this post was submitted on 16 Jan 2025
166 points (91.1% liked)

Proton

7935 readers
1 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 2 years ago
MODERATORS
 

Just opening discussion, haha!

I mean if non-proton conversation isn't allowed, I'm just comparing, haha lol!

Okay seriously though.

The three services I'm exploring are:

  • Email (with email aliases)
  • VPN
  • Cloud Storage
top 50 comments
sorted by: hot top controversial new old
[–] avidamoeba@lemmy.ca 53 points 9 months ago* (last edited 9 months ago) (3 children)

I think that, if we want something fash-resistant we probably need something by a worker co-op where the whole org has to be fash to be a problem. I'm not aware of such services. A non-profit like Proton is next on the list. I'm not aware of another non-profit email provider. Tuta seems interesting but they're for-profit.

Also any of those should be based somewhere in Europe since the US regulatory regime is weak and about to get weaker. Email isn't end-to-end encrypted so its privacy depends on the regulatory regime of the provider.

[–] Semi_Hemi_Demigod@lemmy.world 25 points 9 months ago (2 children)

It’s times like this that make me thankful Lemmy is written by a bunch of tankies, even if they’ve banned me.

[–] avidamoeba@lemmy.ca 16 points 9 months ago* (last edited 9 months ago)

Oh yeah. It took me a while to figure out they have much more in common with my interest than the wealthy techbros.

[–] PassingThrough@lemm.ee 19 points 9 months ago (1 children)

Honestly, it is my expectancy that if the US goes down that worst possible outcome, and they start passing laws that make you worry about your communications, then the “US Cyber Defense Platform(Great Firewall)” will also be quick to pass, argued to protect the children from porn, rights holders from piracy, and of course will quickly expand to any service that doesn’t agree to an encryption back door so they can look for “terrorists”.

In that case, Proton and any non-surveillance allied service is out. Email as we know it is pretty unsafe, and if you want to use email privately you will have to learn to provide your own encryption via PGP and the like, most likely through your own server even, and you will stress to ensure proper configuration.

Or get to another method(like Matrix configured for E2E) before they get pulled from your App Store for not complying with the Patriot Act 2.0, and be ready to learn the safest way to sideload updates, and how to dodge around the Bigly Firewall to connect with international users.

[–] rumba@lemmy.zip 6 points 9 months ago (1 children)

Honestly, if it went that far, They could just outlaw encryption altogether. Require all SSL to include their back door and they DPI everything on the way through. If anything doesn't work on the DPI, they log it and drop it. We'll end up having AI write us novels where you can take predetermined word order to create encoded messages

[–] PassingThrough@lemm.ee 5 points 9 months ago (1 children)

If it went that far, we’d be back to offline communication and small communities, because the AI would be programmed to tattle on us. :)

It’s a fascinating question actually how far technology could be used against us, and how long the “underground” could continue to use it before we’d have to continuously invent something completely new just to communicate, until we just loop back around to word of mouth or smuggled paper missives. A lot of people think that the cat is out of the bag on mass communication, that we can never be silenced again but I’m never quite so sure…

[–] rumba@lemmy.zip 2 points 9 months ago

I don't know, I'm kind of excited about moving back to code talking and pulling select passages out of books.

[–] Darohan@lemmy.zip 19 points 9 months ago (3 children)

Nubo is run by/as a co-op if that's your vibe?

[–] avidamoeba@lemmy.ca 12 points 9 months ago* (last edited 9 months ago) (1 children)

Hm. Is this production Nextcloud and email run by a coop? This might indeed be what I'm looking for. I don't need someone's proprietary software. Well run FOSS in the cloud might be more than enough.

[–] bagle@sopuli.xyz 3 points 9 months ago* (last edited 9 months ago)

The only down site is that it don't look like the data is end-to-end encrypted.

https://nubo.coop/en/faq/07_tech/tech_encryption/

[–] octopus_ink@lemmy.ml 11 points 9 months ago* (last edited 9 months ago)

I need to start paying attention more, how was this under my radar?

