Ain’t gonna stop me from shit posting about group chat leaks on signal
Man I wish my old account were banned. I’d point out so many comments and you all screeching that proton would protect you🤣
…email will inherently be a lot less secure than messaging, no matter what you do.
If you truly want to be private about something, don’t email it lol
People like Jeffrey Epstein running one of the biggest blackmail networks in the planet and at the same time blatantly emailing each other about it from gmail really amazes me. Either they are that stupid or powerful enough that they just don’t care.
Is it really so hard to make it secure? If both parties are using some kind of secure email client, couldn’t the clients just encrypt and decrypt the subject/content?
The main issue is that in reality, 95%+ of people aren’t using an encrypted service. So it’s proton to Gmail usually
Sure but this is very similar to messaging isn’t it? Like most of my friends use WhatsApp, but a few people use signal and that number is increasing.
At least with email, a single client could presumably send encrypted emails to others when possible, and regular emails when not. Add opposed to messaging where I cannot send messages from signal to WhatsApp
no matter what you do.
Even PGP?
…TBF, getting your counterparty to also use PGP is the heavy lift there.
Security yes, privacy not especially.
PGP lets you encrypt the messages and sign them to digitally prove you sent them.
It doesn’t help with the problem here which is that the metadata of who you are (the IP used to log into the webmail and the email address of the sender) and who you’re talking to (the email of the recipient) and when (timestamps etc.) were able to be leaked.
In fact, depending on the implementation, PGP could be considered slightly worse for privacy because you’d have the added identity proof of the message having a signature that only you could create with your private key (although that’s encrypted, it’s a stronger identity proof than the sender email address). It also generally leaks the recipients’ key IDs too (although that’s configurable) PGP is great for accountability, message confidentiality and non-repudiation. Not so much for privacy. For that you’d need other systems.
Good point re: metadata. Keeping that private is an underrated aspect of security.
Or go talk to the other person out in the middle of a field somewhere without your phones. And I’m not even 100% sure anymore that that would work. Like, maybe the lanternflies are bugged (pun intended).
Well I’d suggest a forest instead but anyway depends how you get there :
- look up online how? there might be now a path on a server to your target destination
- disconnect phone in a pattern that’s usually not how you use it? more surveillance
- public transport tracking, plate tracking until you leave the city
- rough estimation on your direction then follow up with drones tracking you, if it’s 100m high it’s hard to notice
… anyway, ending the paranoia comment ;)
Don’t forget facial recognition! Then just in case you decided to wear a mask, gait recognition!
Membership in the Ministry of Silly Walks about to pay off!
The bird surveillance system is always watching. Remember birds aren’t real!
Flying tape recorders.
When a service can only hand over a timestamp, that’s when you know the encryption is doing its job. 🔐
This comparison makes no sense.
Signal doesn’t have payment data. It’s not a paid service. Proton is a paid subscription service and that payment data needs to be accessible in order to charge the user and they’re not a payment processor.
The fact that it’s a paid service doesn’t mean they have to keep your PID and payment info on file. I use posteo.de for my email, which is a paid service. But my payment info is only used during the payment process and they don’t keep it on file once they receive the payment. You buy like 12 or 20 months and have that many credits. When it starts to get low, you buy some more.
Proton let me delete the payment information between charges, but they certainly made it a painful process. I had to email support
Interesting system! Correct me if I’m wrong though, but buying credits does look like it’s not an automatically recurring payment (to buy credits), so that makes sense (they do keep the receipts though according to their privacy policy. Decoupled from the account, but they do keep data).
That’s a bit different from Proton’s credit card payment method (which is the case here) that automatically recurs. If Posteo offered automatically recurring payments, they’d have to save payment data as well (which they also explain in the privacy policy).
To be clear, Proton does also offer more private ways of paying. Paying by credit card is not the only option. Bitcoin or cash is also possible. I just found out that Proton does also actually offer a credit system as well, but it’s unclear to me if that’s decoupled or not. Definitely a place where they could do better.
What if a user donates to Signal?
What if I buy Signal Nitro
Not sure, they do seem to store something (pretty unclear what though), but I’m guessing that can be fully decoupled from a user’s account, since it’s unrelated to the actual service.
if i ran a privacy focused company, i would keep records that are just wrong and dont link to correct people at all. If i actually need to make records maybe i would make somekind of system where i personally can use them, kind of like extra cypher on top of everything else that would transform/pick the useless data into actual data. So if someone demands the records and i just have to give them, i’ll just give them -> they cant get anything out of them anyway.
Can’t demand me to be competent too 🤷♂️ maybe i would give excuse that i used ai to wibe code the thing
Just saw someone claim Signal was a honeypot the other day. No sources of course and then this info comes out.
I hate this sentiment. I was part of a bachelor party, and we had a group chat going. Had Android/iPhone users, so it was just a MMS chat. I suggested we use signal, and one of the iPhone users goes on a rant
“I’m not gonna use Signal. It’s just a honeypot for the CIA. Why else would they fund it if they didn’t get any value out of. It’s obviously a honey pot”
Do they think MMS is magically invisible?
