- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
I wish Signal was developed more openly, more like the linux kernel for a “critical infrastructure” example. I wish it had more features, so it could take the place of something like Slack. I wish it supported interoperability like fedi.
But it’s good for what it is and I sure am glad it’s around. People who disrespect it don’t know what they’re talking about.
You know, if you want to replace Slack, look into Mattermost. It’s foss but otherwise pretty much exactly what Slack does so well.
deleted by creator
Isn’t matrix more like slack that you are looking for?
When it comes to security, I don’t think it’s close at all.
Why not? I thought it had very good security. It’s E2E encrypted and the government of France uses it.
Maybe I misunderstood. I thought I heard about terrible security implementations relating to matrix servers.
Edit: I think I was remembering this: https://arstechnica.com/information-technology/2022/09/matrix-patches-vulnerabilities-that-completely-subvert-e2ee-guarantees/
Looks like I’m mostly wrong.
A while back people had a problem with metadata or something. I used to have my own server, so I wasn’t really worried about it.
But it’s been like 3 years since I’ve used it or looked into it.
Kinda curious what’s changed at this point.
Time for Molly
deleted by creator
Signal fork
Terrible name lmao
??
“Molly” is a common nickname of the drug Ecstasy (MDMA)
“time for molly” kind of implies you’re off to get high
MDMA high is great, I’d do it all the time. Good name
Also a nickname for Molybdenum which makes Iron stronger like torrifying Signal makes encrypted communication stronger by protecting metadata from interception.
I wish it wasn’t located in the US where you know even though it’s e2ee they send all the data they get(and that’s a lot) to the government or whoever wants it. But e2ee is cool, right. Nobody from the government cares about it though, but it’s cool.
Bless the era of technology where Signal and ProtonMail exist.
Signal yes, Proton I have my doubts
I think yours is the first comment I’ve read that has Proton hesitancy. I’m curious what your reservations are.
Not OP, I’ve heard criticism of their recent Duo subscription and their bitcoin wallet.
I use Proton services and my biggest gripe is their mediocre Linux VPN app. No binaries to download/Flatpak, advertised port-forwarding isn’t fully implemented and requires playing around in a terminal, and UI feels less polished than it’s Windows counterpart.
There’s a community made Flatpak of ProtonVPN though, in case it helps anyone
Honestly, I just use wg-quick to connect to VPNs, and I tested out ProtonVPN and it worked fine with it. I even set up my router to connect to ProtonVPN, so I could have a wifi network that’s always connected to their VPN.
But I’d really rather not have the same company host my VPN, email, and other stuff, I’d prefer to separate them a bit so no one company has a lot of my data. And something like a VPN really doesn’t benefit from bundling anyway, unless it’s bundled with a browser or something a la Mozilla VPN.
Not OP
There’s not a lot of negative press about them.
They complied with Swiss government requests to out the IP of a French activist.
It looks like they’re really doing the best they can.
Correct. They comply with court orders, its a business. People still need to be secure in how they use it, which that guy wasnt. So if you’re attempting to evade the government, use a vpn. All your data is encrypted, where you access it from and your billing information cannot be.
Do keep in mind proton also runs a VPN he may have been running their VPN and they complied.
If he was using their VPN, they wouldn’t have been able to turn that over according to their own site: https://protonvpn.com/features/no-logs-policy#:~:text=No-logs VPN,lengths%2C or location.
They do have technical capability to do so. I just thing that is stopping then is “our trust”
True but the guy was the one at fault and Proton had to comply. The French Activist was using ProtonMail e-mail for bad usages which is what it boiled down to. You left out the part where they complied with Swiss government yes but they didn’t with the French authorities.
Yet it still comes down to people’s own responsibility. But people love to throw that out the window and expect everything to protect them when they get up in shit.
The French Activist was using ProtonMail e-mail for bad usages
I don’t trust ANYONE to decide on my behalf what a “bad usage” is.
