Have people noticed how much popretary java code ProtonMail requires when using a web browser for email?

Also, why the required login on their free VPN service if they are all about privacy and encryption? Why do they want someone’s network traffic in order to use their free VPN?

Over the past 6 months my suspicion grows bigger and bigger of who is behind Proton, the agenda behind starting the service, and how it caught on? Why don’t free encrypted anti-government services catch on?

Until ProtonVPN removes login requirement and release VPN server code under open source license like RiseupVPN or CalyxVPN which are anonymous VPN’s, no account, I will choose to treat Proton like a spy agency.

  • Dark Arc@lemmy.world
    link
    fedilink
    arrow-up
    45
    arrow-down
    1
    ·
    2 years ago

    Have people noticed how much popretary java code ProtonMail requires when using a web browser for email?

    You mean JavaScript; particularly, https://github.com/ProtonMail/WebClients.

    Also, why the required login on their free VPN service if they are all about privacy and encryption?

    Because they need to limit how many instances of the VPN you’re concurrently accessing somehow.

    Why do they want someone’s network traffic in order to use their free VPN?

    To use a VPN, you by definition are giving someone your network traffic.

    Over the past 6 months my suspicion grows bigger and bigger of who is behind Proton, the agenda behind starting the service, and how it caught on? Why don’t free encrypted anti-government services catch on?

    I’m not even touching this…

    Until ProtonVPN removes login requirement and release VPN server code under open source license like RiseupVPN or CalyxVPN

    That would be meaningless. You login to a protonmail account, which you can create anonymously. The server code can also never be verified to be what’s running on the servers.

    I will choose to treat Proton like a spy agency.

    Go for it.

    • Lengsel@latte.isnot.coffeeOP
      link
      fedilink
      arrow-up
      5
      arrow-down
      9
      ·
      2 years ago

      You did a good job to rebutt everything I said, props!

      I’m good with letting all of your counterpoints stand on their merits.

      I still do wonder how Proton caught on over other encrypted emails and why American government has not gone after Proton like they did with Lavabit, which I did use and then one day all my emails don’t exist anymore.

      • brandon@lemmy.ml
        link
        fedilink
        arrow-up
        19
        ·
        2 years ago

        why American government has not gone after Proton like they did with Lavabit

        Lavabit was based in the United States. Proton AG operates entirely in Switzerland. Ostensibly the US government would have to go through the Swiss court system to get anything out of Proton.

      • Dark Arc@lemmy.world
        link
        fedilink
        arrow-up
        10
        ·
        edit-2
        2 years ago

        Others have already touched on the jurisdiction issue.

        I’m also going to note, in the last 10 years a lot has changed. E2EE has gone from something that’s fringe, to something integrated integrated into lots of products. Signal, Proton, and others launched in the wake of the Snowden revelations. Lavamail was Snowden’s email provider.

        It’s kind of like being the “hipster nerd” playing D&D before D&D was popular vs playing D&D post popularity… It’s pretty obvious to most people in 2023 that D&D isn’t for demon worshiper, as it’s pretty obvious in 2023 that E2EE isn’t just for criminals. In other words, the value proposition of ProtonMail isn’t as “sinister.”

        I personally suspect the US Govt (in terms of federal agencies) is adapting to the presence of encryption vs trying to kill or weaken it at every turn (similar to how Microsoft stopped trying to stomp out open source code). 9-11 was a very very very bad thing (and arguably why the US is one of the worst countries to host a privacy service). However, the “big one” when it comes to cyber attacks could be even worse (and I’m pretty sure there are people at NSA that understand how E2EE plays a role in securing the nation – they’re not dumb people after all).

        Proton is also a larger company than Lavabit (I suspect), and with that comes lawyers, and money to feed them.

        So long as ProtonMail isn’t primarily acting to serve organized crime… I suspect “there are bigger fish to fry.”

        • Lengsel@latte.isnot.coffeeOP
          link
          fedilink
          arrow-up
          9
          arrow-down
          2
          ·
          2 years ago

          I get ya, and thank you for thoroughly articulating, I enjoy the discussion. And that’s all I was looking for, a discussion, and not kick off a grand conspiracy.

          • Dark Arc@lemmy.world
            link
            fedilink
            arrow-up
            8
            ·
            2 years ago

            Fair enough; I admittedly mischaracterized you and perhaps responded with a bit too “harsh” of a tone initially. I apologize.

