ew, proton’s back on fedi again and acting like someone’s uncle who just discovered shitposting
-
@tael @zzt @hipsterelectron As I understand it, Proton doesn't claim to guarantee your privacy, let alone anonymity. What it does claim is that it provides an infrastructure that allows you to achieve better levels of privacy and even some degree of anonymity if you take the necessary precautions. One example is its onion site for email and its recommendation to use TOR in certain threat scenarios. And you'll always come across warnings like this (taken from https://proton.me/blog/protonmail-threat-model)
@ecosdelfuturo @tael @hipsterelectron proton appears to be garbage that isn’t for anybody because it does nothing to mitigate any of the known problems with how it handles user data, and you reposting proton’s marketing blog has done nothing to change my mind on that
I also love that the warning you posted doesn’t mention the fucking thing we were talking about, payments being a privacy leak.
maybe you need to spend less time reading proton’s marketing and more time reconsidering your opsec
-
@tael @zzt @hipsterelectron As I understand it, Proton doesn't claim to guarantee your privacy, let alone anonymity. What it does claim is that it provides an infrastructure that allows you to achieve better levels of privacy and even some degree of anonymity if you take the necessary precautions. One example is its onion site for email and its recommendation to use TOR in certain threat scenarios. And you'll always come across warnings like this (taken from https://proton.me/blog/protonmail-threat-model)
@ecosdelfuturo @zzt @hipsterelectron This is exactly what I'm talking about. This disclaimer does NOT make Proton's limitations clear to the user. Here are the many problems with it:
1. The Stop Cop City protestor and the Spanish climate activists were NOT leaking state secrets. They were ordinary targets of state repression. Not Snowden-tier threats to national security.
2. Neither of those victims of Proton violated any Swiss laws, nor did they do anything inside Swiss jurisdiction. Their respective foreign governments petitioned Swiss authorities to hand over their data per the Mutual Legal Assistance Treaty with Switzerland, because in the case of SCC the FBI was (falsely) pursuing RICO charges against them and that made it qualify for the Treaty. This is not disclosed. -
it feels pretty disrespectful that we’re supposed to fall for this crap. it hasn’t even been that long
hey rando mastodon users defending this crap: even if you don’t believe me from an infosec standpoint, maybe there’s better things to spend your time on than reposting excerpts from a marketing blog run by a company whose CEO thinks the Republican Party is pretty cool?
like, maybe there’s better things we can be doing than defending a company that’s at minimum ideologically compromised, if not technologically compromised (though the latter is kind of obvious to me, and they go hand in hand)
-
@ecosdelfuturo @zzt @hipsterelectron This is exactly what I'm talking about. This disclaimer does NOT make Proton's limitations clear to the user. Here are the many problems with it:
1. The Stop Cop City protestor and the Spanish climate activists were NOT leaking state secrets. They were ordinary targets of state repression. Not Snowden-tier threats to national security.
2. Neither of those victims of Proton violated any Swiss laws, nor did they do anything inside Swiss jurisdiction. Their respective foreign governments petitioned Swiss authorities to hand over their data per the Mutual Legal Assistance Treaty with Switzerland, because in the case of SCC the FBI was (falsely) pursuing RICO charges against them and that made it qualify for the Treaty. This is not disclosed.@ecosdelfuturo @hipsterelectron 3. This information is hidden away on Proton's blog and in its transparency report (https://proton.me/legal/transparency). It is not provided when you create an account. You are not warned when you are about to do something that will compromise your privacy, as Mullvad does in the attached image.
This is not sufficient for a company which is founded on privacy and security, like Mullvad and Signal are and which hold themselves to a higher standard. Many, many activists who are victims of state repression use Proton, and Proton specifically advertises that Swiss law prohibits them from aiding these repressive states *for that reason*. They are courting these users by misleading them. That, in addition to all the problems @zzt listed, makes their conduct unacceptable.
