Most of the privacy claims (of all type of apps) are essentially garbage anyway because realistically, if a website or an app can be compelled to push an update to a specific user, then they can intercept anything they want.
It doesn't even have to be a specific binary, it can be "just turn on this A/B testing / debug flag for that user" or a piece of javascript
Privacy and security are not binary. Statements like “because it isn’t 100% secure or private, then it is not worth it” means one has essentially no clue. There is not such thing as 100% privacy or security, for starters.
It’s all layers of protection and/or trust and compromises.
>Most of the privacy claims (of all type of apps) are essentially garbage...
True. Everything has backdoored CPUs as its foundation. Consider, for starters: (Intel's 'Management' Engine); AMD's (PSP); Apple/Arm (black-box hardware).
You can layer as much theater as you like on top of the hardware-surveillance-layer in modern computers; it still won't grant you privacy.
Counter-surveillance is not a binary switch. We can win by forcing the government to use increasingly expensive backdoors and exploits (>$10k per capita per year, beyond which mass surveillance is impractical even with a $1T budget). Hardware backdoor capabilities are costlier to maintain and use than something at the app level. Encrypting content and leaving metadata exposed is still better than encrypting nothing because they'll have less info to work with which means more effort. The point of all this is not to make it impossible for the gov and corps to surveil a targeted individual (of course they'd be able to if they expend enough resources). The point is to ensure that they only have enough resources to do targeted operations rather than blanket mass surveillance. The former is fine for a democracy, but the latter destroys it.
>if a website or an app can be compelled to push an update to a specific user, then they can intercept anything they want
yes which is why i hoped they would implement a verification system like with a browser addon that compares the website client code used for encryption and alerts the user if it does not match the one served everyone else.
I don’t think that is a useful definition even if technically true. With that logic even Linux isn’t privacy because in theory they can push code that will only run for you.
You'll have to be more specific what kind of "privacy claims" you're talking about. Proton is definitely a lot more private than, say, Google. But, as always, you'll have to trust the party delivering the binaries you run. Also, any company operating legally, have to co-operate with court orders etc., but afaik they try to push back
I once did some tinkering with Proton Docs and I was able to find that the comments within Proton Docs when I used it via curl definitely felt like it had something like logs (I feel like I should try doing this again to have more definitive answer)
Either way, the response was encrypted but they hold the encryption key atleast within proton-docs.
I also want to say that Proton allows the ability to change password through OTP, (Something which I sorta appreciate[0]) but that means that their infrastructure can then have the ability to change password and you can toggle that functionality by sending a request to proton to allow OTP and on which number, so proton themselves can do that too. Unless, I am getting it wrong, by default, Proton still has your encryption keys and even if you change them (which 99% including me might not do), even then I definitely feel like there can be some concern.
To be honest, There is nothing like zero trust, that's what I learnt, You are still trusting Proton Aka The swiss laws behind it so that you know that they won't get legally forced to give more data than usual (like US companies for example) but they will still comply with the swiss laws (recent proton incident)
Then, secondly, you have to trust Proton themselves, but with something like this incident where Proton Meet might be omitting somethings, it doesn't paste a clear picture of transparency or trust.
I don't really know why Proton might create something like Meet especially with its infrastructure relying on the CLOUD Act, and then, try to sell it within the idea of privacy. They both are contradictory.
Proton is, creating lots of products, On one hand I can appreciate that, but on the other, as part of community, I feel frustrated/sad because they don't have some core features like proper proton drive rsync support or even some API[1]'s surrounding it. I tried to do the experiment in first place because I wanted to create a commenting engine for static websites which could use proton-drive as its backend. They really could gain a lot from transparency with proper API support and letting the community do things with it, but that's not really the case :/
I am still using Proton but they definitely aren't a bastion recently. I might still recommend Proton, but I sort of hope that companies self host some open source applications themselves, whether self-hosting with hardware or in a proper EU cloud like Hetzner/OVH.
But Incidents like these are making me a little more hesitant to recommend Proton nowadays.
[0]: as someone who had lost one of my previous accounts after my Keepassxc database got deleted because of me accidentally wiping my archlinux with tinkering with it, Now I use Bitwarden with OTP on proton.
[1]: I was able to make something like an API myself by relying on something like puppeteer, even with puppeteer though, it was really hard to make something like that. I couldn't create a public endpoint of it because having puppeteer instances for a commenting engine would be very resource intensive.
Hmm, I am not completely sure what the website is trying to say (there is soooo much text and it's quite unreadable). But it feels like it says "it is hosted on US servers, so it's baaaaad".
