In an unexpected mask off, “secure” email and VPN provider Proton took the stance of siding with the fascist MAGA Reps. Proton’s services are no option for me and many others any longer. Let’s collect and discuss alternatives (E2E encrypted email and VPN) here 🔐👇
Always try to provide: -Server location (jurisdiction) -Governance -Integrity/trustworthiness/transparency -User experience/ease of use (grade 1 to 10, lets take Proton as a benchmark with an 8) -Pricing and links
If you knowalternatives setups, feel free to share, too.
#ProtonExodus
Background: https://lemmy.ca/comment/13913116
I own and operate https://port87.com/, and in no way am I even close to right wing. I don’t call myself a liberal, and get offended when people do, because I’m a leftist.
It’s not ready for business email yet, but it’ll work for your personal email.
I’ve been doing research into this because I want to degoogle. Looking for hosted and secure Mail, Calendar, Drive… maybe docs if possible. I don’t mind paying as long as I’m a customer and not a product to be sold.
My short list was: Mailbox.org, Zoho, and Notion.
Then there are the services I don’t understand as much because I don’t really want to self host or step into server maintenance… NextCloud, OwnCloud, LibreCloud, OnlyOffice. Maybe someone could straighten me out with those if I’m off base.
Tuta.com is similar to Proton Mail + Calendar.
-
Location: Germany
-
Governance: Private GmbH (German corporation, similar to an American LLC)
-
Integrity/trustworthiness/transparency: Better than Proton IMHO. All their apps are open source and available on F-Droid. They encrypt email headers (unlike Proton, who are weaselly about this in their marketing materials).
-
User Experience: Ehhhh…6? I’m not in the best position to compare because I do not have a premium plan, so I am not able to examine features like inbox rules/filters. Much like Proton, it doesn’t support full-text email search unless you have it cache your entire mailbox locally (either via the web site or app). They do not support POP or IMAP, but do offer their own desktop and mobile apps.
-
Pricing: €3/month for 20GB, €8/month for 500GB. https://tuta.com/pricing
Thank you!
Yep, I’ve been using Tuta for email for years now, just the free version.
No IMAP is a killer
-
My personal recommendations:
https://uberspace.de
- Server location (jurisdiction): Germany
- Integrity/trustworthiness/transparency: About-Page
- User experience/ease of use (grade 1 to 10, lets take Proton as a benchmark with an 8): 6
- Pricing: Based on solidarity, but recommend minimum is 5 € per month
https://www.hostsharing.net
- Server location (jurisdiction): Germany
- Integrity/trustworthiness/transparency: well, you own part of hostsharing if you use it (collective-ownership)
- User experience/ease of use (grade 1 to 10, lets take Proton as a benchmark with an 8): 6
- Pricing: 64 € onetime payment + 10 € per month (cooperative)
Other recommendations:
- mailbox.org, systemli.org, riseup.net, posteo.de (as far as I know all of them are located in Germany)
Excuse my ignorance, but why is Germany a good place for privacy vs proton’s Sweden?
And also eg, versus a non EU nation ?
TLDR: The Gestapo and Stasi
“uh uh. you aren’t doing that shit to me again”
meanwhile, on the other side of the atlantic
“spy on me daddy”
US never had fascism, so they’re experimenting and learning the hard way
oh man. we’re the og fascists. our policies inspired european fascism. we’ve done all the key components of a fascist regime before: the forced labor, the death camps, the mass surveilance, the overt militarism, the desperate need to expand and get rid of the people who were already there
Systemli requires an invite code last I checked? Disroot does not.
Mullvad is supposed to be a safe and secure VPN.
Unfortunately not a mail or storage provider.
Posteo, Mailbox.org, and Tuta are all good alternatives.
If this wasn’t enough of a wakeupcall to not put all the eggs in one basket then what is? Companies are literally doing this to lock you into their service so it’s harder to switch since you then have to find X new services instead of just one.
Better go with one that’d specialized for each service you need…
Btw, unrelated to the twitter debacle, Proton’s cloud app on Android, sucks ass. Can’t even download an entire folder, downloading more than 25 files get glitchy and not all files get downloaded. Every other cloud provider could do that.
