this post was submitted on 03 Jul 2024
1036 points (98.2% liked)

Technology

57472 readers
3757 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
1036
Proton launches privacy-focused Google Docs alternative: Docs in Proton Drive is an open-source, end-to-end encrypted collaborative document editor (proton.me)
submitted 1 month ago by [email protected] to c/[email protected]
181 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 1 month ago

This simply isn't really possible.

Even if they published open-source code for their backend, it wouldn't prove that it's actually what their systems are running.

And when you are storing your data on their servers, and decrypting it by sending over your password, there's no way you can actually truly prevent them from accessing your data, if they were to modify how their systems function overall. (this is true for every company)

Even if they were using zero-knowledge proofs to verify and prove to you the computation done on the server matched what would be expected from published open-source code, then either their very own systems (and by extension, their administrators), or a different company's proprietary TPM module, would be the root of trust for those ZK proofs, and would still have the same underlying trust assumptions of at least 1 company having the ability to potentially steal your information.

If you want to rail against Proton for this, you have to be against every single cloud-based instance of code that hosts encrypted data, by any company, for any user.

Saying Proton acts just like Microsoft is a laughable comparison to make in order to justify claiming a lack of privacy or security on Proton's part.

Why? Is it because they're both companies that offer online services? Guess what, loads of companies do that. But you know what Proton doesn't do? Give away the contents of people's files, like Microsoft states they do in their own transparency reports, that they conveniently stopped publishing in 2022. Microsoft handed over the content (not just IP, email, etc, but actual docs, communications, stored files, etc) of thousands of people's accounts to law enforcement. Proton hasn't given out content once.

And this doesn't even consider the fact that Proton's business model is privacy. For Microsoft, their users will keep using their services regardless of their privacy, but for Proton, if it comes out that their services are no longer private, nobody will use them anymore, because nobody who got them for privacy would need them at that point.