ew, proton’s back on fedi again and acting like someone’s uncle who just discovered shitposting
-
@hipsterelectron @zzt When I posted that article about the Stop Cop City protestor who got unmasked to my Proton-using comrades they replied that it wasn't Proton's fault they made no effort at all to inform people who paid for their service that their payment details could be made available to authorities in foreign countries and tied to their accounts. They "only hand over data when compelled to by Swiss law," and disclose that info on their transparency report, so it's not their fault that they aggressively advertise themselves as a privacy-focused Google that will never comply with a foreign government's orders and assure you your data is encrypted and protected by Europe's privacy laws and don't include anywhere on the payment page that this is a possible outcome.
@tael @hipsterelectron it’s bizarre how much proton’s remaining users defend them, and how much all of them have the same talking points full of holes they haven’t evaluated. the point about how signal takes payments usually gets them into “well you’re just a hater” mode
and yes weirdly enough I do hate when a company takes money to keep people safe and then sells them out and I do hate when that same company signals loyalty to a fascist regime
-
@tael @hipsterelectron it’s bizarre how much proton’s remaining users defend them, and how much all of them have the same talking points full of holes they haven’t evaluated. the point about how signal takes payments usually gets them into “well you’re just a hater” mode
and yes weirdly enough I do hate when a company takes money to keep people safe and then sells them out and I do hate when that same company signals loyalty to a fascist regime
@zzt @hipsterelectron AFAIK Proton is mostly fine as a service as long as you do NOT pay them for anything and you do NOT give them any personal information (incl. in your account info, pseudonymous ONLY, email headers are public info, only the message body is encrypted) and you do NOT access their website without a VPN (IP address logs can be associated with your account and will doubtlessly be turned over). But at that point they have no particular claim to privacy or security. Which doesn't stop them from claiming it anyway. And none of these disclaimers are provided up-front. Thus luring activists into a honeypot that will ensure they are turned over to fascists. It's just another example of how neutrality does not work, services must be aggressively pro-user, like Mullvad, which DOES warn you when you pay which options are not privacy-friendly.
-
I’m so glad proton is wasting the money I used to give them for expensive email on pointless AI horseshit instead of implementing one of the many ZKP options for payments, so that giving them money doesn’t constitute an account compromise and massive privacy breach
signal considered not linking payments to account activity to be table stakes before they implemented even a single paid feature, and their implementation of their payment mechanism is open source
I mean don’t get me wrong, proton’s posts here are hilarious
no not because they’re recycling tired memes. it’s very funny that after they left fedi (for reddit and twitter, where corporations can pay for friendly moderation) in a loud public huff because their CEO supports fascism and we wouldn’t buy their deflections, they’re back trying to blend in as some dickhead’s awful caricature of what a small instance queer fedi shitposter must be like, purely because Tuta gets engagement here
-
@zzt @hipsterelectron AFAIK Proton is mostly fine as a service as long as you do NOT pay them for anything and you do NOT give them any personal information (incl. in your account info, pseudonymous ONLY, email headers are public info, only the message body is encrypted) and you do NOT access their website without a VPN (IP address logs can be associated with your account and will doubtlessly be turned over). But at that point they have no particular claim to privacy or security. Which doesn't stop them from claiming it anyway. And none of these disclaimers are provided up-front. Thus luring activists into a honeypot that will ensure they are turned over to fascists. It's just another example of how neutrality does not work, services must be aggressively pro-user, like Mullvad, which DOES warn you when you pay which options are not privacy-friendly.