            • Lengsel@latte.isnot.coffeeOP
              link
              fedilink
              arrow-up
              6
              ·
              2 years ago

              I took what you said as honest discourse and dialogue. Maybe the slightest tone of being harsh, but I took what you said as nothing more than an knowledgable rebuttal, not criticism. Seriously, all is well, and I’m completely open to every point you rebutted me on. I sensed no mockery or hostility from you, only solid counter points.

      • Emanresu@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        2 years ago

        Oh! another lavabit victim in the wild. I signed up with em because i just wanted basic security and privacy for a new email account and then poof gone. To top it off, my next email provider had some issues and i lost that account too :(

        Now I’m about ready to rant a post about how we down actually control our own email accounts and therefor don’t control our lemmy accounts. I’m a big boy and can handle passwords and account control myself without a guarantor!

        I am aware about bots and fake account stuff and see the need for better verification, but email is not a valid way to do it.

        • Lengsel@latte.isnot.coffeeOP
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          2 years ago

          I miss Lavabit because of how light it ran for an ecrypted service. When I tried Proton it seems more bloated, has too much code and dependencies.

          The only way to control your emails is buy a domain and run your own physical server that you maintain the software running on mail server, as in self hosting.

          • Emanresu@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            2 years ago

            I don’t remember a whole lot about lavabit other than how rough it was to lose access.

            I’d consider my own email service, but most places that have problems with user accounts will consider a self hosted domain as invalid. :(

            • Lengsel@latte.isnot.coffeeOP
              link
              fedilink
              arrow-up
              1
              ·
              2 years ago

              Lavabit was smooth, I was using email all the time, but that was before messenging. Lavabit was more text and not so much icons and graphics, it was a well run system. The webmail did not have as many options and services as ProtonMail.

              Such a well oiled machine, I still miss using Lavabit email service, 10 years later

      • Nimbus@techhub.social
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        @lengsel @Dark_Arc

        Lavabit was formed and located in the US, while Protonmail was not. As a result, the US had jurisdiction over Lavabit, while it does not have the same level of jurisdiction over Protonmail.

    • Emanresu@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      11
      ·
      2 years ago

      It’s healthy to discuss this type of thing even if we are wrong or paranoid. You are being abusive in an anti-privacy way.

      • randomguy2323@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 years ago

        Nothing is perfect. Everything is this world is about trust even if they open source everything is practically impossible for you to verify all the code and then verified if it really been used on the final product . And that is only the VPN , what about the email provider, your ISP , your phone carrier? , the apps you daily use. Are you going to check the source code of every single thing you use? And make sure it is been using correctly? Also even if you can do all that , how do you know the encryption being used hasnt been broken by a government already? Come on man be more realistic.

        • Emanresu@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          2 years ago

          I never said i agreed with OPs specific claims. I agree with more of what you just said than what OP said.

          My only claim is that its totally unacceptable to add nothing to a convo other than trying to peer-pressure shame a person from talking about privacy concerns on a privacy community. Sometimes that type of abuse would stop nonsense, and sometimes itd stop legit convo.

          Telling someone they are “crazy” is one of the most common ways to shut down legit observations and i see it too much.

  • macniel@feddit.de
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    2 years ago

    What’s wrong with Proton? It’s just a gaming focused wine branch.

    Java in ProtonMail? Are you really sure?

    Proton!=ProtonMail and Java!=JavaScript

    Sincerely, a developer.

  • MedicareForSome@lemmy.ml
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 years ago

    I mean it’s not like a VPN is providing major anonymity. We already know all the major providers are tapped. You should treat any VPN like a spy agency.

    If you need anonymity, a free VPN is probably not the best place to look.

    Also they could correlate your network traffic without you logging in. That is not a requirement. No matter what, any VPN is going to give some kind of unique user identifier.

  • knfrmity@lemmygrad.ml
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    2 years ago

    I’ve come to have my own suspicions of Proton as well, but I’ve also leaned that’s not an accepted point of view in most social media privacy communities.

  • TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    2 years ago

    OP, I think you need to articulate your concerns more appropriately, because I see a huge gap in the OPSEC perceptions here between you and regular users. Are you a user who uses the stricter kinds of email providers with no webmail, or are you a regular webmail client user like others? Are you approaching this from a “spy agency” POV, while being vague about ownership questions?

    If you are so concerned, go use Riseup or some other email provider. Or provide better arguments against ProtonMail, like articles from Moon of Alabama.