-
@ecosdelfuturo @hipsterelectron 3. This information is hidden away on Proton's blog and in its transparency report (https://proton.me/legal/transparency). It is not provided when you create an account. You are not warned when you are about to do something that will compromise your privacy, as Mullvad does in the attached image.
This is not sufficient for a company which is founded on privacy and security, like Mullvad and Signal are and which hold themselves to a higher standard. Many, many activists who are victims of state repression use Proton, and Proton specifically advertises that Swiss law prohibits them from aiding these repressive states *for that reason*. They are courting these users by misleading them. That, in addition to all the problems @zzt listed, makes their conduct unacceptable.
@ecosdelfuturo @hipsterelectron @zzt The issue with Stop Cop City was NOT that "email may not be the most secure medium for communications." The contents of the email were, as far as I'm aware, as secure as Proton promised. The problem was that they misled the user to believe that ALL of their data was being protected, and did not disclose the many, many ways that Proton leaks identifying information about you. The FBI, however, DID know about this, and used it to unmask and arrest their customer, which Proton happily complied with Swiss law to enable.
-
hey rando mastodon users defending this crap: even if you don’t believe me from an infosec standpoint, maybe there’s better things to spend your time on than reposting excerpts from a marketing blog run by a company whose CEO thinks the Republican Party is pretty cool?
like, maybe there’s better things we can be doing than defending a company that’s at minimum ideologically compromised, if not technologically compromised (though the latter is kind of obvious to me, and they go hand in hand)
if you really believe that proton doesn’t make guarantees as to privacy or security even though that’s the only thing their company does, maybe instead of showing me links to proton’s blog or that awful fucking medium post defending their CEO or victim blaming the people proton locked up for having imperfect opsec or being criminals (whom amongst us), maybe you should come and recommend something that’s actually fit for purpose?
-
if you really believe that proton doesn’t make guarantees as to privacy or security even though that’s the only thing their company does, maybe instead of showing me links to proton’s blog or that awful fucking medium post defending their CEO or victim blaming the people proton locked up for having imperfect opsec or being criminals (whom amongst us), maybe you should come and recommend something that’s actually fit for purpose?
signal provides such good privacy and security that the republicans proton’s CEO loves use it to plan their crimes, and they only got caught cause they told signal to address their messages to a fucking journalist
-
@ecosdelfuturo @hipsterelectron @zzt The issue with Stop Cop City was NOT that "email may not be the most secure medium for communications." The contents of the email were, as far as I'm aware, as secure as Proton promised. The problem was that they misled the user to believe that ALL of their data was being protected, and did not disclose the many, many ways that Proton leaks identifying information about you. The FBI, however, DID know about this, and used it to unmask and arrest their customer, which Proton happily complied with Swiss law to enable.
@ecosdelfuturo @hipsterelectron @zzt After Proton did this, they did NOT consider it a massive failure of their service and an act of reneging on their promise to their customer. They did NOT consider it a mistake and rework their website to properly warn vulnerable users (who, again, they deliberately lure onto their service via deceptive marketing) and prevent it from happening again. They swept it under the rug and moved on, and then fucked over the Spanish climate activists much the same way. They are a honeypot. Stop defending them.
-
proton’s fedi account, 2025: Due to the misinformation about our CEO spread by mastodon users, the only official communication channels are now Reddit and Twitter.
proton on fedi, 2026: our admin loooooves they live and the room they’re his favorites! don’t trust silly microsoft’s ai! what’s that?
…
No, for the last time it’s misinformation that Lumo is just a normal LLM. It’s private and secure because our blog said it was. Are you calling me a liar?
…i mean uhh lumo’s mascot is soo cute
@zzt
It seems like it's an LLM writing the posts/replies. I don't know many people using the term "output" to describe someone else's writing. Maybe I'm being pedantic -
signal provides such good privacy and security that the republicans proton’s CEO loves use it to plan their crimes, and they only got caught cause they told signal to address their messages to a fucking journalist
could you fucking imagine the shitstorm if signal did any of this victim blaming crap? if they called any of their users criminals who deserved jail?
like fuck, signal provided mitigations and constant communication when one of their users got compromised and arrested due to an issue with notifications, and that wasn’t even their fucking bug!