@tael @hipsterelectron exactly, and in addition you have to avoid a bunch of their other features and services:
- lumo isn’t end to end encrypted at all, but you can feed proton drive files into it which decrypts the file and sends it to proton
- their LLM email features leak your email contents to Proton as plaintext when used in non-local mode
- if you’re using their VPN to access their services (as most proton users would), you’re compromisedand of course their no-logs policy is worthless
-
@tael @hipsterelectron exactly, and in addition you have to avoid a bunch of their other features and services:
- lumo isn’t end to end encrypted at all, but you can feed proton drive files into it which decrypts the file and sends it to proton
- their LLM email features leak your email contents to Proton as plaintext when used in non-local mode
- if you’re using their VPN to access their services (as most proton users would), you’re compromisedand of course their no-logs policy is worthless
@tael @hipsterelectron and most of those may be paid features, and there may be more of them (I don’t keep up with proton’s bullshit anymore until they pop up here or in the news) but like what are we doing here? what the fuck kind of privacy and security software grows more sharp edges nobody asked for as it’s developed and if you pay them? why don’t any of the warnings you mentioned exist? who the fuck is this for? certainly not the normal non-technical people I was hoping to email securely.
-
@tael @hipsterelectron and most of those may be paid features, and there may be more of them (I don’t keep up with proton’s bullshit anymore until they pop up here or in the news) but like what are we doing here? what the fuck kind of privacy and security software grows more sharp edges nobody asked for as it’s developed and if you pay them? why don’t any of the warnings you mentioned exist? who the fuck is this for? certainly not the normal non-technical people I was hoping to email securely.
@zzt @hipsterelectron it's the NordVPN/Incogni of the space; a worthless unprincipled bottom feeder which exists to hoover up money from those concerned with privacy without actually protecting them like they claim to
-
I mean don’t get me wrong, proton’s posts here are hilarious
no not because they’re recycling tired memes. it’s very funny that after they left fedi (for reddit and twitter, where corporations can pay for friendly moderation) in a loud public huff because their CEO supports fascism and we wouldn’t buy their deflections, they’re back trying to blend in as some dickhead’s awful caricature of what a small instance queer fedi shitposter must be like, purely because Tuta gets engagement here
@zzt honestly I almost regret blocking them solely because I want to point and laugh at their bullshit
-
@zzt @hipsterelectron AFAIK Proton is mostly fine as a service as long as you do NOT pay them for anything and you do NOT give them any personal information (incl. in your account info, pseudonymous ONLY, email headers are public info, only the message body is encrypted) and you do NOT access their website without a VPN (IP address logs can be associated with your account and will doubtlessly be turned over). But at that point they have no particular claim to privacy or security. Which doesn't stop them from claiming it anyway. And none of these disclaimers are provided up-front. Thus luring activists into a honeypot that will ensure they are turned over to fascists. It's just another example of how neutrality does not work, services must be aggressively pro-user, like Mullvad, which DOES warn you when you pay which options are not privacy-friendly.
@tael @zzt @hipsterelectron As I understand it, Proton doesn't claim to guarantee your privacy, let alone anonymity. What it does claim is that it provides an infrastructure that allows you to achieve better levels of privacy and even some degree of anonymity if you take the necessary precautions. One example is its onion site for email and its recommendation to use TOR in certain threat scenarios. And you'll always come across warnings like this (taken from https://proton.me/blog/protonmail-threat-model)
-
I mean don’t get me wrong, proton’s posts here are hilarious
no not because they’re recycling tired memes. it’s very funny that after they left fedi (for reddit and twitter, where corporations can pay for friendly moderation) in a loud public huff because their CEO supports fascism and we wouldn’t buy their deflections, they’re back trying to blend in as some dickhead’s awful caricature of what a small instance queer fedi shitposter must be like, purely because Tuta gets engagement here
proton’s fedi account, 2025: Due to the misinformation about our CEO spread by mastodon users, the only official communication channels are now Reddit and Twitter.
proton on fedi, 2026: our admin loooooves they live and the room they’re his favorites! don’t trust silly microsoft’s ai! what’s that?
…
No, for the last time it’s misinformation that Lumo is just a normal LLM. It’s private and secure because our blog said it was. Are you calling me a liar?
…i mean uhh lumo’s mascot is soo cute
-
proton’s fedi account, 2025: Due to the misinformation about our CEO spread by mastodon users, the only official communication channels are now Reddit and Twitter.
proton on fedi, 2026: our admin loooooves they live and the room they’re his favorites! don’t trust silly microsoft’s ai! what’s that?
…
No, for the last time it’s misinformation that Lumo is just a normal LLM. It’s private and secure because our blog said it was. Are you calling me a liar?
