this post was submitted on 24 Sep 2023
108 points (99.1% liked)

Privacy

31973 readers
308 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I'll start off by saying everyone's economic situations are just as varied as their threat models and how people make decisions on which services can be specific to themself and not one that can apply to anyone else. The services one chooses to use for free or to pay for may be based more on what they can afford vs what's the best broad reaching plan.

That being said i'd like to see what others think about the proton suit of services. I've been eyeing it as an option for a paid service for a while but am hesitant to put all my eggs in one basket. I'm interested in a vpn, mullvad seems to be the other popular choice. I'm also interested in email address anonymizing service like anonaddy. At $5 for mullvad, $3 for anonaddy, and $3 for base proton email it comes out to a dollar more than protons premium tier which gets cheaper if you pay for 1 or 2 years at a time.

As said above would the biggest reason not to use proton for all of these separate services be not putting all your eggs in one basket?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 35 points 1 year ago* (last edited 1 year ago) (2 children)

I've been on the Proton premium plan for about a year and a half and love it.

I mostly use it for Email and the VPN, but I do use Proton drive for some random stuff.

I don't use Proton Pass because I already use Bitwarden for all my PW management needs.

Email and calendar services have been pretty much flawless so far. I like the interface, the Proton mail bridge works well for desktop clients like Thunderbird if you want to use those. The apps work really well on my Android device, all of them, Calendar, Mail, and VPN.

My torrent box Proton VPN CLI app has been solid too.

[–] [email protected] 2 points 1 year ago

Literally the exact same here. And I love this setup.

[–] [email protected] 2 points 1 year ago

Proton Pass is useful for aliases that don't count against your total addresses. Passwords go into BitWarden though.

I am annoyed it requires an app or browser extension though. No native web interface I could find.

[–] [email protected] 17 points 1 year ago* (last edited 1 year ago) (3 children)

By default just did a video (piped link) on this and I 100% agree with him. The killer feature is simplelogin. Being able to use a different alias email for every single account I use is absolutely amazing.

[–] [email protected] 2 points 1 year ago

There are other such services such as addy.io but SimpleLogin is a lot better integrated IME. Addy for example can be quite janky; adding a big message up top of the email and such.

There's also the fact that you only need to trust a single entity for email if you use SL + ProtonMail.

[–] [email protected] 1 points 1 year ago

Here is an alternative Piped link(s):

did a video

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] [email protected] 1 points 1 year ago

I used to subscribe to Simplelogin as well - but lately I have been seeing sites/merchants who do not accept the Simplelogin email domains as valid, and I have to put in my personal gmail ID to proceed (e.g. the restaurant POS system "Toasttab").

[–] [email protected] 13 points 1 year ago* (last edited 1 year ago) (1 children)

I switched from Proton to Tutanota for two main reasons.

  1. I didn't want to put all my eggs into one basket, just like you. With Tutanota I get email and calendar in one package. For VPN and online storage I use independent solutions (Mullvad, local solution via syncthing). Related to this, I don't like paying for a bundle of programs when I only really want to use a subset.

  2. Proton isn't following through all the way. They keep adding services (password manager and captchas recently), but they don't provide the same experience across all devices. I'm on linux and their drive doesn't offer a client that syncs my folder with essential documents. I have to manual upload. That's a dealbreaker for me.

[–] [email protected] 1 points 1 year ago

This is not to counter your point (I agree they should probably offer a client to sync files on Linux), but rclone recently added (beta) support for proton drive, so you might want to check that out if you're still using it.

[–] [email protected] 10 points 1 year ago

One reason for deciding on which service(s) to pay for is which service do you want sticking around. I can get a wireguard VPN from a number of providers. I like the way Mullvad does things and so I choose to get my VPN from them. One could make the same argument for email from Proton or groupware from Kolab.

[–] [email protected] 9 points 1 year ago (3 children)

WHY isn't their email client on f-droid ? isn't it opensource ?

[–] [email protected] 13 points 1 year ago

F-droid doesn‘t accept the Proton Mail client due to integrated google notification framework. The APK however is available on protonapps.com.

Proton is currently rewritting the Android application completely.

[–] [email protected] 4 points 1 year ago

It is available through the IzzyOnDroid repository if you want to download and update the app using an F-Droid client.

[–] [email protected] 2 points 1 year ago

Agreed, that would be nice. At least they have a dedicated APK download site. https://protonapps.com/protonmail-android No self-updating though

[–] [email protected] 9 points 1 year ago

I think they are unnecessarily expensive for email. I would rather go with tutanota. I don't like having all my eggs in one basket. Calendar/email/contacts in one provider and VPN service in another is the way to go, in my opinion.

[–] [email protected] 9 points 1 year ago (1 children)

Proton plus here too. I use the vpn, 500gb drive for backups, and have set up my own domain name email. I tried their password manager but didnt like it at all. I dont think it is ready yet.

