Our valued sponsor

Proton VPN helps to gain back the freedom in Hong Kong for private mail and Internet activity.

erni

Mentor Group Lifetime
Jul 18, 2020
466
202
43
Visit site
I do not quite know about you, but I think it is impressive work the people behind Proton VPN and Proton Mail have done by creating a product as secure as PROTON.

If it can really protect the Chinese from their government which has billions to spy on their own people to foolishness, and it is NOT possible for this government to break through the security of PROTON then it is a damn good piece of software developed in Switzerland.

I am deeply impressed and have deep respect for the developers behind.

Former Hong Kong legislator Nathan Law paints a worrisome picture for freedom in HK in a powerful interview with ProtonVPN
We all seek privacy, Proton seems to bring us a step towards.
 
Proton VPN is definitely the best vpn provider out there and the free version is good enough for most cases. The paid version has trillion of servers in an insane amount of countries.
Proton Mail is the best as well and now they offer Proton Drive for storage, perfect !
 
Proton Mail and VPN have now also been my favorite choice. The only thing that irritates me a little is that you can not get a FIXED IP address with them, if you could, I would not use anything else.

Until further notice, however, I am bound to have to use both Proton and, yes, Ivacy, as an emergency solution which, however, does not run badly. One can discuss how much privacy there is in the latter but that is a completely different discussion we should not take here.
 
I used to think they are serious, until I learned they are a crap. I had their paid VPN for 2 years and a free email combo. When the VPN expired I was no longer interested in renewing, so I did no action and thought it will just expire as with any other 99.9% VPN companies. But no, ProtonVPN keeps charging you for the premium VPN service even beyond the expiration date, until you physically log in to your account and cancel it. Also they tie your VPN account to your email account. If you do not pay them a ransom for VPN that you never wished to extend, they will block your account and access to your email as well.

Great policy, truly Swiss based lol.

As for VPN there are better, much better choices that:
- perform faster than ProtonVPN
- have better protocols solutions in place
- works well in restricted countries (e.g. UAE etc).
- have customised solutions for router setup
 
The best thing about proton VPN and proton Mail is you can subscribe to the service totally anonymously by paying in Bitcoin, you don't even need an email if you get a proton email and they don't require a recovery email when you set up an email account.
true anonymity with bitcoin would requires a few more steps though, some clever use of crypto exchanges or using a bitcoin mixer to ensure the bitcoin cannot be traced back to you (for such low amount I believe they will accept bitcoin from mixers).
 
"Vorratsdatenspeicherung" is what I meant. Tutanota is another privacy-related mail provider and they also confirm that in this interview: Tutanota - der deutsche E-Mail-Dienst im Interview

Switzerland seems to currently save data for about 6 months: Faktenblatt zur «Vorratsdatenspeicherung» - Digitale Gesellschaft

Even Germany doesn't have that. Probably VPNs can't be forced to provide IP addresses, but what if every communication provider is logging anyway? It's just harder to get the correct data, but it should be there without any doubt.

I wouldn't trust any VPN provider that provides such strange upgrades and premium features just as ProtonVPN does. And why is the access limited to devices? VPN providers that don't keep ANY data at all wouldn't have any restrictions, just as OVPN.to or some other old VPN providers.
 
  • Like
Reactions: boomy
I wouldn't trust any VPN provider that provides such strange upgrades and premium features just as ProtonVPN does. And why is the access limited to devices? VPN providers that don't keep ANY data at all wouldn't have any restrictions, just as OVPN.to or some other old VPN providers.
It make good sense what you say, the evidence of the data storing for the 6 months of period may tell us not blind to trust ProtonMail! They may or may not act as an honeypot for governments.
 
"Vorratsdatenspeicherung" is what I meant. Tutanota is another privacy-related mail provider and they also confirm that in this interview: Tutanota - der deutsche E-Mail-Dienst im Interview

Switzerland seems to currently save data for about 6 months: Faktenblatt zur «Vorratsdatenspeicherung» - Digitale Gesellschaft

Even Germany doesn't have that. Probably VPNs can't be forced to provide IP addresses, but what if every communication provider is logging anyway? It's just harder to get the correct data, but it should be there without any doubt.

I wouldn't trust any VPN provider that provides such strange upgrades and premium features just as ProtonVPN does. And why is the access limited to devices? VPN providers that don't keep ANY data at all wouldn't have any restrictions, just as OVPN.to or some other old VPN providers.
Well, Switzerland is co-operative with 5, 9, and 14 eyes countries, so there are always some question marks over the jurisdiction. But the above is false, Proton VPN state on their website:

"Like most countries in the world, Switzerland has data retention laws. However, Swiss data retention laws apply mostly to large telecommunication and major Internet service providers. Under current law, ProtonVPN is exempt from any data-retention requirement."

So for you to be correct, Proton would have to be lying here which would not be a good look. While I don't believe you can implicitly trust any provider, Proton VPN and IVPN are my two preferred providers.
 
