this post was submitted on 10 Apr 2024
58 points (100.0% liked)

Privacy Guides

16826 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 

If the owner of the standard notes will now be a proton, doesn't that contradict this principle? I have a proton email account but I don't want it linked to my standard notes account. I don't strongly trust companies that offer packaged services like google or Microsoft. I prefer to have one service from one company. I am afraid that now I will have to change where I save my notes. What do you guys think about this?

you are viewing a single comment's thread
view the rest of the comments
[–] gamedeviancy@discuss.tchncs.de 13 points 7 months ago (1 children)

No, I'm not saying that I don't trust proton at all. I think that they have great services but as I wrote in the title - don't put all eggs in one basket.

I think I won't trust any company with holding ALL my data.

[–] Imprint9816@lemmy.dbzer0.com 6 points 7 months ago* (last edited 7 months ago) (1 children)

If all your eggs are encrypted, having those eggs in one basket or five doesn't matter from a security perspective. Its the same reason you wouldn't split up your passwords to multiple password managers.

That being said the much more likely scenario is that at some point in your lifetime Protons values change (either by being purchased or new leadership) and you have to move on. That's why, regardless of how good a providers security is, its good to have backups elsewhere.

[–] LWD@lemm.ee 6 points 7 months ago (1 children)

There's a lot of metadata Proton passes around, and two of their oldest flagship products (email and VPN) require you to put a lot of trust in one company. For email, you trust them to encrypt them without snooping. For VPN, you trust them to not collect logs about where you're going.

And in the former case, they were compelled to give up at least a little data in the not-so-distant past.

[–] Imprint9816@lemmy.dbzer0.com 4 points 7 months ago* (last edited 7 months ago) (2 children)

It doesn't matter what is being discussed, if its about proton the email incident gets brought up.

Here is the deal. No major company is going to break the law for its users. Had the activist been using proton vpn to create and access their email, Proton would not have had the info they were forced to give up. The takeaway from the story is bad opsec is usually what gets people caught whether its activists or hackers.

Whether you use Proton or someone else you will need to trust that service. If you don't trust them, don't use them. Its that simple, no need for conjured up FUD excuses.

[–] LWD@lemm.ee 7 points 7 months ago (1 children)

I bring up "the email incident" because it's a reminder that Proton may record stuff that's not encrypted, which includes the vast majority of emails.

And it's not to say that you wouldn't trust it with one individual service, but whether it's wise to trust it with so many services at once, from a security, privacy, and even monetary perspective.

Not every concern is FUD, and I think you'll start seeing diminishing returns every time you repeat it.

[–] Imprint9816@lemmy.dbzer0.com 1 points 7 months ago* (last edited 7 months ago)

Not every concern is but ones where concern is based solely on fear and hypotheticals are. This all eggs in one basket line of reasoning is FUD and has no real bearing in reality.

Even this email issue, it really has nothing to do with if you should trust proton in terms of OPs post. If you really believe Proton is going to sell you out, you wouldn't use them anyway and Proton following the laws is something every legit business is going to do, not something specific to Proton. If you have the threat model of an activist you need to careful about your opsec as i explained in a previous comment.

[–] gamedeviancy@discuss.tchncs.de 4 points 7 months ago* (last edited 7 months ago) (1 children)

Had the activist been using proton vpn to create and access their email, Proton would not have had the info they were forced to give up.

What? If protonmail collects any metadata, why do you assume protonVPN doesn't?

[–] Imprint9816@lemmy.dbzer0.com 4 points 7 months ago (1 children)

Proton can see my traffic. I already know that. Any vpn provider you use could. Its not that i trust proton implicitly its that i trust them more then my ISP that would be able to see it if i did not use a vpn. Couple that with their record of audits and im not sure what else you could expect from them.

[–] gamedeviancy@discuss.tchncs.de 5 points 7 months ago

You wrote that if the activists used proton VPN to register their mail account, proton would not have the information he needed to pass on. It's not true cause they would probably have the same metadata about them.