Host your own matrix server
It is goofy for sure. Nobody that claims it is one ever supplies proof beyond “trust me, bro” or they get screechy and hostile when you ask for sources.
I’m not gonna use Signal. It’s just a honeypot for the CIA.
No you’re thinking of telegram.
So there is actually disinfo about it being funded by the CIA. I had heard it was, and tbh didn’t care too much. I figured they funded it because they used it and got value. It’s well audited so I trust it. Only learned it’s disinfo when I looked for a source to include in my original reply
https://euvsdisinfo.eu/report/us-intelligences-services-control-the-signal-app/
That is exactly what they did, the user used a credit card with their damn name on it, while Proton even allows you to send them cash money for the service.
The FBI filed a MLAT (Mutual Legal Assistance Treaty) request which was processed by the Swiss Federal Department of Justice and Police.
The Swiss gave a legal binding order to Proton to hand over information that they had, the only information that was handed over was the payment identifier.
I don’t get why people get hung up on a company complying with a legal order by their justice system, especially with Proton that could not hand over any more information.
The issue is them having any info to give out in the first place, it is a horrendous transgression for a shop that touts privacy as their thing.
Signal demonstrated that you can decouple payment info from account info and thus they ain’t got nothing to produce, MLAT or not. The least Proton coulda done is mimic that tech.
I have pointed this out to protards many times. The fact is there are solutions to not keeping this data on their servers. Then they have the audacity to blame the user.
A company that was concerned about privacy and not money would have already moved this data off their servers. Proton is a garbage company.
That is not really the same, Signal is a donation and Proton is a subscription where a monthly (or yearly) request has to go to the payment provider for your fee, for this you need to keep the payment information on file and linked to the account. Signal can say I got donated by someone but they do not need to keep this information linked to a specific user, just the payment record (that still has your cc/bank details on it) for tax purposes.
Proton even allows you to send them cash money for the service.
They won’t accept Scottish bank notes tho >: (
Proton allows payment with cash, so you can stay private, but if you use your credit card, your company will know and they have to store it in some way.
Not Protons fault in this case.
They don’t have to store it.
Signal demonstrated that you can decouple payment info from account info
How did Signal demonstrate this? Signal is not a paid subscription service
I donated them money once. I wonder if they still have a trace of it.
Signal supports payments between users
Indeed, but those are crypto payments from a third party crypto wallet. It’s also between users and not recurring, so Signal has no reason to keep the data.
The least Proton coulda done is mimic that tech.
Proton even allows you to send them cash money for the service.
Still shame that they can’t do it if you pay by card. Being able to send periodic payment by cash is fine but it’s a bad excuse to claim that there are no improvements.
Same. It’s not like these companies can just say no to legal orders within the bounds of their laws. I also think a fair number of users that get outraged over it aren’t big on actually reading the privacy policies for the services they use. IMO Proton didn’t do anything surprising here if one reads that policy.
Service A is compelled to hand over all the data it has on a user
They comply
Service B is compelled to hand over all the data it has on a user
They comply
“And that’s how it’s done!”
Proton has the disadvantage of having to work with other email services as well, so there’s protocol limitations. When mailing from one Proton mailbox to another, they do intentionally avoid SMTP for this reason, but Signal has the advantage of “owning” the whole protocol, too.
I imagine if you donate with a CC to Signal, they might also be forced to turn that over. The weakness is not in Signal or Proton, but in the Visa/Mastercard duopoly and CC processing in general. Cryptocurrency has some advantages here, but they are outweighed by the abuse, fraud, speculation, and general dishonestly (and just general failure to be good currencies for “normal” purchases.)
The criticism is that better privacy can be achieved by not saving data, it is a good criticism but I don’t know how legit it is because I don’t know if credit card payments can be processed without saving the data (i would assume yes, if tokenized)
proton only encrypts (without PGP) emails between 2 protonmail users
Nothing stops you from pgp encrypting your own mail
yes, PGP is the exception to the protonmail encryption
*end-to-end encrypts. All email contents are encrypted on the Proton servers regardless of who they were sent to.
God, I wish more people used Signal
I’ve been using Signal more to test if I can recommend it to other people… it’s mostly like WhatsApp, which is good…
Except, can we please disable all of those god damn popups. Everyday: “Hey! Verify your pin!”, “Hey! Verify your LONG ASS recovery key!”, “Hey, plz donate!”, “HEY! I couldn’t start a backup”, “HEY LOOK AT ME!”
- I have never been asked to verify my recovery key.
- It asks to verify pin once a month. Which I think is fair, since it can help you recover from a lockout / transfer your device.
- backups are important, but they can also be disabled
- Donating to open source projects is important, as it’s a large portion of their funding.
It asks to verify pin once a month. Which I think is fair, since it can help you recover from a lockout / transfer your device.
