• BananaTrifleViolin@lemmy.world
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    1
    ·
    edit-2
    6 months ago

    I’m not sure how I feel about this news story.

    On the one side, it’s good to make sure people are aware of the limitations of secure email providers. However on the other the article almost reads as of this should be a surprise to people?

    I use Proton mail and pay for my account. I don’t pay for anonyminity - I pay for privacy. They are two very different things.

    The article talks about Opsec (operational security) and they’re right - if you need anonyminity then don’t use your personal apple email as a recovery address. That is a flaw in the user approach and expectations that unencrypted data held by Proton is also “secure”. Your basic details and your IP address are going to be recorded and available to law enforcement. Use a VPN or Tor to access the service and use another untraceable email for recovery, and pay via crypto if you want true anonymity. And even then there are other methods of anonymous or untraceable secure email that may be better than Proton mail (such as self hosted).

    But for most users like myself, if you’re not looking for anonyminity then Proton is fine as is. My email address is my name and I use it to keep my emails secure and not snooped on by Google etc.

    Proton advertises itself as private, secure and encrypted. It does not claim to offer anonymity.

    • Cataphract@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      6 months ago

      All valid points made in an academic setting. I think the general consensus, and the points other users are trying to make, involve more transparency and proper presenting of the facts in their statements. I have parroted the “oh you should try proton, they’re more private and secure” to other people. This is a factual but misleading statement without the nuance of higher OPSEC fundamentals.

      Just look at their main landing page for proton mail.

      • Proton Mail’s end-to-end encryption and zero-access encryption ensure only you can see your emails. Not even Proton can view the content of your emails and attachments.

      • Proton Mail protects you from these digital spies and prevents companies from monitoring you.

      • your data is protected by some of the world’s strictest privacy laws.

      • From newsrooms, activists, and international organizations to academics, Nobel Prize winners, and movie characters, Proton Mail is the trusted choice for secure and private communication. Join over 100 million people worldwide who believe their online privacy is worth protecting.

      A common user will look at this and believe that by just having this account, they will be protected. There is no asterisk* beside e-mail recovery explaining the dangers of linking to another e-mail. In fact, a lot of their services promote linking e-mail because you can’t use third party verification if you haven’t setup your recovery e-mail and/or cell phone verification. I ran into this trying to help an older relative who’s paranoid about online accounts, ended up being more hoops and they were dissuaded because it always come down to “enter more information to continue…privately ;)”

      The front landing page should have a section explaining everything that’s being said here with vpn’s, alternative e-mails, and how to really protect yourself with anonymity. To a lot of people, Private+Secure=Anonymous. It’s not accurate, but unless you already know the things you have to do to protect your identity, it’s not very clear on what the average person should do.