I know the CEO dug himself a pretty deep hole recently.

I had been meaning to switch all the services I currently use over to proton - but his remarks gave me pause.

Is it still worth considering?

  • Sonalder@lemmy.ml
    43·
    13 hours ago

    I think Proton still offer a strong UX and great privacy, what are your main worries ?

    • John Richard@lemmy.worldEnglish
      9·
      12 hours ago
      1. Proton recently admitted they were impacted by Cloudflare outages cause they route a lot of their traffic through US servers using Cloudflare.
      2. Almost no one (like prob 0.1% of users) would ever have the time & knowledge to check for changes in JavaScript that might be different for them vs others, plus some of those would be routine updates, A/B testing, etc. If Proton wants to get your data all they have to do is change the JS sent to you or small portion of users, and it is very likely no one will ever notice.
      3. Many Proton services will get updates that are not pushed to the open source branch for several weeks.
      4. Proton disallows free accounts from using things like their Desktop Mail app without a paid account.
      5. Many Proton services are unnecessarily geared towards ecosystem lock-in, when the security can be achieved in other ways.

      Those are to name a few.

      • Sonalder@lemmy.ml
        31·
        12 hours ago
        1. Looks bad, but what about the other mainstream options such as Tuta ?
        2. True but I do think it will get noticed pretty quickly but probably not fast enough.
        3. For weeks ? I know new products are always proprietary closed beta but didn’t knew that…
        4. I think it’s pretty fair as it is a freemium service, paid user needs to get rewarded for paying.
        5. Yeah I prefer to endorse free and open solution rather than closed garden wall, even if they are published under open source licence, but in the other hand It seens like there is a demand from the market for a privacy-respecting ecosystem that offer a similar experience to Google for exemple.

        There is no such thing as a perfect solution or perfect security. Depending on your threat model I do think Proton isn’t a bad option, maybe it’s not the best but as of today all the honeypot claims seems to be simply FUD. Your worries are legit but I’m pretty sure you can have similar worries for other products that you use and feel safe using them.