Piss off with your entitlement.
Do you fuck your mother with that mouth?
I actually don’t know what people’s hesitancy is, but I’ve seen numerous people say proton is not good, we’ll see if anybody chimes in with a reason.
I’ve seen doubt of it’s push to pack products into it’s offering ala Google - however I don’t see that as enough to call it not good.
It’s also very easy (and suspicious imo) for anyone to call a service not good without any reason to back it up.
I see that as offering services that people clearly use and value, and that the bills have to be paid somehow. So as long as proton can deliver the privacy and security features it promises, I personally don’t see anything wrong with providing an alternative when the only other options are built on monetizing your data.
The email service says it was unable to appeal a Swiss court’s demand to log the IP address of a French climate advocate.
This weekend, news broke that the anonymous email service ProtonMail turned over a French climate activist’s IP address and browser fingerprint to Swiss authorities. The move seemed to contradict the company’s own privacy-focused policies, which as recently as last week stated, “By default, we do not keep any IP logs which can be linked to your anonymous email account.”
Edit: formatting
I often figure it’s google bias and / or people trying to impose their threat models on other people.
Been using proton for quite a while with a few custom domains and am impressed with the service to price of their offerings.
We can one off use cases with any vendor, but at the end of the day, they offer a more secure out of the box experience than just about any other platform out there. If someone is doing illicit shit and gets popped, it’s not on the service provider to provide air cover for them. Improve your opsec or self host.
The one and only critique I’ll give to Proton is how they have it where you can have Google e-mails forwarded to you to your Proton address.
And it’s like…why? The entire reason you’re going to ProtonMail is to escape Google. Why the hell would you want Google to try and pry into your Proton usage when all you want is to distance yourself from them?
You set up the forwarding in google, not proton. You mark the forwarded emails in your proton mailbox. You forward the emails to your proton account until you changed all the sources that you care about from your google to your proton mailbox. Then you turn off forwarding.
Google never gets any more data from you except your protonmail address.
It’s really nice for the transition period. I personally forward my email to Tuta, which lets me slowly convert my services to my new address. I have my most important ones switched over now, but I had to switch dozens over (I would do 3-5 at a time, which was a pain).
I’ll probably leave my gmail forwarding to my Tuta account, just because there’s no way I’m going to go though every single service I have ever used and switch it over, and inevitably some contact will continue using my old email.
As far as Google goes, all it knows is that it’s getting less and less emails, and that what remains is being forwarded to <email>@tuta.com. But that’s not my main email address though, it’s just the one I set the account up with. I actually use <name>@<custom domain>, and I have a bunch of aliases configured for each type of account (e.g. <name>-banking@<custom domain> for my bank accounts, <name>-bills@<custom domain> for utilities and whatnot, etc). But that’s still not my actual, personal email, which is <name>@<different custom domain>, and I only give that one to my family and friends.
So in short:
- gmail -> tuta.com email - all Google knows about
- random online accounts -> custom domain 1
- family/friends -> custom domain 2
If I can convince my SO to switch, I’ll give them an account at custom domain 2 and tell them to only use it for personal contacts, and to have everything else go through their old gmail or a Tuta alias. If I ever decide to switch to Proton, I’d have to transition all of those custom domain 1 emails to some proton aliases (unless I pay for the higher tier), which would be a pain, especially since the main reason I use these custom domains is to make it easier to switch services (e.g. just point my DNS records to the new host).
That’s not everyone’s privacy posture. Some people use Proton to hide, some people use it to secure, some for both. If your goal is to secure, google’s antiprivacy isn’t against that.
I’m with you, though.
Swiss laws aren’t as tight as a lot of people think.
I’d like for them to lean more heavily into open source
It’s probably tight enough for your needs. Unless you live in Switzerland or are breaking Swiss law, they’d need a really good reason to send your data anywhere.