The thing is, it seems to be end-to-end encrypted with MLS, which means that the servers cannot decrypt the conversations. Probably some metadata are leaking (which IP is in a call with which other IP), but that's a different threat model. Metadata is always a harder problem.
Now I don't know if Proton knows which users are together in a call, or if it's just leaking IPs. Maybe the article says it, but I didn't have time to decrypt it :-).
The articles format is awful and designed to wast your time.
This article also just points out the use of Livekit but doesn't deliver what that means for your security. Maybe instead of writing a hit piece you could have dug deeper, talked to Proton?
I've seen alot of articles and posters here being negative on Proton, calling it "shady", regurgitating facts that are supposed to be gotchas but have tons of nuance if you dig and am beginning to think there is some coordinated effort to get people not to use it.
I'm sorry I had to use a feature on my browser I rarely use which is summarize. I'm pretty sure your point is valid and concerning but the way that page was designed is just too painful to read.
Especially questionable choice by Proton not to opt for the self-hosted option. LiveKit offers an enterprise tier that even lets you set up your own mesh, so you are not dependent on their hosted infra.
This is the worst form of Article I've ever seen. Did the author read this? Is there even really an author or did Chatgpt just write all of it and generate the page?
It may or may not be Proton Meet or Mail, but all I want is ZK E2EE (email at rest, text always similar to Signal) "Lavabit" with better tech architecture, without mandatory KYC de-anonymization, hosted in some US non-compliant location on real hardware they physically control, by a small, worker-owned co-op cadre of talented technical people who run a tight ship. Bonus points if they offer VPS and OpenVPN/wireguard exit nodes too.
I just love people who go on their soapbox to complain about a newer alternative when the status quo is worse
"nooo but proton mail complies to court orders!!111" wow shocking I know right? Do you think the other providers don't?
These are usually the same people who forget rubber-hose decrypting works
"But they use LiveKitCloud" yes - however we don't know half the story
Can Proton BYOK over their infra?
LiveKit's website TOS with a generic user - not ProtonMail. We don't know if there are any agreements there
> "all disputes are governed by the laws of the State of California"
Yes this is common with TOS.
> Their privacy policy explicitly acknowledges FTC jurisdiction and states the company will "access, preserve, and disclose your information"
This is the important part, not the other one above it
> showed active connections to 161.115.177.32 on port 443, a LiveKit-owned IP block (ARIN OrgId LIVEK) hosted on Oracle Cloud Infrastructure
Good test, but what/where was the originating IP? Was it using Brave's VPN (to the US) by any chance?
TBH I'm still more annoyed about the 90 day cookie - that was just rude
So again "why don't we have better privacy respecting options?" Maybe because if we try to do it some "privacy advicates" will throw a massive fit complaining about all its shorcomings (and still not pay for the service)
Please remind me: Is there any legitimate business venture that can operate outside the laws of the country they are registered?
If there is, why don’t these people who write blog posts and comments about how “this is all a scam!!” “It’s a psyop! “They” control it all!” If it’s all black and white, if there no real difference between a company like Proton and Google or Microsoft, then why don’t they create a business that provides a service where there’s no way to any government know anything at all, ever? They’ll be printing money..
But perhaps the conspiracy realm and public broadcast of ideals is more attractive than a real business.
Yes, you shouldn’t trust 100% in a person let alone a group of people that form a company. Grow up.
What a shitty website. I got to about the third slowly-fading-in-picture-of-text block and realised that whether or not I wanted to read it, it's more effort than it's worth.
Proton is the most shady company out there, especially with the fact that they try to make you put all your eggs into their basket. I stopped using their email (when they used to be an only email company) when they dropped the .ch domain. Same goes with botched security products like grapheneOS and the likes, when the hardware is backdoored, the modem is tracking you more than your psycho ex, yet you are given these illusion of security to buy.. you are not, in fact, you are gonna get more obvious for fingerprinting than using an average iPhone like most people and blend in. Honeypot, hornets nest, whatever the terminology but the concept being used and is still used to lure people in and make the job easier to ID them than going after them in the wild.
> Proton’s launch blog post for their new video conferencing product contains this paragraph: “laws like the US CLOUD Act can compel US-owned video conferencing platforms to hand over any data they store, even if the servers reside outside of the United States. This creates serious compliance challenges for organizations bound by GDPR, CCPA, or similar data protection laws. That’s why we’ve created Proton Meet.”
Actually, it creates an incompatibility, period.