Having said that, your link isn't working for me. For anyone else: https://www.nubo.coop/

[–] tb_@lemmy.world 2 points 9 months ago

That's pretty cool, though their prices for cloud storage are a little higher than I was hoping for.

[–] viking@infosec.pub 23 points 9 months ago (4 children)

Email:

  • mailbox.org
  • tuta
  • hushmail

VPN:

  • astrill (expensive but awesome)
  • mullvad

Cloud storage:

Rent a small server / vps and set up your own nextcloud instance. Even some packages meant for webhosting work, as long as you can install custom php applications. I'm using all-inkl.com (private plus package) and got 500GB allocated to my nextcloud instance.

[–] Andromxda@lemmy.dbzer0.com 12 points 9 months ago (2 children)

astrill (expensive but awesome)

Rule No. 1 when it comes to VPNs: NEVER trust a VPN service that claims to be anonymous. VPNs aren't anonymous. Only Tor is anonymous.

[–] rumba@lemmy.zip 8 points 9 months ago

Likewise, never trust that tor is completely anonymous. There are a limited number of tor nodes, and an extremely limited number of exit nodes. The barrier to entry to stand up thousands of nodes is simply a cash problem. It certainly beyond the reach of most corporations, But I wouldn't want to do anything on tor that would draw the ire of a large government agency.

[–] viking@infosec.pub 4 points 9 months ago

They all claim to be anonymous. And yeah, nobody can independently validate the no logs policy, even Mullvad that has been security audited doesn't let anyone near their production environment, so what they release to the testers might not be identical to what they use live.

Calling TOR anonymous is a big stretch through, a bunch of commits to the code have been traced back to the CIA if I remember correctly, and various intelligence agencies worldwide are running exit nodes and log everything they can get their hands on. Whether they can decrypt it with current tech is another story, but you better believe they don't just delete it.

[–] avidamoeba@lemmy.ca 11 points 9 months ago

mailbox.org

Interesting, they even host their own Mastodon instance.

[–] BlueBaggy@sh.itjust.works 4 points 9 months ago (2 children)

What makes astrill special? Since they are really expensive.

[–] Andromxda@lemmy.dbzer0.com 13 points 9 months ago

Their absolute BS marketing. They claim to make you anonymous, which is impossible for a VPN provider. Never trust a service that claims such bullshit.

[–] viking@infosec.pub 6 points 9 months ago

They run a proprietary protocol that works in China and Saudi Arabia, where other protocols are known not to work. I've lived in China for 7 years, and Astrill never once let me down, while Express, Nord, Proton and a bunch of others hardly ever worked.

[–] onlinepersona@programming.dev 1 points 9 months ago

@Tutanota@mastodon.social hasn't responded yet to whether it's possible to migrate emails from proton to tutanota. Proton Mail has an export tool, but I couldn't find an equivalent import nor export tool for tutanota :/

Anti Commercial-AI license

[–] paddythegeek@lemmy.ca 12 points 9 months ago* (last edited 9 months ago) (2 children)

I have been mulling over Posteo for encrypted mail. Looks like a lot of the same benefits as mailbox.org, but my main attraction was the price (one euro per month) and fact that they do not associate payment with your email account. Haven’t done a deep dive but will compare to mailbox.org before I pull the trigger.

[–] Sunshine@lemmy.ca 8 points 9 months ago (1 children)

Their canteen is also vegetarian 👆

[–] _cryptagion@lemmy.dbzer0.com 2 points 9 months ago

Does that make the emails more secure?

[–] frayedpickles@lemmy.cafe 1 points 9 months ago (2 children)

Posteo is great, no issues in 2 years (not forever, I know, but it's what I got)

[–] paddythegeek@lemmy.ca 1 points 9 months ago

Thanks for the recommendation. What domain do you use for your email address, if you don’t mind my asking? Sounds like there are country codes available, but I’m not sure how relevant they would be to the address.

[–] asdfasdfasdf@lemmy.world 1 points 9 months ago

I wish their UI were better though...