-
could you fucking imagine the shitstorm if signal did any of this victim blaming crap? if they called any of their users criminals who deserved jail?
like fuck, signal provided mitigations and constant communication when one of their users got compromised and arrested due to an issue with notifications, and that wasn’t even their fucking bug!
@zzt can we just start bullying proton off fedi again please
maybe @vantablack can organize another pact or something
-
@ecosdelfuturo @hipsterelectron @zzt After Proton did this, they did NOT consider it a massive failure of their service and an act of reneging on their promise to their customer. They did NOT consider it a mistake and rework their website to properly warn vulnerable users (who, again, they deliberately lure onto their service via deceptive marketing) and prevent it from happening again. They swept it under the rug and moved on, and then fucked over the Spanish climate activists much the same way. They are a honeypot. Stop defending them.
@tael @hipsterelectron @zzt Thank you for such detailed explanations. Indeed, from what you’ve described, it seems they weren’t clear about the terms of their service. Personally, I knew from the start not to use my personal paid accounts for any activity requiring greater protection. In that case, I would use a free account created through their Tor site. But I suppose one shouldn’t assume that users are aware of these details.
-
ew, proton’s back on fedi again and acting like someone’s uncle who just discovered shitposting
I guess this is your regular reminder that proton officially ended their participation in the fediverse after their CEO came out in favor of the Republicans (yes I’ve read the nonsense rebuttal from the supposed journalist who didn’t author anything before or after that) and that in spite of pretending otherwise, proton profits off of several insecure AI features they only pretend are e2e encrypted
@zzt also let us not forget how proton touts itself as a better alternative to google, but will happily get into bed with google when it comes to push notifs on android lmao
meanwhile tuta uses their own thing for mobile and it's doing just fine
-
proton’s fedi account, 2025: Due to the misinformation about our CEO spread by mastodon users, the only official communication channels are now Reddit and Twitter.
proton on fedi, 2026: our admin loooooves they live and the room they’re his favorites! don’t trust silly microsoft’s ai! what’s that?
…
No, for the last time it’s misinformation that Lumo is just a normal LLM. It’s private and secure because our blog said it was. Are you calling me a liar?
…i mean uhh lumo’s mascot is soo cute
@zzt Lumo is also garbage (to the degree that you can differentiate the garbage output from various LLMs anyways). I've played with it, know your enemy after all, and the information and guidance it vomited was absolutely terrible.
-
@tael @hipsterelectron @zzt Thank you for such detailed explanations. Indeed, from what you’ve described, it seems they weren’t clear about the terms of their service. Personally, I knew from the start not to use my personal paid accounts for any activity requiring greater protection. In that case, I would use a free account created through their Tor site. But I suppose one shouldn’t assume that users are aware of these details.
@ecosdelfuturo @hipsterelectron @zzt Any serious privacy-focused service should be proactive about ensuring their users understand how to protect their privacy, even if that means not using their service or not paying them for it. Proton is reasonably up-front about being beholden to law enforcement like any other legitimate business; but they are deceptive in how they paint this responsibility as being exclusive to Swiss law. Any reasonable person might assume that when they say they report to Swiss authorities, that anyone outside of Swiss jurisdiction does not need to be concerned. And yet, the MLAT loophole exists and they are very much aware of it. Compare the pages linked above to the one intended for law enforcement: https://proton.me/legal/law-enforcement
"Depending on the nature of your case and which country the request is originating from, Proton AG may redirect you to competent Swiss authorities in order to respect the relevant Mutual Legal Assistance Treaty (MLAT) [...]"