  • Like
Reactions: blizz
In technology there is no 100% secure system:

- It may be for the first weeks or months until there is somebody/something smart enough to break it, in the most complicated and smart way or the most stupid simple way that nobody ever think about it.
- Most of the patterns are, they are attacked continuously when they become popular and suddenly all the attacks stop and next is "business as usual", "bad guys" are in, and no matter how many fixes and changes or upgrades, they are well structured and organized to get their access back. Yes proton email is being attacked several times in the past and the successful ones probably are not the ones sitting in a basement or dormitories, they are well funded and organized and they are not into getting popular and being recognized by the world. For them there are many methods to attack infrastructure and sometimes they don't even need to target the end user front end service.
- Proton email and later vpn services have a lot of attention in the last years "for their good security"; good guys "fighting the system and trying to publish the true" are there, bad guys are there, others doing other things (bad or good) are also there, etc... information is power... do you have any data that needs to be kept with the highest security levels and only "you" should access? "welcome to proton email and vpn services ;)" -> lets jump into conspiracy
- Millionaires psychopaths looking for more power, groups of people with money looking for power, governments looking for power and control, government organizations looking for power and control, trying to stay one step ahead, catching secrets... what will stop them to create an email service for anybody "very secure"?, reputation can be created in some way, just have patience in 2 or 3 years, maybe less or more.
- Want to make it more credible?, locate it in a country that is stable, has relatively good laws and outside of the "bad America", .... After all you are just creating a service where people place their information and where in the backend you have control of everything.
- Those kinds of organizations or people don't have any problems hiding behind institutions like CERN or MIT or others. Same approach as creating the correct organization or structure for your new company ;)
- Auditors?, Laws?, PII Data?, Compliance?, Encryption in transit and at rest?, MFA?, you name it!, all these in your new service?, ha!, in IT and with automation you can setup pressing 1 button to enable compliance in all these, and also pressing another button to disable only the necessary and get access. Sometimes you don't even need to get access to all, you just code and setup analytics or ML/AI algorithms and the tools will tell you which accounts have "strange" uncommon things depending on what you are looking for (key words, patterns, strings, image recognition, algorithms for this, algorithms for that).
- They design it, they develop it and they implement it in production. They say a lot of things like maybe they use open source software (the community backs them), maybe they use a recognized enterprise software vendor, is anybody able to get access and prove it? is all just trust <- auditors?, will they review thousands lines of code?, yeah sure.... code quality and code security tools? <- they don't detect malicious application functionality, by the way who is going to find this and then judge that is malicious in your application logic "backend processes"?
- There are very high probabilities that it can be a honeypot trap and with the intention to use the information found in those accounts in benefit of different agendas, or just control, user profiling, secrets,...., and if there are actions to execute they are quietly and without attract too much attention in most cases, if not they will lose reputation and credibility in their precious honeypot trap, because people may realize this if is public.
- Just one more time, information is power -> secure email accounts have information, secure network traffic (vpn's) also have information. <- There is also classification of information, of course there is always somebody or some organization willing to pay for certain classified secret information found, personal or not, to monetize, to control, to get advantage, to track, to hide, to punish....

By the way I also have my email account in proton email :D:D:D to keep my false sense of security and be part of the nerd security cool vibe.
 
So for you to be correct, Proton would have to be lying here which would not be a good look. While I don't believe you can implicitly trust any provider, Proton VPN and IVPN are my two preferred providers.
second that, I have some sort of trust into this VPN provider and whish someone with insider knowledge or other knowledge could tell us what they think.
 
  • Like
Reactions: JohnLocke
Everything from Proton is open source if I am not mistaken, so if there was a way to bypass the encryption we would now by now, thats the most important part.
Another important part is switzerland and its legal framework that I believe makes it very hard or impossible to attack from the outside, and certainly not on some vague assumption about encrypted content...
Those 2 things alone are enough for pretty much everyone to trust them and use their services.

Now if you use a centralised service to hide from the authorities you are doing it wrong. Also Email is the worst protocol to use for anonymity or even privacy, with or without encryption.

The point of using proton apps imho is in regards to privacy and not having your data openly used by algorithms at Google or Palentir and their clients.
 
Signal and Telegram are probably the best secure messaging app today to replace email I believe ... At some point blockchain/crypto will bring us a complete decentralized, encrypted and censorship resistant messaging solution, but we are not there yet unfortunately...

With a bit of knowledge on networking and computer security you quickly understand how absurdly difficult it is to be 100% anonymous and secure, it's about managing risk and it all depend on your specific case.

Proton is very good for 99% of people needs for privacy and security, but in the end its all a matter of behavior and the way you use everything.

A few things that comes to mind that will greatly enhance your privacy and security in general and accessible to most :

- Use an ad blocker or a browser like Brave with built in ad blocker, this is hugely important so many people are completely ignorant of this its crazy ... and I am not even talking about the psychological impact of ads ...
- Don't use email as said previously.
- Don't click on any link from a website you are logged into or from email, type it manually or find the referenced website/article with a google search.
- Don't login to anything when using an IP behind which you want to stay anonymous, obviously ...
- Use a VPN inside a VMs and revert the state before every use, use one instance for every website you login into for example.

Going beyond that makes using any connected device excruciatingly painful and an absolute chore because of all the security steps you have to do constantly ...


I am by no mean an expert though, way too much work to become one imho.
 
  • Like
Reactions: JohnLocke

Latest Threads