That said, I use Tuta. They have a similar source model (open client, closed server) and are based in Germany, but since they’re an underdog, they have a bit more value and lower costs. I pay €3 and get 3 custom domains and 15 aliases, whereas w/ Proton I pay $4 and get just 1 custom domain and 10 aliases; I can also add people to my plan for €3, instead of upgrading to a Duo for $15 or family for $24. If Proton matched Tuta’s features, I’d probably pay slightly more for the better UX, but I use those features so I’m very hesitant to give that up. I don’t intend to use their VPN or other products, so I’m very much not interested in their higher tiers.
I do wish their server code was open source and self-hostable. I’d love to use my own storage, but still use their spam filtering and whatnot.
It’s probably tight enough for your needs. Unless you live in Switzerland or are breaking Swiss law, they’d need a really good reason to send your data anywhere.
Unless you’re a climate activist in France:
“The email service says it was unable to appeal a Swiss court’s demand to log the IP address of a French climate advocate.”
My understanding is that they broke Swiss law. Don’t do that if you’re hosting your evidence in Switzerland…
Unless you live in Switzerland or are breaking Swiss law
That’s the thing though, governments tend to make everything illegal so they can selectively enforce.
you might want to look at mailcow if you want to self-host your email server
Yeah, I don’t trust proton mail.
First off, email is inherently insecure, trying to secure it is largely a waste of time.
Secondly, proton has complied with subpoenas in the past, revealing user messages to authorities/governments.
Finally, it’s just too centralized, with a single point of failure, why would you trust it?
I keep hearing they are CIA lmao.
Like?
like them embracing Bitcoin and “AI”
Embracing is a strong statement… Their core product are their core products.
Having a Wallet and calling that embracing Bitcoin is like saying they embrace spam because they have an email client
Removed by mod
Removed by mod
Removed by mod
This is a very rude question, but on this subject of being lean, I looked up your 990 and you pay yourself less than some of your engineers.
Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.
So, I googled their tax filing out of curiosity. It’s true that Meredith pays herself much less than her engineers, which is great. What I was rather shocked to see is that they pay their software developers enormous salaries. They’re listing developers making over $400,000 per year, with their VP making over $660,000 per year. Now, I’m all for the value-creators making more money than the CEO. I just had no idea that software developers make that kind of coin. I was thinking of donating to Signal, but I’m kind of weirded out by those astronomical salaries.
That’s inline with Silicon valley salaries. Basic houses cost 2mil there, so it’s not completely outrageous.
As an example, openai pays all its engineers 300k flat+500k/yr in some stock based asset. Another example is Netflix, who are notoriously a very fickle employer, but salaries start in the 400k range and go up from there.
Yes, the article makes the point that Signal needs to compete for talent with the rest of Silicon Valley. I get that. And we’ve all heard about the nearly unfathomable amounts of money that tech companies throw around. When you break it down to individual salaries, though, and see that even normal people in normal jobs are making a million dollars a year between salary and stock… well, I think it really exposes the spectacular wealth inequality that we have allowed to fester. I mean, sure, shelter costs may be high in Silicon Valley, but the cost of other goods remain about the same. A $50,000 truck that an average person in Nebraska might have to save for years to afford is barely a rounding error for folks making a million a year. I’m no economist, but it does seem like there are consequences for this kind of ever-growing wealth inequality.
It is also absurd on its face for a multi-millionaire developer to place a “Donate Now” button in an app and talk about being a non-profit to tug at the heart strings of people who make one-tenth of what the developers are making. It’s feels like Scrooge asking Tiny Tim for a donation.
Anyway, I don’t blame the developers for this absurd situation, and I do appreciate Signal, and Meredith is clearly a cool person who is fighting the good fight against big tech surveillance. But every once in a while an article like this reminds me how deeply fucked up the world is. It seems we are approaching pre-French Revolution levels of economic disparity, and maybe it helps explain why so many working class people are pissed off.
I cannot WAIT for the inevitable market correction on SWE salaries. Entitled bastards.