Privacy

40180 readers

463 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Should i trust proton? (lemmy.dbzer0.com)

submitted 3 days ago by somerandomperson@lemmy.dbzer0.com to c/privacy@lemmy.ml

68 comments fedilink hide all child comments

If not, what alternatives can i use?

you are viewing a single comment's thread
view the rest of the comments

[–] 0xtero@beehaw.org 7 points 3 days ago (14 children)

Depends on your threat model. What are you defending against?

[–] somerandomperson@lemmy.dbzer0.com 7 points 3 days ago (13 children)

I am defending against anyone that uses my data for non-essential purposes. Well, not all non-essential purposes; i mean ads, personalization, AI, selling it for profit, etc.

[–] 0xtero@beehaw.org 7 points 3 days ago (3 children)

Then Proton should be fine. As far as I know, they don’t sell user data.

Of course as soon as you send an email or receive it from someone else, there’s a chance it will be mined, but while it’s ”at rest” on Proton servers it should fulfill your model just fine.

[–] appropriateghost@lemmy.ml 1 points 2 days ago (1 children)

excuse me ignorance, but I understand that once you receive mail from someone with shared pgp keys, they'd have no way to read the contents.

But when I receive an email from any service that sends me mail, or from a friend that doesn't use PGP, it sits encrypted in my account... but how do we know proton isn't 'reading' the contents when it is delivered and before it is encrypted in the account?

Is there a possibility of data mining or them storing the contents on their end? like a mirror image?

[–] 0xtero@beehaw.org 3 points 2 days ago* (last edited 2 days ago) (1 children)

If and when you send or receive e-mail encrypted by PGP, the body (contents) of the message is indeed encrypted and you're safe from snooping and data collection, which is great. However, privacy-wise this might actually be a bad thing, because almost no one uses PGP and using it makes you stand out in a sea of normal e-mail users for someone who collects and analyzes lot of data. So if that's your threat model, using PGP might actually be dangerous. Also, you have to remember and remind everyone to use PGP, which is cumbersome if you correspond with non-techie people. You don't really know how they handle "their side" and PGP software is notoriously not very user friendly.

Whenever you send someone unencrypted e-mail from your Proton account, there's a chance that the recipients e-mail provider (most likely Google or Microsoft) reads it. Same when they send it to you. It doesn't actually matter that the message sits encrypted "at rest" in your Proton accounts Sent Items -, the contents have already been read, indexed and sold to a broker.

It's very hard to do e-mail privacy because the protocol itself doesn't have any built-in. It's better to use other communication methods for sensitive transactions.

[–] appropriateghost@lemmy.ml 2 points 2 days ago

Good explanation, and I figured the same.

I feel the 'encrypted at rest' is then a false sense of security. Alas it is much better than gmail, etc.

load more comments (1 replies)

load more comments (10 replies)