this post was submitted on 26 Feb 2025
524 points (98.0% liked)

Technology

63313 readers
5286 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
524
Proton will no longer post on Mastodon (discuss.privacyguides.net)
submitted 1 day ago by [email protected] to c/[email protected]
153 comments fedilink hide all child comments
 

Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates”

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 20 hours ago* (last edited 20 hours ago) (1 children)

doesn't impact the security sufficiently to make a difference for the average user.

I think it is borderline. I am not advocating for PGP, I like the Signal model where you trust signal for introductions but have the ability to verify, even in retrospect. Trust but verify. Even a few advanced users verifying Signal keys forces Signal to remain honest or risk getting caught.

I think the lack of meaningful verification for proton is a significant security weakness, though average user probably has bigger things to worry about.

[–] [email protected] 1 points 20 hours ago (1 children)

I think I can agree with that. Unfortunately PGP is the only alternative we have for emails (i.e., the client-side tools would still be doing PGP encryption), which is also the reason why it shouldn't be used for really delicate communication. The fact that - whatever setup you use - there will always be metadata showing that person X communicated with person Y alone is a nonstarter for certain types of communication.

Signal would be my recommendation.

[–] [email protected] 1 points 19 hours ago* (last edited 19 hours ago)

Yeah, we should just ditch email for sensitive communications.

Anyway, my point was that I lost trust in Proton back then over this and went to Tuta that has native clients. It makes no difference to my security since I don't think I ever sent or received a single mail that was actually e2e encrypted. But Tuta's more serious approach to e2ee made me slightly more confident in it as a company.

Now it kinda looks like it was the right choice.