this post was submitted on 11 Jul 2025
470 points (89.6% liked)
Privacy
39870 readers
414 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
I have this bad gut feeling about Signal and Proton, I have no evidence tho.
proton has already shared user data with authorities; you don't have to go by your gut
Maybe it's because the current administration uses signal to plan acts of war and proton's ceo is supportive of said administration.
They don’t use Signal though. They use a clone called TeleMessage Signal which logs and archives all their messages on an Israeli server, and which a hacker was able to access before the service was suspended.
You can’t really help if someone forks and misuses software.
Ah, I believe this is what's called "a conspiracy theory" if you had more details.
For Proton it is the "tech bro"-y feeling and for Signal it is wondering about financing. Also, if you are paying for your own audits there is an obvious conflict of interest.
I'm sorry - paying for an audit is somehow a conflict of interest? How exactly is that?
As someone who had to contract auditing firms every year, and personally sign off in their report as part of our compliance, I would love to hear how I should have ....what? Won the audit lottery? Applied for some sort of government assistance? Prayed to an audit fairy godmother?
Who the F else is paying for our audit? I want free audits! I bet everyone does.
My guess is they think that since you're paying for the audit the auditors won't bust you for fraud, which is cute, since the auditors are asked to audit specific things that the company asks them to audit. They're not released on the company like witch hunters, with wide open access to everything, cutting a swathe through fraud and criminality while people are furiously burning documents in the basement. So there is no conflict of interest, since the auditors are looking at what the people using them are asking them to look at.
I know, it's just kind of laughably shouting they don't know what either an audit or conflict of interest actually are.
The hardest part some times is finding an audit firm that isn't stupid expensive, but also won't do a shit job and give you a report that looks like some knock-off free LLM didn't write it to maximize their own payday. I love a good audit report with findings, it means I didn't waste money. But my shit is (well, was, at another place years back) locked down tight, so we didn't ever expect anything terrible.
Same here, everyone was so stressed about "the audit" but we had written common sense processes and executed them as needed, with mechanisms in place to flag potential areas for improvement if we found gaps.
The audit was fine.
Some of those mentioned likely are compromised, but cannot figured out which. The thing, is to diversify our risk and the privacy minded to use different platforms (Proton VPN and Mullvad VPN for instance).
The good news, is that if an agency is compromising something, they will likely won't use the intel gathered in court cases in order to leave it open to future prey, so that is good for vast majority of users. The very few that are relevant enough should not trust even the genuine privacy tools and resort to enhanced methods and combining methodologies.
My impression, and just impression, is that I would trust **Tuta **more than Proton (and not because Proton's CEO that many interpreted wrong anyways) On VPN... a tad more trust on Mullvad. Signal, I would not use it for high stakes communication but OK for most people. GrapheneOS seems okay and we know for sure it does not leak info on a daily basics, but we have to be careful, it could have an obscure code dormant waiting for a trigger or could easily send data to an unsuspected server, Ironically, if I were Snoden, I would feel more comfortable using a Huawei Mate with HarmonyOS than a Pixel 9 with GrapheneOS... of course China spies too massively, but it has far less beef with Snoden than the US does, therefore not of much interest to Beijing.
Remember that overwhelming majority of FOSS goes without any audit, let alone a comprehensive one. This is what some trusted party should put AI checking ASAP all the FOSS out there!
Very interesting insights. Funnily I use all of the services you cautiously recommend, including GrapheneOS, but not HarmonyOS, hard pass on that one. As a German I am also legally required to prefer Tuta. :) I still have that OG 1€/Month contract.
Edit: Your last point is a good idea, although I think the more popular an open source app is, the less likely it is to be malicious. A lot more eyes on it and the xz backdoor was caught pretty much immediately.
Of course... for us normies... GrapheneOS is the way to go. Very high targeted individuals in the West should however consider HarmonyOS. Of Course the Chinese government has eyes on that one but not specifically targeting you... unless they use it to trade intel on someone of high interest for China but no much collaboration between West and China intelligence agencies today...
True, popularity increases the chances someone auditing. But, to a point. Ideally audit should be performed with every single update and on the servers, and there the premise of more eyes does not hold true no more. Then it comes trust. In a company like Tuta, the people behind showed their faces from day one, the same people are there, is a tight team so harder for a bad apple to do something. Considering both Tuta and Proton were good from inception (and I believe it may be the case), it would probably would be easier for an intelligence agency to penetrate Proton than Tuta, just for the structure that appears they have from outside. Now, Tuta made a horrible mistake once! In the Russian invasion of Ukraine, independently of one's take on it, Tuta made the "Standing with Ukraine" (March 2022); that was a mistake, it may many doubt if privacy still their paramount over any other ideology. Maybe they have change since since no statements on Gaza... or maybe they agree with what is happening... who knows... that is why they should not make any statements at all, or clarify that while they have their ideologies in no case, ever will compromise their stands on privacy. To be fair, Proton did the same... nothing on Ukraine but on Gaza "We unequivocally condemn the terrorist attacks by Hamas against Israeli civilians […] We also condemn violence against civilians in Gaza"; so I guess both are comparable here! My trust for both is slim, as a company, and even their individuals.