with taiwan
        3. an extradition bill is introduced in hong kong listing 46 crimes for which extradition may be requested by taiwan, macau, and the PRC. nine crimes listed were financial (these were later removed)
        4. angry rich kids realized they would not be able to commit the same financial crimes their parents did

        it was never about being censored. it was about wanting to continue to exploit others without consequence.

        protonmail didn’t just “come out and support” the color revolution by merely making a statement. i’m not making the assertion that their support means that they are a honey pot. i am asserting, however, that their support means that, unlike their claims, they are decidedly not “pro-freedom” (unless, of course, their definition of “freedom” is getting away with murder).