[–] [email protected] 2 points 1 year ago (1 children)

I use Proton Pass to generate aliases with the browser extension but otherwise use 1password which is much more mature and has great support on all platforms.

[–] [email protected] 3 points 1 year ago (1 children)

@beeb You can do that via other password managers as well or use the SimpleLogin extension directly. Doesn't have to be through ProtonPass

@zerodawn @mertn

[–] [email protected] 1 points 1 year ago

Yeah bitwarden will create simple login aliases natively.

[–] [email protected] 7 points 1 year ago

Proton hosting mail for my domains so I don't have to anymore: Priceless. There, I said it. I'm very happy to pay for it.

Proton VPN: Nice. I use it a lot when I'm on the road.

Proton Drive: Nice for throwing backup copies of important stuff once in a while. I don't know anybody else who actually uses Proton Drive so sharing files isn't part of my use case (then again, I don't know anybody who actually uses Google Drive, so I've never shared files through that, either).

[–] [email protected] 6 points 1 year ago (2 children)

For what is worth I haven't been able to get the storage sync to work, the VPN app isn't as simple/fast/as easy as mullvad, proton has little support for Linux. I use proton because it works with portmaster but I'm not a huge fan of it.

[–] [email protected] 1 points 1 year ago

Some third party tools you might find useful.

I do use rclone but I'm pretty happy with b2 storage. I did a small test with proton and it seemed to work.

https://rclone.org/protondrive/

VPN in docker with port forwarding. Didn't have any luck routing host traffic through it but I didn't dig too deep. Might be useful for a web based torrent docker container.

https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/protonvpn.md

[–] [email protected] 1 points 1 year ago (1 children)

They offer OpenVPN profiles for their VPNs so you can use them on basically any platform where that's available.

[–] [email protected] 2 points 1 year ago

And even better: wireguard configs as well

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

I've been using Mullvad for years. I buy the gift-card type voucher from Amazon, which has a code under a scratch-off type material on the back, & then put the code into the Mullvad app for additional time. No way to tie my Amazon account to that gift card (with a random anonymous code under the scratch off) and then to my Mullvad account. The gift card is also discounted from their normal pricing. According to their blog, they've also recently completed their "migration to RAM-only VPN infrastructure" further assisting with the "no log" policy. I previously used PIA, until Kape Technologies bought them (research "Kape Technologies malware" for my reasoning).

Until somewhat recently, I used to torrent everything. However, Mullvad stopped supporting port forwarding ("PF", which allows you to open a port, so others can connect to you and download content from you. This keeps a healthy "swarm" and helps keep a file seeded past when the original uploader has finished supporting / seeding the torrent. However, this also allowed scumbags to upload / share some horrible content -think children- and Mullvad didn't want to be a part of that, for an obvious reason, as well as others), in addition to some other VPNs dropping PF support. This has caused a big problem for me and many others completing files which are even somewhat old, like not even a year old, and very popular. Additionally, RARBG went down, and I was having trouble finding another website that I liked even somewhat as much.

I use usenet now. Although I don't need a VPN with usenet, I will most likely keep my Mullvad account because of how cheap it is, and how much I like their service and privacy policy.

In regards to Proton email, the base account is free, which I use as my personal account now (with my real name) for family, friends & business. Proton "Mail Plus" is $3.99/Mo., billed on an annual basis (at least that's what I'm seeing). Then, I also have a Tutanota email account (also free) that I use for all other uses (buying stuff, bills, etc.), and I also like their integrated calendar (although I may continue using the Thunderbird calendar). (Edit: I also completed 4 easy "tasks" with Proton, like getting the app, and they upgraded storage from 500MB to 1GB.)

I use the Firefox browser, but I've never used the Mozilla "Firefox Relay" add-on, so not sure if that's a reliable free alternative to your anonaddy. With me splitting up my two email uses, with Proton & Tutanota, I haven't really considered a need for something like Relay or anonaddy. I'll also mention that as far as I know, the VPN that Mozilla/Firefox offers I believe is still Mullvad rebranded.

[–] [email protected] 4 points 1 year ago

I still can't see how their Proton CAPTCHA system being proprietary is justifiable.

[–] [email protected] 4 points 1 year ago (1 children)

I don't trust Proton enough to use it exclusively. Personally I use their free email tier as a secondary mailbox.

  • They are not fully open source (I found only web client source code)
  • Their last independent audit was in 2021 and was done for beta version of their email
  • The audit itself was for security, nothing related to privacy
  • They advertise their email service as encrypted: encrypted:

End-to-end encryption Proton Mail is a private email service that uses open source, independently audited end-to-end encryption and zero-access encryption to secure your communications. This protects against data breaches and ensures no one (not even Proton) can access your inbox. Only you can read your messages.

Which I see as deceptive: end-to-end encryption is working without user involvement only for emails between Proton mailboxes. In other cases user needs to establish PGP encryption on their own. Inbox may be not accessible by Proton (we actually have no clue because server side code is closed source), but unencrypted incoming messages can be easily intercepted by Proton relays.