…i mean uhh lumo’s mascot is soo cute
it feels pretty disrespectful that we’re supposed to fall for this crap. it hasn’t even been that long
-
@tael @zzt @hipsterelectron As I understand it, Proton doesn't claim to guarantee your privacy, let alone anonymity. What it does claim is that it provides an infrastructure that allows you to achieve better levels of privacy and even some degree of anonymity if you take the necessary precautions. One example is its onion site for email and its recommendation to use TOR in certain threat scenarios. And you'll always come across warnings like this (taken from https://proton.me/blog/protonmail-threat-model)
@ecosdelfuturo @tael @hipsterelectron proton appears to be garbage that isn’t for anybody because it does nothing to mitigate any of the known problems with how it handles user data, and you reposting proton’s marketing blog has done nothing to change my mind on that
I also love that the warning you posted doesn’t mention the fucking thing we were talking about, payments being a privacy leak.
maybe you need to spend less time reading proton’s marketing and more time reconsidering your opsec
-
@tael @zzt @hipsterelectron As I understand it, Proton doesn't claim to guarantee your privacy, let alone anonymity. What it does claim is that it provides an infrastructure that allows you to achieve better levels of privacy and even some degree of anonymity if you take the necessary precautions. One example is its onion site for email and its recommendation to use TOR in certain threat scenarios. And you'll always come across warnings like this (taken from https://proton.me/blog/protonmail-threat-model)
@ecosdelfuturo @zzt @hipsterelectron This is exactly what I'm talking about. This disclaimer does NOT make Proton's limitations clear to the user. Here are the many problems with it:
1. The Stop Cop City protestor and the Spanish climate activists were NOT leaking state secrets. They were ordinary targets of state repression. Not Snowden-tier threats to national security.
2. Neither of those victims of Proton violated any Swiss laws, nor did they do anything inside Swiss jurisdiction. Their respective foreign governments petitioned Swiss authorities to hand over their data per the Mutual Legal Assistance Treaty with Switzerland, because in the case of SCC the FBI was (falsely) pursuing RICO charges against them and that made it qualify for the Treaty. This is not disclosed. -
it feels pretty disrespectful that we’re supposed to fall for this crap. it hasn’t even been that long
hey rando mastodon users defending this crap: even if you don’t believe me from an infosec standpoint, maybe there’s better things to spend your time on than reposting excerpts from a marketing blog run by a company whose CEO thinks the Republican Party is pretty cool?
like, maybe there’s better things we can be doing than defending a company that’s at minimum ideologically compromised, if not technologically compromised (though the latter is kind of obvious to me, and they go hand in hand)
-
@ecosdelfuturo @zzt @hipsterelectron This is exactly what I'm talking about. This disclaimer does NOT make Proton's limitations clear to the user. Here are the many problems with it:
1. The Stop Cop City protestor and the Spanish climate activists were NOT leaking state secrets. They were ordinary targets of state repression. Not Snowden-tier threats to national security.
2. Neither of those victims of Proton violated any Swiss laws, nor did they do anything inside Swiss jurisdiction. Their respective foreign governments petitioned Swiss authorities to hand over their data per the Mutual Legal Assistance Treaty with Switzerland, because in the case of SCC the FBI was (falsely) pursuing RICO charges against them and that made it qualify for the Treaty. This is not disclosed.@ecosdelfuturo @hipsterelectron 3. This information is hidden away on Proton's blog and in its transparency report (https://proton.me/legal/transparency). It is not provided when you create an account. You are not warned when you are about to do something that will compromise your privacy, as Mullvad does in the attached image.
This is not sufficient for a company which is founded on privacy and security, like Mullvad and Signal are and which hold themselves to a higher standard. Many, many activists who are victims of state repression use Proton, and Proton specifically advertises that Swiss law prohibits them from aiding these repressive states *for that reason*. They are courting these users by misleading them. That, in addition to all the problems @zzt listed, makes their conduct unacceptable.