-
@ecosdelfuturo @hipsterelectron @zzt Any serious privacy-focused service should be proactive about ensuring their users understand how to protect their privacy, even if that means not using their service or not paying them for it. Proton is reasonably up-front about being beholden to law enforcement like any other legitimate business; but they are deceptive in how they paint this responsibility as being exclusive to Swiss law. Any reasonable person might assume that when they say they report to Swiss authorities, that anyone outside of Swiss jurisdiction does not need to be concerned. And yet, the MLAT loophole exists and they are very much aware of it. Compare the pages linked above to the one intended for law enforcement: https://proton.me/legal/law-enforcement
"Depending on the nature of your case and which country the request is originating from, Proton AG may redirect you to competent Swiss authorities in order to respect the relevant Mutual Legal Assistance Treaty (MLAT) [...]"
@ecosdelfuturo @hipsterelectron @zzt Oh look! Suddenly MLAT is front and center and Proton is perfectly willing to acknowledge the existence of this treaty and speak directly to "foreign law enforcement agenc[ies]" on how they can request information on users with any "police report or court order (either foreign or domestic)." Interesting how this didn't come up in the blog post! Again and again Proton uses this wording of "if Swiss law is broken." It only admits that it assists foreign governments when it absolutely has to, and there is no direct acknowledgement that breaking the law of whatever country you are in may subject you to this international cooperation. Furthermore Proton asserts that "Swiss authorities do not assist foreign authorities from countries with a history of human rights abuses"... by whose definition? Lol. This is a fun way to twist "non-Western-aligned countries."
-
@ecosdelfuturo @hipsterelectron @zzt Oh look! Suddenly MLAT is front and center and Proton is perfectly willing to acknowledge the existence of this treaty and speak directly to "foreign law enforcement agenc[ies]" on how they can request information on users with any "police report or court order (either foreign or domestic)." Interesting how this didn't come up in the blog post! Again and again Proton uses this wording of "if Swiss law is broken." It only admits that it assists foreign governments when it absolutely has to, and there is no direct acknowledgement that breaking the law of whatever country you are in may subject you to this international cooperation. Furthermore Proton asserts that "Swiss authorities do not assist foreign authorities from countries with a history of human rights abuses"... by whose definition? Lol. This is a fun way to twist "non-Western-aligned countries."
@ecosdelfuturo @hipsterelectron @zzt They love to hide behind their responsibility to Swiss authorities and insist that it's the *Swiss government* turning over their customers to the feds, not them. Therefore people need to be informed that Proton is no more safe than Google necessarily for the purposes one might be inclined to avoid American companies. Proton isn't going to; they are building their company on this lie.
-
@tael @zzt @hipsterelectron As I understand it, Proton doesn't claim to guarantee your privacy, let alone anonymity. What it does claim is that it provides an infrastructure that allows you to achieve better levels of privacy and even some degree of anonymity if you take the necessary precautions. One example is its onion site for email and its recommendation to use TOR in certain threat scenarios. And you'll always come across warnings like this (taken from https://proton.me/blog/protonmail-threat-model)
@ecosdelfuturo @tael @zzt @hipsterelectron
Da fuq? I read this:https://proton.me/mail/security
and I signed up bc to me (a techy, but apparently naive person
) it implied safety, security, privacy and etc. Then I encountered very difficult usability and then the CEO went batshit fash and then they sold out the stop cop city protester. So I deleted my account. -
@zzt I had just seen some posts about valve and steamOS before reading this, and was VERY confused for a moment before remembering that there are multiple things called proton.
Heart skipped a beat there. I love the Proton that makes my Steam Deck go brrr
-
“but guys, the room, remember the room?” not as clearly as I remember you insisting features that send message data in plaintext to your servers are “end-to-end encrypted” because you consider yourself one of the ends
not as much as I remember how much your users are fucked if they interact with your services with anything but perfect opsec. but anyone with anything approaching perfect opsec doesn’t use proton
not as much as I remember how much of a shit your CEO is
@zzt Reading these threads I’m quite convinced Proton is The Bad, but it shows up in almost every list of email providers. I’d like to switch from gmail but I can’t seem to find many reviews that don’t include Proton, which means I can’t trust those reviews. Any suggestions where to look?
-
P pelle@veganism.social shared this topic