I'm not saying that Proton does all this nefarious stuff, but their marketing is questionable.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

@pound_heap

When you send an encrypted email to a non-Proton user, you click on the lock icon to encrypt the email and assign it a password, which you need to get to your user. The recipient then receives an email with a link. They click on the link, enter the password and and can then view your email, which to my understanding is decrypted client-side.

https://proton.me/support/password-protected-emails

@zerodawn

[–] [email protected] 3 points 1 year ago

I'm using Proton Plus, and have no need for their other services. Don't really see a necessity for VPN in my daylie use.

[–] [email protected] 3 points 1 year ago

I am on proton plus, have to decide between proton unlimited (1/2 year plan) to get proton vpn, or continue with proton plus and get mullvad vpn.

[–] [email protected] 2 points 1 year ago (5 children)

I've been using Nord, and I'm on the fence about switching to either Proton or Mull. I'd like to hear how people chose one or the other

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (2 children)

Just in case you don't know, you should do an internet search for "nordvpn data breach." I'm not saying you should switch, or that Nord is bad, but you should at least be aware that this situation occurred and it has been a consideration for a lot of privacy first type people ever since.

[–] [email protected] 1 points 1 year ago

Yeah, I paid for a year's worth of service, then found out. I'm cheap as hell so I'm gonna ride out my subscription, but I'm definitely switching...I just haven't decided on the service yet

load more comments (1 replies)
[–] possiblylinux127 1 points 1 year ago

You could setup your own VPN or use Tor

load more comments (3 replies)
[–] [email protected] 2 points 1 year ago

There's usually a black friday sale. I use simple login with the email service and its great. The vpn and calender are solid as well.

[–] [email protected] 2 points 1 year ago

Honestly, I think it boils down to our ecosystems. There are other mail + calendar providers out there. When children are involved, I think it's worth a few bucks to get a custom DNS, a privacy-focused email/calendar provider, and give children the space to grow up in a world that collects as little metadata as possible.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (2 children)

Proton unlimited, and I don't understand why did they go with Proton Pass. There's products like Bitwarden and LastPass (and more) that are feature rich. Bitwarden is open sourced.

I think having separate services is good, especially if it's cheaper that way. For photos I use ente even though I have 500gb just because they specialize in photos (same reason why Pass isn't useful IMO)

[–] [email protected] 12 points 1 year ago (2 children)

So what if LastPass exists? They got hacked twice and covered it up. Proton pass auto fill works better than LastPass. Use what you want but why suggest a product shouldn’t exist because there is competition?

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I'm arguing that they seem to waste resources instead of solidifying their existing product suite. Like features for Drive, basic ones like a desktop client for auto sync.

I know you can't make a baby in 1 month with 9 women, adding another product with only basic fetures seems wasteful to me given the state of the other ones.

So when there's products like Bitwarden I wouldn't pay for Unlimited if you're looking for the most bang for your buck.

[–] [email protected] 2 points 1 year ago

Agreed. Having choices is a good thing. I'm quite happy with Bitwarden, but I was happy to see that Proton is offering a password manager as well.

[–] [email protected] 1 points 1 year ago

I cant remember which plan i am on but it costs $5/.o (paid in crypto) and allows me to use @mydomain.tld as my email address so if i ever leave them i dont have to change my email addresses again.

[–] [email protected] 1 points 1 year ago

I was in te same situation as you . I had anonaddy (addy) , Bitwarden, Mullvad , and was using google drive for stuff I don’t care about privacy. The thing is that

  • Bitwarden : has more development than proton pass , but pass is great anyway and has all my needs even 2fa.
  • addy: has plenty of free things enough for me but started to find most of their domains are blocked to register a user. SimpleLogin from proton feels more developed and works flawesly with proton pass
  • Mullvad: is an execelent vpn , very simple , fast , cheap , but it has very few locations and mine particular one was missing, also it doesn’t have port forwarding . All these thins proton vpn have it.
  • cloud drive: I really needed something to store more sensitive data, proton drive now have a desktop client so it is perfect por my needs. If you sum all the services it will be like 8 or 9 dollars I think , and the benefits of the proton services integrations I think $13 is a win.
[–] [email protected] 1 points 1 year ago

Proton Visionary for few years now, iirc paying about $200/y. Honestly I mostly just use for ProtonMail. Once or twice a month I use ProtonVPN but it's rare. Same for calendar. I don't use ProtonDrive as I prefer to rely on NextCloud on Webo, mostly due to rich document editing capabilities.

Overall very happy with it but I admit one of the motivation for paying so much for Visionary was both to support the project AND to rely on my own domain. This way if for whatever reason Proton goes to shit, which I surely hope not, I can seamlessly switch to another provider, or self host, and nobody would notice the difference, no lock-in despite quality and trust.

load more comments
view more: next ›