Ive been using proton for a little more than a year now and I think that the service is one of the best out there. That, and their privacy guides in their blog are great as well. I think abandoning ship this early isn’t really a need. I’ve abondonded things like Plex for jellyfin due to Plex starting to feel very commerical. As others have pointed out, the governing of the company may keep one individuals views from interfering with the products. With that said, if your beliefs swing opposite, i see how it can leave a bad taste and make it worth keeping an eye on the direction of the company.
I think I would wait for changes in their mission and policies before I start moving anything.
I prioritize ease of use, reliability, basic features not behind a pay wall, solid support and ease of use through Thunderbird so I don’t have to visit the awful web version of said mail program. While I had mentioned that I was on Tutamail, I did a search of them and found a Reddit post about them weighing pros and cons. The cons I read of them go against a little of the things I’m after.
So reluctantly, I had to go back to GMail. I spent over 20 minutes migrating, resetting, re-routing many addresses to my newer GMail. I know that privacy is neither here or there on surface web stuff so I don’t care about privacy regarding that. I’ll start caring about privacy when I sign up for more personalized things and that’s where Tutamail is going to come into play.
Before you decide to go back to Google or close your account, keep in mind that Proton became a non profit organization with the main mission of protecting your privacy. And as a non profit, they’re not trying to profit off of you in any way.
Going back to Google is the worst solution you can use. Remember that Google donated $1 million to Trump’s inauguration fund. Google also doesn’t care about your privacy. On the contrary, they’re selling your data and using it against you.
While the Proton CEO may be a nut case, he’s only praising the choice that Trump made as the candidate for the antitrust department. While that’s understandably stupid since I don’t believe Trump is going up stick up for the little guy now that he’s got Musk and Zuck in his pocket, at least he didn’t actively donated and enabled Trump either personally or through his platform and spread misinformation.
Think about it.
At least with proton, the fact that you’re different, that you’re 2SLGBTQ+, is safe. Or at least substantially safer than Google.
Safer.
Well, they handed out activists’ metadata in the past, for the French authorities. In their position of an e2ee provider who controls both ends as a default, they are in a position where the can fuck people over. This is exactly what Snowden described as someone pointing a gun at you while saying “Relax, I am not gonna use it against you.”
So much for safety.
Ah, and my original point was: it is either safe or unsafe, the word saf_er_ means nothing during a genocide.
IIRC, this was because the user in question had set a recovery email for their account, which Proton either volunteered or was forced to give to the authorities. Definitely crappy behavior on Proton’s part. Don’t set a recovery email!
Contents of email are safe.
But assume IPs are compromised.
Worth mentioning Snowden used Lavabit. There’s a great history there.
Lavabit
Connection to Edward Snowden
Lavabit received media attention in July 2013 when it was revealed that Edward Snowden was using the Lavabit email address Ed_Snowden@lavabit.com to invite human rights lawyers and activists to a press conference during his confinement at Sheremetyevo International Airport in Moscow.[16] The day after Snowden revealed his identity, the United States federal government served a court order, dated June 10, 2013, and issued under 18 USC 2703(d), a 1994 amendment of the Stored Communications Act, asking for metadata on a customer who was unnamed. Kevin Poulsen of Wired wrote that “the timing and circumstances suggest” that Snowden was this customer.[17] In July 2013 the federal government obtained a search warrant demanding that Lavabit give away the private SSL keys to its service, affecting all Lavabit users.[18] A 2016 redaction error confirmed that Edward Snowden was the target.[2]
But what is the status now? Also, I think in the years to come the jurisdiction will also play a role. If the service is in the soil of a country that can subpoeana the encryption keys, then nobody is really safe.
Yes, proton is about ten thousand times better than google, even with this board member’s stupid fully factored in.
They have doubled down officially with their official Mastodon account https://mastodon.social/@protonprivacy/113833073219145503 I therefore consider this official opinion of Proton. Focussing on one aspect and completely ignoring the bigger picture of a luming fascist period in the most militarized economy of the world is just inacceptable. Proton just could have kept their mouth shut, but they decided not to.
This is extremely disappointing. :(
Why are there so many responses like this, saying not to go back to Google? The OP didn’t even mention Google as an option they were considering. I’ve seen zero discussion in any of the other posts around the fediverse where people have expressed any desire to use Google because of this. Why would anyone think that users who had already moved to Proton would find Google acceptable as an alternative right now?