How much I dislike all this weasling around, trying to find a gap, where none exists, hoping, that the law won't be followed to the letter, lack of interest in following the law to its logical conclusion, all in the name of wanting to conduct business in an easier way, even if not adhering to the law. I wish all those companies trying that would be gone. Let us have solutions that are inside the EU, many of us don't want the US big tech crap any longer. I wish that governments and people in charge of public institutions and their tech decisions realized this. Instead they weasle around and try the "But we are using Microsoft in the EU!" as if that is worth a dime.
Try convincing me, that a company like MS in EU won't oblige, when the command from MS in the US comes to send over some data. Good luck!
yo, livekit acts as independent controller for call detail records under their own dpa. that means proton's privacy constraints don't even apply to that data. livekit can hand call records to us law enforcement without notifying proton
Proton has too many services. I wonder how many more they will introduce until Proton Drive will finally receive a Linux Desktop client? The worst thing about "we have everything" services, that they will actively try to shove you each and every service repeatedly on each occasion. As "do not put all your eggs in single basket" type of user I absolutely have this marketing nonsense.
What the hell kind of horrible website did I just click on. That may perhaps be the single worst format of any web page I have EVER visited in my entire life. Wow.
Pretty funny because a few weeks ago some dude felt compelled to virtue signal about how he was moving off American-controlled services like Gmail, as some ostensible protest against Trump and the Iran War. I pointed out that Proton Mail, one of the services he moved to, is ultimately controlled by the US Gov, and my comment got flagged lol.
Proton being at the behest of Uncle Sam has been old news for a while.
After Proton has repeatedly turned over users of their email account to law enforcement, always with many excuses, their claims about no ability for any government to see what's going on on their network ran very hollow.
I know Brave has offered their talk video conferencing service for awhile, but I don't know if any serious network analysis has been performed on it.
https://talk.brave.com/
170 comments
It doesn't even have to be a specific binary, it can be "just turn on this A/B testing / debug flag for that user" or a piece of javascript
It’s all layers of protection and/or trust and compromises.
>Most of the privacy claims (of all type of apps) are essentially garbage...
True. Everything has backdoored CPUs as its foundation. Consider, for starters: (Intel's 'Management' Engine); AMD's (PSP); Apple/Arm (black-box hardware).
You can layer as much theater as you like on top of the hardware-surveillance-layer in modern computers; it still won't grant you privacy.
> Most of the privacy claims (of all type of apps) are essentially garbage anyway
I think that’s a sweeping generalisation.
>if a website or an app can be compelled to push an update to a specific user, then they can intercept anything they want
yes which is why i hoped they would implement a verification system like with a browser addon that compares the website client code used for encryption and alerts the user if it does not match the one served everyone else.
ctemplar mail used to have this many years ago
https://web.archive.org/web/20200201012958/https://ctemplar....
I think that would be widely decried especially on HN if that is one day implemented.
Either way, the response was encrypted but they hold the encryption key atleast within proton-docs.
I also want to say that Proton allows the ability to change password through OTP, (Something which I sorta appreciate[0]) but that means that their infrastructure can then have the ability to change password and you can toggle that functionality by sending a request to proton to allow OTP and on which number, so proton themselves can do that too. Unless, I am getting it wrong, by default, Proton still has your encryption keys and even if you change them (which 99% including me might not do), even then I definitely feel like there can be some concern.
To be honest, There is nothing like zero trust, that's what I learnt, You are still trusting Proton Aka The swiss laws behind it so that you know that they won't get legally forced to give more data than usual (like US companies for example) but they will still comply with the swiss laws (recent proton incident)
Then, secondly, you have to trust Proton themselves, but with something like this incident where Proton Meet might be omitting somethings, it doesn't paste a clear picture of transparency or trust.
I don't really know why Proton might create something like Meet especially with its infrastructure relying on the CLOUD Act, and then, try to sell it within the idea of privacy. They both are contradictory.
Proton is, creating lots of products, On one hand I can appreciate that, but on the other, as part of community, I feel frustrated/sad because they don't have some core features like proper proton drive rsync support or even some API[1]'s surrounding it. I tried to do the experiment in first place because I wanted to create a commenting engine for static websites which could use proton-drive as its backend. They really could gain a lot from transparency with proper API support and letting the community do things with it, but that's not really the case :/
I am still using Proton but they definitely aren't a bastion recently. I might still recommend Proton, but I sort of hope that companies self host some open source applications themselves, whether self-hosting with hardware or in a proper EU cloud like Hetzner/OVH.
