until you need to collaborate with the average person who uses google docs and gmail

Yes, your productivity is going to tank. No way you’ll be prepared for a full air gapped machine on day 1.

Well shit, I shouldn’t be the first to tell you that if you’re serious about your privacy then get off of windows.

Also if the CIA is targeting with you with air gap malware, then you fucked all the way up. Pedophiles are saying “damn, fuck that guy”

Wow… I use Aegis exclusively as my authenticator since 2 years ago and completely did not recognize the logo by itself!!! I used Yandex image search and it told me coincarp… Sorry.

I would probably argue they are the same in terms of security and privacy. Privacy communities tend to disfavor Proton because its all eggs in one basket, and also for political reasons. Both of those are subjective to your personal threat/privacy profile.

Its true that a single point of failure is more risk than separate services, but that fact doesn’t undermine their security on a technical level, and has nothing to do with privacy. As for the political, yes it’s something to watch but nothing wrong has been done. They are set up as a non profit with checks and measures in place to prevent corruption from happening. I’m OK with different points of view and having different points of view on a board is a good thing.

Its not. They don’t even sign their releases or support PGP

Tuta is not a proton replacement

Technically speaking is highly contested and you have arguments pro and con, one way an another. They use different technologies so it is hard to compare properly, specially since it depends on the users using it properly.

If the technology is good, it does not matter where it is located. Switzerland, specially since a couple of years, does provide more freedom guarantees than Germany but it is not immune at all, actually, the US had used the Alpine country to do operations due to its attractiveness to dissidents and criminals alike. However, for the overwhelming majority of customers, either option is fine for they privacy and security. Only metadata has been obtained in few instances in both companies and nothing else… at least no that was used in a court of law.

For ultimate targets, if they have to rely on email, that they should not, I would choose Tuta though. These are my reasons.

1. It has a lesser footprint, so less likely intelligence agencies tried to infiltrate it.
2. The people behind are there fro the very beginning and show their faces publicly (Many in Proton too like the CEO, but it is no so transparent with the rest)
3. The people of Tuta are more ideological so it is a barrier for intelligent services to penetrate. Tuta has show however being anti the Russian government (rightly or not), so this point is not valid if you are in that side.
4. Tuta has a very organic and progressive growth. Proton had an explosive growth. Of course, it could been good marketing, but still…
5. Proton still today requires Google’s Push Notification servers, after years and years demanding a solution. Tuta had that solved since long, long ago.
6. Recently a case came in Canada of a intelligent agent using Tuta since “it was infiltrate by intelligence agencies”… After a few hours going through the case, I read it the opposite, he used it because he actually considered it a better choice to cover his crime. He was not that high in the ranks, but I read that the he resumption o these officers.
7. Nothing regarding security, but as a paying customer for both I was “tricked” far less by Tuta. Proton, for instance, does not refund you, only gives you credits. Even 20min after an accidental 2yr renewal I got stuck with them unwillingly. That practice should never be acceptable for a SaaS.

Now, Proton overall, for most is a bit more reliable and full feature and better put together so it is easier to recommend. Think of Proton as the Apple of emails, quite secure and miles away from Gmail, but security wise and ethically, of the two, my bet would be with Tuta.

The CEO of Proton has tried cozying to Trump and any company led by a guy who does that is knocked down several notches for me

I’d put Android/iOS on top layer then AOSP on the 2nd layer then deGoogled Androids on 3rd layer then PostMarketOS on 4th or 5th layer.

I’d argue that gog might be a bit better, since you can download executables from their website, and then use them offline, without telemetry. But still, I think neither are necessarily all that relevant here.

Sorry, this post is a bit confusing…

Gotta use less popular locations close to what you need. As a german I have mostly been using Finland and other smaller eastern European countries, those generally work just fine. Germany itself barely ever.

I just got Mullvad again and the main site I get flagged on is reddit. Which I wouldn’t care but the state of search is so abysmal that I still regularly have to query reddit to find what I’m actually looking for (for some types of info anyway). It’s fine though, there’s some mullvad servers that haven’t been flagged yet so I just server hop as needed. Less convenient, but not terrible

Probably an activist who isn’t just protecting himself

I’m no ghost, not even close. Be careful though, “what’s the point?” Is essentially the question everybody asks at every phase of that iceberg diagram.

A possible answer to your question though, is that even if the state doesn’t know or care about him today that might change tomorrow.

That’s not my threat profile but it’s a valid one.

Speaking as a former kid of rural america you would be doing the lords work, friend

Ha. The tubes were the final pieces to the getaway vehicle

Thank you. I remember back in the day hearing they didn’t keep logs and figured “well alright sounds good!” and that was the end of it.

I’ll give Proton a try when my current plan of Nordvpn ends. Didn’t know Proton was open source either, so that’s pretty cool! Wish I didn’t get downvoted to hell for asking a question, but it is what it is.

I’d put OpenVPN and WireGuard on the 5th layer.