Due to the recent announcement of Proton moving to a non-profit structure (although not becoming fully non-profit) I’ve decided to take another look at them and really, Proton Unlimited is an enticing offer. However, the fact of everything from mail, to accounts, to storage being in one place is somewhat disconcerting. Also I recall them being decent, but not particularly outstanding at refusing to provide data to outside sources, there was a situation a while back where they handed over information of a climate activist.
To be fair, mail is insecure by default and if you’re going so far as to write to another Protonmail user you might as well use something actually secure and I am not exactly planning on breaking the law so I’m not too worried about data being handed over to authorities, yet it still leaves a bitter taste in my mouth and with the state of politics where I live there certainly is a concern that, being queer, I should also be a bit weary of governing bodies as well, as laws may change in the future.
Basically, by switching to Proton I’d be putting a lot of trust in them, instead of splitting it up between things like Mullvad, Bitwarden, etc. and besides a password manager (and to some extent my email provider), while dramatic, a single failure at any point wouldn’t be a total disaster. Are they trustworthy enough for the convenience benefits to be worth it to any of you?
Others have touched on whether its trustworthy, but let me paste a comment I made a while back about why I like it so much from a functionality standpoint.
Let me tell you why I like it. It lets you generate a new email alias and password instantly whenever you make a new online account somewhere. Or just whenever you want. I’ve been slowly changing all my accounts over to their own unique email alias that can’t be tied back to my main email. My main address is known by nobody at all.
The main benefits are if someone steals a password, the email address that comes with it will only be useful for that one account. (I don’t need to go over the benefits of a standard password manager.) and so if that email is leaked or added to a spam list, I simply delete that address after changing the address for the single account it was used for. I can tell exactly which address is getting spam easily. 0 spam. Ever. Spam email has been solved for me.
Proton remembers which sites use which email/password as well.
Other than that, it’s just good for privacy. Having a different email for each account makes it harder to track a user across accounts.
These addresses are somewhat auto generated, with the name of the site along with a random word and a few numbers. But if you want to create another email address, you get a handful of custom ones for free with the subscription too. You can revoke these the same way, so you can have a professional looking email to hand out to people that’s not auto generated, without giving out your account’s root email address.
Edit: I also want to specify that while all of this is technically possible through other means, Proton makes it easier than any other option. Plus access to a good vpn, a nice replacement for Google drive (for storage and basic editing, at least) in addition to the email service and password manager mentioned above. A very good deal, in my opinion.
Edit 2: it sure sounds like I’m a paid shill but I can assure you I just really fucking love Proton and I get too excited about things.
These addresses are not as easily revoked, you have to contact support if you want to remove them.
Ah, I am mistaken then. I thought they were just as easy. Good to know you can still revoke them if need be, though.
I am asking here because it sounds like you might have first hand knowledge. I currently use LastPass for a password manager and I really like it’s integratiom with the Android phone and using it within app and on websites.
How is the integration of Proton into the phone? I don’t want to have to open a different app and copy/ paste the password.
Thank you.
You need to take all your passwords out of LastPass and move to anything else. Bitwarden, ProtonPass, KeyPass, even Nextcloud, but run away from LastPass as soon as humanly possible. That shit and screaming your credentials at the top of your lungs while someone records it is the same crap.
It’s actually great. How it works most of the time is you highlight the text box in whatever app, and if proton thinks its a login box (it has like 90% accuracy) it will make a button pop up above the keyboard. Tap it, it opens proton and suggests the account it thinks this app uses. You can tap fill or search for another account. You can then tell it to always use this account for this app, or only this time. Then it goes back to the app you were in automatically and fills it. Next time you fill it there, it doesn’t need to open the app, it will just fill it.
This requires that you give it screen reading permissions IIRC but you can disable that. If you dont want this feature. Also, if you have auto lock enabled it will ask you for your password or biometric (if enabled) before auto filling or opening automatically.
I used to use dash lane and I’ve found that proton works a bit better than that on my pixel 7.
Oh and if you’re using a browser it will not ask “every time for this app” and will try to use the website you’re connected to instead. I think.
Thank you for your detailed answer. I’ll have to give it a try.
Lastpass is the last password manager you should be using. They’ve had tons of data stolen, bitwarden is decent on android so I just stick to that. Should probably change passwords after switching over.