I’ve been using Proton Mail and VPN for a while now, and I’m just wondering how everyone else feels about them. I have this kind of inherent alight distrust of them just because they seem like they offer a lot for free and kind of have a Big Tech vibe about them, but there’s nothing for me to really substantiate that distrust with, its mostly just a feeling. That being said, I do use their services as mentioned and they work pretty well, even on the free teir. So aside from that one instance where they gave that guy’s info to the feds, is there any reason not to trust them with my data?

  • Scolding7300@lemmy.world
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    Why is it trivial for them to steal your private keys? Does your computer unable to verify public keys?

    I’m a bit of a novice when it comes to HTTPS handshakes

    • Espi@lemmy.world
      link
      fedilink
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      One of the bold claims of proton is that all your data is encrypted and they can’t see it (not 100% sure how they do it, probably your key is encrypted with your password as a symmetric key? Then when you log in, the client unlocks your private key and then that key unlocks the emails and stuff).

      Now, it also turns out that they write the software that uses your key to decrypt the emails. It would be trivial for them to just send the keys back to themselves and decrypt all your stuff.

      I don’t think this is a huge point against proton, as AFAIK no one else even offers encrypted email. But nonetheless I would like to see an api and some third party clients.

      • Scolding7300@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I see now, so it’s more on decrypting my data rather than stealing private keys in the context of httpscommunications. I thought for some reason it was about Proton VPN specifically.

        Thank you for explaining!