6 sats \ 3 replies \ @SatoshisSkeleton 8 Sep 2023 \ on: ProtonMail Code Vulnerabilities Leaked Emails tech
Yes. I posted a thread here asking if anyone could audit the Proton code and most said it was great. Except one person on Nostr said its sandboxed and you'd be better off with Google because they st least are transparent how they handle your data. Had to look that up.
Basically he thought the whole thing was compromised and that Proton would be harvesting data and spying on all and any of us at will. The app was created by government and cern and he listed different apps and methods for securing your data.
I'm tending to agree and err on the side of caution. Trusting something because it claims to be FOSS and encrypted is not the way!
Better off with Google? Nah. You are trusting any hosted software provider you use. I'm not saying it isn't possible that Proton is a front but I doubt it. That said, this is email. No matter who is hosting it there are serious privacy issues. If you are very concerned with your communications via email you should be encrypting them yourself with GPG.
The fact that Proton's code is open source is why this was found. Read the article from the firm that reported the issue. Proton has a bug bounty (they are actively looking to fix unknown issues).
I'm not telling you that you should trust Proton but I am telling you be sus of anyone saying "Use Google".
reply
Selfhosting is another option.
reply
It is but it isnt like self hosting other tools. Email is a whole other animal. I've done it.
reply