Summary
Proton Mail, known for its privacy-first email services, faced backlash after CEO Andy Yen praised the Republican Party and its antitrust stance.
The company initially posted and deleted a statement supporting Yen’s comments, later claiming an “internal miscommunication” and reiterating its political neutrality.
Critics question Proton’s impartiality, particularly as it cooperates with Swiss authorities on legal data requests.
Privacy advocates warn that political alignments could undermine trust, especially for Proton’s users—journalists and activists wary of government surveillance under administrations like Trump’s.
I really don’t understand why smart people put their eggs in the proton basket.
Big (shady) money rule Switzerland. A Swiss server or company isn’t safer or more trustworthy. Quite the opposite.
Excluding Switzerland from the equation, most in the US don’t have + or - for Switzerland unless it’s banking.
You can never trust any company to put your needs first. A good moral company has at least its founders, private funders, employees, and vendors to look after before they worry about your wants and needs.
Proton was kinda small. 500 employees for a communications company isn’t bad.
Good start.
Proton made a name for itself. WE ARE PRIVACY FIRST and they mostly delivered on that in technical capabilities.
So far, so good.
Then they doxed someone’s IP (french?) due to a remote government order.
Not great, but anyone would do that. There have to be limits. That said, they now clearly play ball with governments.
All the other providers would do the same. They’re now on par with most, but less likely to sell all my data down the river. But my needs are to keep my secrets state secret level. (or so I think)
Then he crawls up Trumps ass.
Now, I’m doing nothing illegal. Nothing immoral. Nothing questionable by the previous administrations standards, but what happens If I start to protest? If I subscribe to democratic news sources, is this jackass going to train an AI on my and hand my name address and phone number to the neo facists running my country now?
We put our eggs wherever we think they can best be served conveniently and for the best price.
You can also choose to not put your eggs anywhere. You can secure your email but not sending any.
we were trying to choose price+convenience+security.
knock one of those legs out, it’s not a table anymore.
This comment needs more upvotes inmho. This is exactly right. It’s how I followed this history myself. They built on Privacy first. Now there are red flags which were not clear before.
On the hacker news thread: https://news.ycombinator.com/item?id=42837181
They discuss the topic and there is only a single reply from ProtonPrivacy, saying it’s miscommunication and blah blah.
It was not enough to dispel my sense of unease and concern and a single comment isn’t exactly ‘fighting to set the record straight’.
My 2¢.
They’ve done a lot of damage control. They were on Reddit too, They spin it that the pick he made was actually a reasonable pick, (1/50 even if they’re right on this one and I don’t think they are) but they don’t address that he went on to Twitter and tagged Trump to try to gain favor.
One can’t reach out to the man trying to dismantle democracy and say “hey buddy, you’re doing great! Can I get in on some of that?” and still try to claim centrist.
I mean, “spin it”, that’s literally what the tweet said, in a response to a tweet (from trump, hence the tag) that announced that pick. He praised the pick and generalized on the fact that republicans are more likely than democrats to fight big tech. Good or wrong that’s everything that was said and a perfectly legitimate opinion, even if I may disagree.
This also happened in December, not yesterday.
Aside from the political stuff, I’m also concerned about proton from a technological standpoint. You can’t use a standard mail client with proton, you have to use their own. So, if they wanted to, they could push out a single malicious update which would render all of the end-to-end encryption stuff pointless. You could argue that using Thunderbird + GPG + Gmail is more secure/private.
You can if you use the bridge, which is not perfect but basically does the GPG encryption/decryption for you and exposes IMAP etc. (I think you can also do your own PGP encryption on top, not sure).
The supply chain issue you discuss is the same with any tool, with the exception that with proton you have an automated update system (I.e. every time the page loads js code), while with more traditional tooling you upgrade based on your choice (more or less). You are likely not checking the code in either case, but a malicious update could backdoor or bypass your encryption either way. Technically you can build the proton client yourself but anyway, this is just theoretical stuff, nobody does that.
Gmail + GPG is anyway worse, first of all from a UX perspective, where every device needs to be managed separately (GPG keys need to be available, you need to manage them, managing keys and keeping them secure is hard). Second, you will use GPG only with selected people of whom you have the key. With proton you will use it automatically for all Proton users at the very least and all proton users can use it with you automatically too.
Then there is the problem with metadata. They cannot be encrypted of course, and with gmail you are 100% sure they are using them to profile you and mine whatever data can be mined (e.g., who you talk to), while with proton you can reasonably be confident they don’t.
Part of the reason is that the protocol that’s uses for retrieving emails (IMAP) is pretty old and doesn’t support end-to-end encryption. JMAP is supposed to be a modern replacement, but it’s not widespread yet, and also intentionally doesn’t support E2EE.
E2EE is hard, for example searching has to be done client side rather than having a search index on the server side (since the server is not able to decrypt the data to index it). I haven’t tried Proton but I’m curious as to how they solve this… I guess they’d sync the entire mailbox and index it locally, like what (non-mobile) Thunderbird does.
I really question the value of E2EE for emails, though. Communication between servers (e.g. someone on Gmail sending an email to a Proton user) uses TLS but is not, and will likely never be, end-to-end encrypted. Emails you send to other providers are also not likely to be encrypted on the other provider’s end.
Thank you! I was also very confused how all these privacy-conscious people warned against big corporations, and then starting using a product… By a big corporation. Just because they say they’re privacy conscious and nice and safe and whatever doesn’t mean it’s true. I mean, they might be substantially better, but there’s no proof of that. Every company always makes promises, at first. I guess people really like to believe in an underdog.
It’s like if someone warned you against eating sweets because they’re unhealthy, but then pulls out their own bag of sweets saying “oh no, these sweets are fine because the company that makes them promised they’re healthy”.
They’re not big. 500 people at a communications company that develops their own stuff is relatively tiny.
https://tuta.com/team
Team looks great. 14 employees in 2020, I bet they’re honestly serious about security
Either due to spectrum or other, I can’t interpret this without questioning if it’s sarcasm 😆
Straight up honest. I can’t* argue with 14 people running a 2 million-user service and openly talking about the team on their page.
I like it more if that top tier was about $5, but the probably lack the scale to decrease cost.
edit: missed a 't
Yep and if you look at some corrupt sports bosses like Sepp Blatter, Gianni Infantino and Rene Fasel, all are Swiss.
What’s the alternative in your opinion? Google, or something else, and why?
Anything + PGP + Tor + VPN.
There are countless mail servers one can use. I use a mail server hosted by Swedish ISP Bahnhof (which I trust). You can also self host. But then you need to be on the dark webs if you really care about privacy (I dont recommend this).
Or Delta Chat. Or Signal/Matrix/Session/Whatever. This is the preferred choise. EMail is legacy.
Tuta has been good for me.
I just set up a bunch of purelymail addresses on a couple domains I own. I bought into proton for 2 years just a couple months ago. So I’ll transition away slowly.
Tbh it seems like there are no good alternatives to protonmail. You just have to host your own
Host your own probably isnt a good idea unless youre on the dark webs. Probably not worth it.
If super privacy is a requirement. For normal work/junk mail, sure!