[–] lambalicious@lemmy.sdf.org 8 points 9 months ago

~~Neutron~~

I assume here you want to explore the three services individually, because putting all the eggs in the same basket is dangerous. In which case, Mozilla has a VPN service that builds up on someone else's (Mullvad I believe?). Dunno what to suggest on the other two fronts.

[–] _thebrain_@sh.itjust.works 8 points 9 months ago* (last edited 9 months ago)

Personally, for a vpn, I really like airvpn. It has been around for ages. It's not huge. It's (seems to be) run by some very nice and super tech-savy people.

No, it's not the fastest. Their default VPN client (eddie, which is just openvpn heavily customized, and is open source) can be clunky, but they support wireguard and regular openvpn connections with a generated config.

A lot of people use it for, uh, sharing Linux iso's, but as a regular VPN service they are pretty awesome as well. They even have a way to tunnel their VPN connection over tor (https://airvpn.org/tor/) which is quite handy depending on where you are. And the Android client can spoof your GPS info to the country where their server is located.

As far as cloud storage goes, run my own nas, and have wireguard tunnel to my house which allows me to access it for any of my cloud storage needs.

[–] sloppy_diffuser@sh.itjust.works 5 points 9 months ago (2 children)
[–] lars@lemmy.sdf.org 1 points 9 months ago

I would prefer a service with MFA

[–] frayedpickles@lemmy.cafe 1 points 9 months ago

They are fine. They seem disorganized, I wouldn't use them as a primary personally, but I've used them as a side account for years.

[–] nothingcorporate@lemmy.today 5 points 9 months ago

Zoho mail + office suite + cloud storage/sync is only $3/month and good encryption and Mullvad VPN has locations all around the world, fast speeds, and a proven dedication to privacy for €5 a month.

[–] LittleBobbyTables@lemmy.sdf.org 4 points 9 months ago (1 children)

In regards to email aliasing services, addy.io is the only one I know of other than SimpleLogin, which is owned by Proton AG--so if you want to get away from Proton, SimpleLogin isn't an option. Both of these services are recommended on privacyguides.org.

Some email services allow you to use a domain you own, which theoretically should give you unlimited aliases to work with, but may not be as privacy-focused as the email address is only as anonymous as your registered domain.

Personally, I prefer the 'pseudonymous' aliases that addy.io and Proton Pass give (it's usually something like random.words123@passmail.net in the case of Proton).

If anyone has good experiences with other aliasing services that provide this option, please let us know.

[–] rumba@lemmy.zip 1 points 9 months ago

How about just a mail service with a catch-all option? If you send an email to my domain that doesn't match any of my known addresses, it ends up in a catch-all box. That box order deletes mail every month and I just check it when I need it.

[–] uranibaba@lemmy.world 3 points 9 months ago

I have had good experiences with https://www.ovpn.com/ as a VPN provider.

[–] ByteOnBikes@slrpnk.net 3 points 9 months ago (4 children)

For email, Startmail seems interesting. It was rated pretty high on PCMag.

https://www.startmail.com/pricing

Curious if people's thoughts.

[–] paddythegeek@lemmy.ca 3 points 9 months ago (1 children)

What legal jurisdiction do they operate in? I see German and English versions of their site but nothing in About Us on jurisdiction.

[–] xnx@slrpnk.net 4 points 9 months ago* (last edited 9 months ago)

The Netherlands.

The about section has this:

European privacy

We believe that privacy is a fundamental right, and that email communications should be private and secure. StartMail is independent from any commercial third parties or governments. Our headquarters and servers are located in the Netherlands, ensuring that your emails and data are protected by the European Union's General Data Protection Regulation (GDPR), the world's highest privacy standard.

[–] xnx@slrpnk.net 2 points 9 months ago

This looks great although i cant seem to find any mention of Open Source work they do? Thats something i really like about Proton.

[–] cygnus@lemmy.ca 1 points 9 months ago

FWIW Startmail doesn't have any calendar feature, which is ridiculous in this day and age.

load more comments (1 replies)
load more comments
view more: next ›