This just feels like you’re trying to discourage actual conversation about alternatives by acting like the only options are Proton or Google, so we all ought to shut up and sit down.
Also, if you think merely becoming a non-profit means a corporation can never exploit people and isn’t interested in making money off of it’s customers, then I’ve got a bridge to sell you.
Because I looked at the discussion threads for this post and I saw a few early comments where people mentioned they would go back or stick with Google.
I’m not trying to shut down or discourage any discussion. Just pointing out to the people who said they’d go back that it’s not the best solution.
OpenAI was also a non-profit until a few months ago
No, Proton actually just went from being a company to a non profit recently for the purpose of remaining a privacy focused organization whose mission won’t change.
Whatever you choose, remember that ease of migration is important. So for email buy your own domain name and use a service like posteo.de that allows custom domains and full IMAP access.
As far as I can tell from posteo’s own FAQ site, they do not allow custom domains. I’d really consider swithcing to them otherwise. Do you use posteo?
I literally just asked their support about this last year and they confirmed they intentionally don’t offer this option.
Woops I think I was thinking of mailbox.org who does support domains.
Fair mistake to make, they have a very similar colour scheme I can see. Happy to hear of yet another mail provider to consider, I want to hear about as many as possible; I want to make the right choice
Yeah I get them confused constantly hah.
At least with your own domain name and IMAP, changing email providers is pretty quick and easy.
Maybe not the contribution that you’re looking for, but going to tell you this story regardless.
I am Swiss, and used to be a former diplomat at the Embassy of Switzerland in the United Kingdom. My colleagues and I had organized an evening on cybersecurity, where we showcase what Switzerland has to offer. I invited stakeholders such as:
- Dreamlab (really cool company, should look them up if you don’t know of them)
- NCSC (Swiss National Cyber Security Center)
- Some Swiss cyber regulator; and
- Proton
Firstly, when speaking with the CEO of Dreamlab, he ushered a statement; upon me saying I’m a huge Proton fan and subscribed to all services - “they are lying to your faces”.
I was curious, so I spoke with the regulators and NCSC delegates, they said that Proton has been involved in a handful of leaks - some that were made public, some behind the scenes.
When I spoke to Andy, having told him that I grew up in Canada, I asked him what his plan was for North America. His response: “I will gladly take their money, but never open up shop there - too many national security services that come knocking on the door”.
Now I see that (on the Proton page), that they are looking for a few US based positions for Marketing and Growth - going against what we discussed a few years back. In all honesty, I still have a Plus subscription with them, but beginning to questions a lot more things regarding security and ethics at Proton. Guess I’ll just self-host in the future. Trust no one but yourself with your personal data.
There are 2 kinds of companies:
- Evil companies
- Companies that are not evil YET.
What this means in this case is that only your own E-Mail server running on a Raspi in your own home can be considered private or secure in the long run. Unfortunately this is really really hard to do, which is the only reason i have not done it yet.
Personally i do not consider any E-Mail private, because E-Mail is not E2E-encrypted, and 99.9% of times one side of the conversation is going to be hosted on some shady companies servers.Of course Proton delivers a great service, because they make an insecure protocol a little less insecure, and i personally use Proton mail. Unfortunately their closed-source nature makes it impossible to switch providers without abandoning their great software.
As for services like Drive, they can actually be hosted privately and securely on your own Raspi with stuff like NextCloud/OwnCloud.
For those that can’t/don’t want to self-host, i would recommend paying for a hoster that hosts FOSS software and contributes to it either with money or code. In that case you would probably loose E2E-encryption, but gain the ability to switch providers once your provider turns on you. In that case at least some of your money would continue to offer value to you by having improved the software you are still using.Looks like the mastodon thread was deleted. Did anyone manage to archive it?
Damn dude. I swear I can’t wait for AI to program everything so I don’t have to keep track of the shitty things people do because we are a shit species.
Wow, lots of people on Lemmy just look at screenshots of text and dont read anything anymore.
I dont think he said anything controversial. Read what he wrote.
He’s not supporting Trump or the Republican party in general. He is calling them out for selecting someone good on antitrust. That’s not controversial.
