Proton's Suite of Products has become too big for my taste (hexbear.net)

submitted 20 hours ago* (last edited 15 hours ago) by jackmaoist@hexbear.net to c/technology@hexbear.net

50 comments fedilink hide all child comments

As much as I like using Proton Mail and VPN, their current offerings have grown exponentially in size.

I would highly recommend anyone here to not put all their eggs in one basket. Proton can and has in the past disabled user accounts for no reason. This means that you will lose access to everything you use with them.

Only use Mail or VPN and use other services for other needs.

Mail -> Tutanota
Calendar -> Tutanota
Drive -> Just make a NAS. I don't trust any provider with file storage.
VPN -> Mullvad
Pass -> Bitwarden or Keepass
Wallet -> Don't buy crypto
Docs -> ~~OpenOffice~~ LibreOffice
Sheets -> ~~OpenOffice~~ LibreOffice
Authenticator -> Aegis or Ente Auth
Meet -> This is fine.
AI -> Run something locally

you are viewing a single comment's thread
view the rest of the comments

[-] JustSo@hexbear.net 12 points 12 hours ago* (last edited 12 hours ago)

Every time I try to pull together everything for a Proton effortpost I run out of energy. Some of the following are disputed heavily in internet comment sections. I can't be fucked arguing about it, but if anyone's curious here's some stuff from my recent searches. I still use proton for mail because I haven't migrated my complicated setup to something else yet, but I don't trust their services. Email I can live with as a convenience compromise for now, "encrypted email" is kind of misleading anyway and not what I rely on it for.

Anyway,

https://proton.me/legal/transparency

https://intelod.net/reports/proton-mail/

https://stavroulapabst.substack.com/p/proton-mail-imperialist-stooge

https://encryp.ch/blog/disturbing-facts-about-protonmail/

https://steigerlegal.ch/2021/09/15/cia-protonmail-foia/

Since that last one (a Swiss legal blog) is in German and I have already machine translated it I will put the contents here in a spoiler.

CIA on ProtonMail: “We can’t confirm or deny”

Did the CIA fund ProtonMail directly or indirectly? Are there any relationships between the CIA and ProtonMail? What documents does the CIA have about ProtonMail, the “secure email service from Switzerland”?

These and other questions were asked by a ProtonMail user of the Central Intelligence Agency (CIA), the American foreign intelligence service.

The Freedom of Information Act (FOIA), an American law on freedom of information, gives everyone the right to request access to documents from state authorities.

CIA on ProtonMail: “We can’t confirm or deny”

To the total of 12 detailed questions, the Information and Privacy Coordinator of the CIA answered the aforementioned user in a very close manner, namely essentially with “We cannot confirm or deny”:

The CIA has not found any documents that would publicly confirm a relationship between the CIA and ProtonMail:

«[...] we did not locate any responsive records that would reveal a publicly acknowledged CIA affiliation with the subject.»

With regard to all other documents, the CIA could not confirm or deny the existence or lack of documents relating to ProtonMail. The information as to whether such documents existed or not was confidential and could therefore not be disclosed:

«With respect to any other records [...], the CIA can be nor confirm nor deny the existence or nonexistence of records [...]. The fact of the existence or nonexistence of such records is itself currently and ordination and is intelligence sources and methods protected information from [...].»

The likelihood that the CIA does not have a single document related to ProtonMail is very small. After all, ProtonMail has over 50 million users, including many from the USA.

Background: Affair around the Crypto AG and the manipulated encryption devices

The non-information will encourage all those who suspect that ProtonMail is operated by intelligence agencies or at least has relations with intelligence agencies.

“For decades, more than a hundred states have been spied on by the CIA and BND. Hundreds of thousands of secret messages between government agencies, authorities, embassies or military bodies have been systematically intercepted.
How was that possible? The more than 100 governments bought encryption devices from the former Zug-based company Crypto AG. These ciphers were so manipulated that the two intelligence agencies could intercept everything. Newly leaked intelligence dossiers prove that Crypto AG was bought by the CIA and the BND in 1970 – veiled by a foundation in Liechtenstein. [...]»

The same applies to Infoguard AG, a sister company of Crypto AG:

“The fact that Infoguard was used for intelligence actions in the first phase of its existence – between 1988 and 1992 – is almost certain.”

It is no secret that the CIA is participating in “start-ups developing intelligence-related products” through the venture capital company In-Q-Tel:

A well-known example is the controversial company Palantir Technologies, which is also active in Switzerland. “The only investor and client was the CIA for years.”

Another well-known example was the American Keyhole Inc., which developed the software that is now known as Google Earth offered. The company “Keyhole” was a tribute to the CIA’s KH reconnaissance satellites, which were used for espionage between 1959 and 1972.

However, investment by the CIA is only exceptionally made so publicly.

“Meanwhile, In-Q-Tel has invested in hundreds of companies and manages assets worth several hundred million dollars. The official investment arm of the CIA is an exception. Normally, links between intelligence agencies and business enterprises are more discreet. [...]»

Intelligence: Investment for more surveillance?

Internet companies that promise their users privacy, security and confidentiality are not only a popular destination for investment in the United States:

This is how the British-Israeli IT security company Kape Technologies buys together VPn providers, most recently ExpressVPN. GhostVPN and Zenmate have also been in possession of Cape Technologies for several years.

“The company’s desire to buy is not all a sense. Observers such as the IT expert Felix von Leitner aka Fefe notice that Israel should thus become a stronghold for VPN services. Thus, increasing parts of the network communication encrypted on long distances could be recorded and intercepted comparatively simply by intelligence agencies of the country such as the Mossad, since there is no end-to-end encryption in VPN and data is available in plain text with the technology service providers.”

With ProtonVPN, Proton Technologies, the provider of ProtonMail, is also active in the VPN business.

- Attorney Martin Steiger

Martin Steiger is a lawyer and entrepreneur for law in the digital space. He deals in particular with data protection law, intellectual property law, IT law and media law. In addition to his legal practice, he is involved in the digital society and flies in his spare time as a private pilot. Martin Steiger is also co-founder of Legal Tech-Unternehmen Datenschutzpartner AG (Switzerland) and VGS Datenschutzpartner GmbH (Germany).

[-] JustSo@hexbear.net 9 points 12 hours ago* (last edited 12 hours ago)

Note that the "transparency report" is what passes for a warrant canary at Proton. Notice that they don't report activity during the year, just an annual summary of all the legal orders they've received, how many they contested and how many they complied with.

Mind you that's purely them complying with legal orders from Swiss court (often/usually acting on behalf of a foreign interest.) As the legal blog post outlines, there is a long history of american and israeli intelligence investing in encryption services and mathematically backdooring the products, which if that is the case with Proton, is a separate issue to the incidences tallied up on the so-callled transparency report.

When I first started using Proton they were not complying with over ten thousand court orders in a year. I think if I were looking for hosted services today I would be very skeptical about Proton and suspect that they trade on historic good will that they perhaps never deserved and certainly don't deserve now.

If you're going to use their services, treat them as any other small time corporate owned online service and do not entrust your freedom and safety to them if you have any reason to fear state level threats. ETA: Or even well funded corporate ones.

this post was submitted on 21 Dec 2025

86 points (95.7% liked)

technology

24136 readers

555 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

context@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

Wakmrow@hexbear.net

SwitchyandWitchy@hexbear.net