But Incidents like these are making me a little more hesitant to recommend Proton nowadays.
[0]: as someone who had lost one of my previous accounts after my Keepassxc database got deleted because of me accidentally wiping my archlinux with tinkering with it, Now I use Bitwarden with OTP on proton.
[1]: I was able to make something like an API myself by relying on something like puppeteer, even with puppeteer though, it was really hard to make something like that. I couldn't create a public endpoint of it because having puppeteer instances for a commenting engine would be very resource intensive.
The thing is, it seems to be end-to-end encrypted with MLS, which means that the servers cannot decrypt the conversations. Probably some metadata are leaking (which IP is in a call with which other IP), but that's a different threat model. Metadata is always a harder problem.
Now I don't know if Proton knows which users are together in a call, or if it's just leaking IPs. Maybe the article says it, but I didn't have time to decrypt it :-).
This article also just points out the use of Livekit but doesn't deliver what that means for your security. Maybe instead of writing a hit piece you could have dug deeper, talked to Proton?
I've seen alot of articles and posters here being negative on Proton, calling it "shady", regurgitating facts that are supposed to be gotchas but have tons of nuance if you dig and am beginning to think there is some coordinated effort to get people not to use it.
It may or may not be Proton Meet or Mail, but all I want is ZK E2EE (email at rest, text always similar to Signal) "Lavabit" with better tech architecture, without mandatory KYC de-anonymization, hosted in some US non-compliant location on real hardware they physically control, by a small, worker-owned co-op cadre of talented technical people who run a tight ship. Bonus points if they offer VPS and OpenVPN/wireguard exit nodes too.
"nooo but proton mail complies to court orders!!111" wow shocking I know right? Do you think the other providers don't?
These are usually the same people who forget rubber-hose decrypting works
"But they use LiveKitCloud" yes - however we don't know half the story
Can Proton BYOK over their infra?
LiveKit's website TOS with a generic user - not ProtonMail. We don't know if there are any agreements there
> "all disputes are governed by the laws of the State of California"
Yes this is common with TOS.
> Their privacy policy explicitly acknowledges FTC jurisdiction and states the company will "access, preserve, and disclose your information"
This is the important part, not the other one above it
> showed active connections to 161.115.177.32 on port 443, a LiveKit-owned IP block (ARIN OrgId LIVEK) hosted on Oracle Cloud Infrastructure
Good test, but what/where was the originating IP? Was it using Brave's VPN (to the US) by any chance?
TBH I'm still more annoyed about the 90 day cookie - that was just rude
So again "why don't we have better privacy respecting options?" Maybe because if we try to do it some "privacy advicates" will throw a massive fit complaining about all its shorcomings (and still not pay for the service)
If there is, why don’t these people who write blog posts and comments about how “this is all a scam!!” “It’s a psyop! “They” control it all!” If it’s all black and white, if there no real difference between a company like Proton and Google or Microsoft, then why don’t they create a business that provides a service where there’s no way to any government know anything at all, ever? They’ll be printing money..
But perhaps the conspiracy realm and public broadcast of ideals is more attractive than a real business.
Yes, you shouldn’t trust 100% in a person let alone a group of people that form a company. Grow up.
> Proton’s launch blog post for their new video conferencing product contains this paragraph: “laws like the US CLOUD Act can compel US-owned video conferencing platforms to hand over any data they store, even if the servers reside outside of the United States. This creates serious compliance challenges for organizations bound by GDPR, CCPA, or similar data protection laws. That’s why we’ve created Proton Meet.”
Actually, it creates an incompatibility, period.
How much I dislike all this weasling around, trying to find a gap, where none exists, hoping, that the law won't be followed to the letter, lack of interest in following the law to its logical conclusion, all in the name of wanting to conduct business in an easier way, even if not adhering to the law. I wish all those companies trying that would be gone. Let us have solutions that are inside the EU, many of us don't want the US big tech crap any longer. I wish that governments and people in charge of public institutions and their tech decisions realized this. Instead they weasle around and try the "But we are using Microsoft in the EU!" as if that is worth a dime.
Try convincing me, that a company like MS in EU won't oblige, when the command from MS in the US comes to send over some data. Good luck!
Proton being at the behest of Uncle Sam has been old news for a while.
I know Brave has offered their talk video conferencing service for awhile, but I don't know if any serious network analysis has been performed on it. https://talk.brave.com/
For document collaboration, I'm not aware of much else that's private/encrypted (etc) however. https://www.privacyguides.org/en/document-collaboration/