Even that is too annoying. OK, I just realized there’s a way to turn off reminders. Trust me bro, I’m not gonna forget. I’m a big boy.
backups are important, but they can also be disabled
Ah! YES! Thanks! I just poked around deeper in the settings and disabled them. Backups are not important to me. I don’t want to backup my messages.
I have never been asked to verify my recovery key.
Maybe it’s because I had backups on? Let’s see if this popup goes away.
Donating to open source projects is important, as it’s a large portion of their funding.
Agreed. Which is why I donate to them… And I still get the popups! I’m already a donor, leave me alone.
Overall, I want to give my attention to my messages, not to Signal. Leave me alone. Let me message people. I don’t want to be nagged. WhatsApp doesn’t nag people nearly as much. I know Signal is overall better, but user annoyances like the excessive popups makes it harder for me to try to convince normal people to use Signal.
I agree with all your points, BUT I do think Signal could be slightly less “user-hostile” with the reminders, maybe?
I get annoyed at the pop-ups in my Linux system, too, and all of them are got similarly legitimate reasons. Getting the way of my current task (or worse stealing focus) doesn’t even seem like the “right” way for computers/tools to behave.
How obtrusive are the popups? Are you on iPhone or Android? The pin verify popup is like 20% of the screen at the bottom for me. And it’s nearly the same color as the background, so I sometimes don’t even notice it. Or at least, I finally see it and think “how long has that been there?”
I agree that some things can probably be scaled back. But wouldn’t it be an even worse experience if someone forgot their pin, and thus was unable to access their data?
Android and desktop. I’m no UX designer, so I don’t know what the ideal is, but when I’m using the software with a purpose, anything that gets in the way of that purpose is (at best) an annoyance. I’m probably wrong, but I think I’d prefer a passive notification to verify pin / donate / whatever that triggers after/as I leave Signal for something else – a indicator I’m done with my purpose (albeit flawed; maybe I just need to copy info from FF or whatever.)
One problem with Signal is that it can be difficult to connect with someone who is on there.
I’ve run into this a couple of times myself. And I’ve had friends run into it too. We know for a fact someone is using Signal, but you can’t find them in the search, even though you have them in your contacts with the correctly formatted number.
Personally, this issue has become a stumbling block for getting people I know to use it more.
Yes this is a problem. They use to have it so that you could see all your contacts and you could use it as your normal messenger app and if they also had signal then you get encryption. At least now you can use a username instead of a phone number. Problem with that is you can only have one username. You can change it but that gets messy.
Does that person allow searching by phone number? That is a setting you can disable.
Do you have to find a person in search to be able to send them a message?
Phone numbers.
I don’t like Proton after the CEO posted the pro-Trump statement and did not use them after that.
Its really weird how people are blaming Protonmail when it was the Swiss government that complied with the FBI. That to me is really suspicious. The US government is currently not a trusted source of accuracy, and for the Swiss to readily agree to it?
Worse, the chuds blaming the proton user?
Protonmail is used by a lot of reporters/whistleblowers. As what point is their work also a threat to the US government and will the Swiss force Protonmail to hand that over too?
the CEO posted the pro-Trump statement
link?
I concur, not a fan of any pro-Trump sentiment. That being said, I’ve never used their mail service but I’ve been attempting to use their VPN for a few months now and it’s trash.
What are some good alternatives to Protonmail? I’m talking companies that don’t exploit their users and also that don’t support unsavory politicians. I’ve been looking for one (I was not impressed with that post from the Proton CEO either). Thanks.
I don’t know the depths of mailbox.org’s politics (located in Germany), but I use them with PGP + Thunderbird and it’s very affordable, at €12/$14 (2GB) and €30/$35 (10GB + features) anually. I need to reup my subscription soon actually.
Tuta and fastmail
Switzerland has been a proud fascist collaborator for at least a hundred years. Why wouldn’t they cooperate with the US?
We’re not a monolith any more than your country is. Which one is that, BTW?
I’m referring to the state, not every one of its people. maia arson crimew did nothing wrong.
I think Ruth Dreyfus, Yvette Jaggi, and Micheline Calmy-Rey who have served as head of state might disagree. We are non-monolithic all the way up.
We are the only diplomatically important country on earth in which the ability for the head of government to hold more than one competing thought at a time is guaranteed, by dint of there being seven of them, representing all of the major parties.
Oh, so your system guarantees that at all times at least one of those thoughts is “collaborate with fascists”?
If one person collaborates with fascists and the rest do nothing to stop it, then the fascist still gets what they want as surely as if the entire group had collaborated. You can list as many people who didn’t personally collaborate with fascists as you want, as long as they didn’t stop collaboration they are complicit.
So thank you for demonstrating “pride in a state that collaborates with fascism” for the class.
Too bad that simplex is buggy and doesn’t work, or else I would rant how proton requires a phone number to signup and the server side of the app is centralised and proprietary.
Unfortunately as things are now, signal is the only e2ee app (that supports voice calls) that works.
SimpleX works well for me. What problems have you had with it?
No it’s not lol
Proton = Protrump
