46
submitted 1 year ago by snek_boi@lemmy.ml to c/privacy@lemmy.ml
top 19 comments
sorted by: hot top controversial new old
[-] ShroOmeric@lemmy.world 19 points 1 year ago

You want to apply for a job or just curious?

[-] snek_boi@lemmy.ml 4 points 1 year ago

I was thinking about incentives and motivations. Are they motivated by profits?

I was also thinking about how sometimes listening to everyone in a team can save them from failure. Do Proton and Tutanota listen to everyone?

[-] 7heo@lemmy.ml 4 points 1 year ago* (last edited 1 year ago)

I'm pretty sure tutanota is just another company with employees doing their boring 9 to 5 job. They have an admirable goal, but I'm not too fond of how they go about it (the whole "use our app, the browser or bust" is, all things considered, a pretty big mistake IMHO), and the people from tutanota I have interacted with didn't strike me as specifically "driven".

I can't speak for proton, however. I have used it, it also doesn't let people use email clients. So, maybe it's better than tutanota, probably, I guess. On the other hand, tutanota has their app on f-droid, and proton doesn't.

Either way, if they really cared about E2EE and email, they would have extended the existing, instead of reinventing the wheel. Yes, it's harder. But it would actually foster natural transitioning of users over time, and it would make a deep, lasting impact, instead of essentially being a "proprietary platform" with apps (open source or not).

[-] snek_boi@lemmy.ml 2 points 1 year ago

Interesting. Thanks for the reply!

I have also chatted with Tutanota workers and I didn't have the impression that they were not driven. In fact, I think about myself: if I was a good enough developer, experienced with their stack, I'd love to work with them just for what they stand up for regarding privacy and openness. It seems like a very gratifying way of spending my time.

As to the closed platforms, I totally agree with your criticism in purely abstract terms; I don't like that I need to rely on Tutanota for encrypted email instead of a federated system like XMPP or Matrix. However, Matrix has been an aspirational platform in which only my closest friends, and the wokest or tech-savvy acquaintances join. For a good chunk of my daily life, if I want libre, metadata-reduced, and encrypted communication, I have to rely on Tutanota's closed email system.

Do you think there's a way of extending email (rather than "reinventing the wheel") that's also as simple as "give me your email and let's agree on a password"?

[-] 7heo@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

I have also chatted with Tutanota workers and I didn't have the impression that they were not driven.

Full disclosure, I have no idea about the position of the person I talked to. They sounded quite superior, so I am guessing they were talking about a subject that is their daily work (so I'm assuming dev). But it is far from mine (even though I would like to know as much as humanely possible, I have unfortunately no time to learn app development, browser development, and the related ins and outs), so I can't judge how knowledgeable they were.

It seems like a very gratifying way of spending my time.

Definitely better than most jobs, yes. No questions there.

However, Matrix has been an aspirational platform in which only my closest friends, and the wokest or tech-savvy acquaintances join.

That is, IMHO, more related to politics and release timing than anything else. I have taken forever (only deployed a server 2 weeks ago) to try matrix because of all the associated complexity and inherent "nerd factor" (RTFM and all that, again, I have a pretty demanding job and a private life too - so I really appreciate a solution like signal, briar, simpleX, etc, that can stay out of the way while allowing me to use it until I have time to eventually review bits and pieces and then more). It's a sad thing, but they missed a key wisdom from Linus Torvalds himself: make it as painless as possible for the user (after all, all salespeople know that a good sales opportunity is characterized by a "pain point" for the user).

Do you think there's a way of extending email (rather than "reinventing the wheel") that's also as simple as "give me your email and let's agree on a password"?

Great question, thank you for asking. And yes, absolutely. I believe MUAs have done a terrible job presenting the users with clear UI for PGP. The PEP project has gone farther than most, and contributed quite a bit, but in fine, I would posit that they all missed the mark in associating PGP encryption with an opt-in, additional feature, while, correctly implemented in the UI, it would actually be a very viable solution to combat spam, by defaulting to EE2E+signature for all emails. And thus, it could be a very good way to sell it to "normies".

This could still be done with a "normal" email interface, but enabling the whole automatic encryption+signature via a procedure similar to signal's cryptographic verification.

Also, the MUA should clearly manage the pgp keys by default, allowing their management via the OS as an opt-out, so to enforce sensible defaults, allow expiration extension, etc etc.

[-] inspxtr@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Not OP. But I’m personally curious about the question regarding how decisions are made, but with more focus from the perspective of user experience. As in, how do they decide which features to focus on?

While I’m a fan of Proton, sometimes they seem to be doing too many things simultaneously, which is good but I worry them spreading themselves thin.

How do they do user experience research, especially with many people in the privacy community usually turning telemetry off? What do they rely on to make decisions about features and user experience? Do surveys work for them? Who make the decisions afterwards?

[-] merde@sh.itjust.works 1 points 1 year ago

can't it be democratic and hierarchical?

does one exclude the other?

[-] CAPSLOCKFTW@feddit.de 9 points 1 year ago

That's not what OP said, they're asking for two different metrics without any implication about dependency.

[-] snek_boi@lemmy.ml 2 points 1 year ago

Not necessarily :)

[-] snek_boi@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Ok, so I just read upon Proton AG, the company behind Proton, and they don't seem to owe investors money, because it was originally crowdfunded and now it finances itself with subscriptions. That sounds great! It is quite different to surveillance capitalism and enshittification (given that enshittification requires advertisers).

I am not advertising for Proton, by the way. To make that clear, I still wouldn't use them because they seem to have very limited VPN functionality in their Linux clients. As a Linux user, I wouldn't want that. However, if they fix that in the future, I could consider switching.

Edit: Similarly, I found this website https://www.ethicalconsumer.org/company-profile/tutao-gmbh summarizing its evaluation of Tutanota as ethical. It takes into consideration its ownership structure. Unfortunately, I cannot find details because there is a paywall for the information, but it could be the case that Tutanota does not owe money to investors and therefore is not seeking to maximize profits but rather provide a good service while compensating fairly its workers. I wish I could have more evidence.

I like that, if I only need mail with 20gb of storage, Tutanota is cheaper.

I don't know what to do. I'll have to think a bit longer.

this post was submitted on 04 Sep 2023
46 points (94.2% liked)

Privacy

32177 readers
886 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS