I use ProtonVPN and ProtonMail.
Proton in my mind is one of a few trustworthy VPN providers.
However i’m not fully convinced that proton is infact legit…
After all swiss law enforcement cooperates with authorities from other countrys like the us.
Swiss law enforcement can force proton to hand over any information they want.
Mental Outlaw made two critical minded videos on proton, have you seen them?
What do think?
You don’t think he would need some form of evidence for the claim to be taken serious?
This is from the privacy policy, they make it pretty clear that they are going to honor a warrant. They are telling you not to use their service if you are going to commit a felony, or at least you are warned about what is going to happen.
We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Proton’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company. Under no circumstances can Proton decrypt encrypted message content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in our transparency report.
Also, this is worth reading
https://twitter.com/tenacioustek/status/1434604102676271106
The thread is by Etienne Maynier, who had the international warrant from Europol and Proton was forced to work with law enforcement.
Now, of course Protonmail has to comply with Swiss law, but is that what you mean by “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”
He knew they would have no choice, he just wanted the company to remove the “no logging message” from their website, which they did remove.
And goes on to say this
This thread got a lot of attention so let me add this: building privacy preserving services is hard, I definitely think @ProtonMail should be more clear with the risk of being forced to have IP addressed logged but let’s not throw the baby with the bath water here.
Following a warrant, and being law abiding is a good thing.
For starters if they didn’t follow the warrant, to the best of their ability, do you know what would happen? They would get shutdown. Then they wouldn’t be able to offer the services they do, and make money. It is a business, after all. A useful business, that provides a good service.
If they were not law abiding, what do you think would happen? They would immediately be more dodgy. People would not trust them with their data, nor their security standards. It’s like renting a house, from a known burglar. It’s just stupid.
So what’s the alternative? Have good security, and privacy practices, while being law abiding. Helping when able, but due to how things work, you can’t help as much as your competitors. A compromise worth taking.
They will only cooperate if Swiss law if broken or if the Swiss courts agree with the request. Plus, Proton fights a lot of these requests and publishes a transparency report (which details all the legal requests they have received.)
It is legit and all of the points I would make have already been pointed out by @OrwellianDenigrate.
One of the points I strongly agree with is:
Without evidence to back up their claims, their claims should be ignored. If they find evidence to back up their claims, then their claims should be re-considered but only if they find concrete evidence which supports their claims.
What sort of evidence would satisfy you that ProtonVPN is not a honeypot?
@Blurb5778
Following a warrant, and being law abiding is a good thing.
I must disagree with this statement.
Entirely deepends on the law.
Abiding law in democratic countrys, yes.
Abiding law in dictatorship (china, russia, northkorea) is by no means good in any way.
Protesting for freedom is against the law, so what you will abide? I won’t.
No worries i think i understood how you ment that statement, still i had to say this.
Also @OrwellianDenigrate
He wanted the company to remove the “no logging message” from their website, which they did remove.
It’s sad that they even promoted this false statement in the first place, this is exactly why i’m curious if proton is legit or not.
This is not a claim, this is a fact, there is evidence of a false statement made by proton.
Thanks for the transparency report, i knew they had one but never saw it.
The thing is, there is no way to know if this report is trustworthy or not, it could be manipulated, propaganda.
Again… i’m not saying that this is the case, i don’t even think it is, just curious.
@Acolyte
What sort of evidence would satisfy you that ProtonVPN is not a honeypot?
Well, i’m just thinking why proton had these false statements on their website.
Also, mental outlaw makes great videos (doesn’t mean everything he says is correct) but alot of things surely are, just as i watch techlore i also watch mental outlaw, both of them promote privacy.
So if mental outlaw misstrusts proton i should atleast take a moment to think about it.
You have to be purposely obtuse, if you think “no logging”, which only was false in some very specific cases, is evidence that Proton is a honeypot.
“Mental Outlaw” on YouTube is ill-informed about email protocols. For example, in the video @FreeMind shared titled “Is Proton Mail Really Private, Secure, and Anonymous?”, he wrongly states that email between different providers such as ProtonMail and Gmail must be sent in plain text and cannot be encrypted, such that “anybody’s who’s sniffing the traffic…is going to be able to see the plain text.”
The great majority of non-spam email is encrypted in transport such that anyone who’s sniffing the traffic will see only ciphertext. The German email provider Posteo explains this and even provides users the option of rejecting emails sent without TLS:
He suggests to build your own email service. Which you can of course, and I can bet 10 grand I probably find a publicly avaliable a shell script to pwn you. The truth was that Proton was forced by Europol to give up the ip adress of the climate activist(I hate em). The truth is vastly exggarated with bits of bad advice and false information. Proton is NOT a honeypot.
It was a false statement there’s nothing to be said which could change that.
I never said that the false statement they made is evidence that proton is a honeypott, your’e making things up now.
I said there is evidence of a false statement made by proton, which made me question their intensions, that’s all. Maybe it was just for the marketing, maybe they promoto false privacy while they are just after the money, that’s what i tought.
Interesting, i didn’t know that either.
Maybe he just said it this way to make it sound simple for the masses, or he doesn’t now.
As far i’m concerned, mails between protonmail to protonmail are encrypted and only protonmail themselfes are able to gain access to metadata / conversation content.
If protonmail sends a mail to gmail, i don’t know if that is encrypted or not (i asume it is from what you said), but gmail will still see the full content of the email and process it trough their analytics bullshit.
Alright, from reading the comments so far it seems everyone trusts in proton.
Building your own mail server but for what it costs money and if you send mails to for example gmail as i said in my last reply, google will still see the full content and process it trought their bullshit analytics service. Unless you need your own mail server for whatever, i think the normie is fine with proton?
Proton is built to be an accessible privacy-focused Google alternative, IMHO it is suitable for almost everyone as it is one of the best options out there. As long as you are not fleeing from a government, you should be safe using Proton. Even at that, Proton offer a Tor site for users who want even more anonymity. If you need extreme privacy then, IMO, just don’t use email.
It is not encrypted from Proton → GMail. You can however send a ‘Password-Protected email’, which basically sends a link to the recipient and they will enter a pre-shared password. This allows you to send ‘encrypted’ emails to non-Proton users. The main downside to this however, you need to find a secure channel to share the password on.
Proton onion is another reason to misstrust them, the registration is a joke.
You register on .onion and it redirects you to the clearnet, wtf?
With respect to email between Proton and Gmail, it is encrypted via Transport Layer Security (TLS), which is different than end-to-end encryption. This helps to protect against mass surveillance.
Since you don’t trust Proton, don’t use them. But there’s no convincing evidence that they’re a honeypot.
In my experience it doesn’t do this. I have heard of people complain about this in the past but it seems to be fixed now.
This doesn’t prevent Google from seeing the emails. It will only help against other parties trying to read your emails while in transit. So it isn’t encrypted when it reaches Google’s servers.
Yes, precisely.