-
@ecosdelfuturo @hipsterelectron 3. This information is hidden away on Proton's blog and in its transparency report (https://proton.me/legal/transparency). It is not provided when you create an account. You are not warned when you are about to do something that will compromise your privacy, as Mullvad does in the attached image.
This is not sufficient for a company which is founded on privacy and security, like Mullvad and Signal are and which hold themselves to a higher standard. Many, many activists who are victims of state repression use Proton, and Proton specifically advertises that Swiss law prohibits them from aiding these repressive states *for that reason*. They are courting these users by misleading them. That, in addition to all the problems @zzt listed, makes their conduct unacceptable.
@ecosdelfuturo @hipsterelectron @zzt The issue with Stop Cop City was NOT that "email may not be the most secure medium for communications." The contents of the email were, as far as I'm aware, as secure as Proton promised. The problem was that they misled the user to believe that ALL of their data was being protected, and did not disclose the many, many ways that Proton leaks identifying information about you. The FBI, however, DID know about this, and used it to unmask and arrest their customer, which Proton happily complied with Swiss law to enable.
-
hey rando mastodon users defending this crap: even if you don’t believe me from an infosec standpoint, maybe there’s better things to spend your time on than reposting excerpts from a marketing blog run by a company whose CEO thinks the Republican Party is pretty cool?
like, maybe there’s better things we can be doing than defending a company that’s at minimum ideologically compromised, if not technologically compromised (though the latter is kind of obvious to me, and they go hand in hand)
if you really believe that proton doesn’t make guarantees as to privacy or security even though that’s the only thing their company does, maybe instead of showing me links to proton’s blog or that awful fucking medium post defending their CEO or victim blaming the people proton locked up for having imperfect opsec or being criminals (whom amongst us), maybe you should come and recommend something that’s actually fit for purpose?
-
if you really believe that proton doesn’t make guarantees as to privacy or security even though that’s the only thing their company does, maybe instead of showing me links to proton’s blog or that awful fucking medium post defending their CEO or victim blaming the people proton locked up for having imperfect opsec or being criminals (whom amongst us), maybe you should come and recommend something that’s actually fit for purpose?
signal provides such good privacy and security that the republicans proton’s CEO loves use it to plan their crimes, and they only got caught cause they told signal to address their messages to a fucking journalist
-
@ecosdelfuturo @hipsterelectron @zzt The issue with Stop Cop City was NOT that "email may not be the most secure medium for communications." The contents of the email were, as far as I'm aware, as secure as Proton promised. The problem was that they misled the user to believe that ALL of their data was being protected, and did not disclose the many, many ways that Proton leaks identifying information about you. The FBI, however, DID know about this, and used it to unmask and arrest their customer, which Proton happily complied with Swiss law to enable.
@ecosdelfuturo @hipsterelectron @zzt After Proton did this, they did NOT consider it a massive failure of their service and an act of reneging on their promise to their customer. They did NOT consider it a mistake and rework their website to properly warn vulnerable users (who, again, they deliberately lure onto their service via deceptive marketing) and prevent it from happening again. They swept it under the rug and moved on, and then fucked over the Spanish climate activists much the same way. They are a honeypot. Stop defending them.
-
proton’s fedi account, 2025: Due to the misinformation about our CEO spread by mastodon users, the only official communication channels are now Reddit and Twitter.
proton on fedi, 2026: our admin loooooves they live and the room they’re his favorites! don’t trust silly microsoft’s ai! what’s that?
…
No, for the last time it’s misinformation that Lumo is just a normal LLM. It’s private and secure because our blog said it was. Are you calling me a liar?
…i mean uhh lumo’s mascot is soo cute
@zzt
It seems like it's an LLM writing the posts/replies. I don't know many people using the term "output" to describe someone else's writing. Maybe I'm being pedantic -
signal provides such good privacy and security that the republicans proton’s CEO loves use it to plan their crimes, and they only got caught cause they told signal to address their messages to a fucking journalist
could you fucking imagine the shitstorm if signal did any of this victim blaming crap? if they called any of their users criminals who deserved jail?
like fuck, signal provided mitigations and constant communication when one of their users got compromised and arrested due to an issue with notifications, and that wasn’t even their fucking bug!
