Dark Arc @ Dark_Arc @lemmy.world

Primary account is now @Dark_Arc@social.packetloss.gg.

---

Read more

Posts

2

Comments

208

Joined

2 yr. ago

Proton offers a service where they hide all your messages for you, but in a way they can't even see. This person is complaining that they can't hide their messages from proton in a different way that they're likely to screw up.

You are literally trusting them to encrypt all your mail.

If you don't trust their encryption, respectfully, don't use them. It's faux logic to "need" a secondary key that isn't cloud synced in an end to end encrypted mail vault.

This is an unnecessary product complication, and I agree with proton that you're more than likely to get it wrong and your "more secure" key will be used in a less secure manor.

It's the same reason most people shouldn't self host things like Bitwarden. Doing it yourself is not a security feature anymore than wiring your own home is protecting it.

This is dumb. Proton encrypts your private keys with your password.

Just upload the key to your encrypted proton account like you're supposed to, and let them take care of the signing/encryption/etc.

That's not true at all, you just upload your key into the encrypted account storage, and it gets automatically applied.

Can you actually argue this or are you just parotting what other people parrot on social media?

🙄

Databases require trust between parties, for example, so that’s one of many, many reasons they don’t replace one of the use cases.

Can you elaborate on how that's useful for a video game (or a "majority of use cases"/"in general") or "are you just parotting what other people parrot on social media?"

...

The block chain is only useful if you want a cooperative system that "trusts nobody"... And that's exceedingly rare (not to mention it's susceptible to attacks like the 51% attack ... which you can -- hilariously -- fix if the major stake holders in the chain decide to override the network and do what they want anyways).

There's no reason a video game needs a block chain, at all. The video game has a manufacturer, the video game's rewards are only going to be meaningful inside of that game and ecosystem. Valve's been running a store for CSGO for over a decade.

If you want federation... Lemmy is federated, Matrix is federated, email is federated, and they all allow dodging a central authority in favor of smaller authorities without using a block chain. But even that isn't useful for a video game or publisher.

It just in general is pretty bad, for most use cases a traditional relational database is just ... better

Fair enough; I admittedly mischaracterized you and perhaps responded with a bit too "harsh" of a tone initially. I apologize.

Others have already touched on the jurisdiction issue.

I'm also going to note, in the last 10 years a lot has changed. E2EE has gone from something that's fringe, to something integrated integrated into lots of products. Signal, Proton, and others launched in the wake of the Snowden revelations. Lavamail was Snowden's email provider.

It's kind of like being the "hipster nerd" playing D&D before D&D was popular vs playing D&D post popularity... It's pretty obvious to most people in 2023 that D&D isn't for demon worshiper, as it's pretty obvious in 2023 that E2EE isn't just for criminals. In other words, the value proposition of ProtonMail isn't as "sinister."

I personally suspect the US Govt (in terms of federal agencies) is adapting to the presence of encryption vs trying to kill or weaken it at every turn (similar to how Microsoft stopped trying to stomp out open source code). 9-11 was a very very very bad thing (and arguably why the US is one of the worst countries to host a privacy service). However, the "big one" when it comes to cyber attacks could be even worse (and I'm pretty sure there are people at NSA that understand how E2EE plays a role in securing the nation -- they're not dumb people after all).

Proton is also a larger company than Lavabit (I suspect), and with that comes lawyers, and money to feed them.

So long as ProtonMail isn't primarily acting to serve organized crime... I suspect "there are bigger fish to fry."

Have people noticed how much popretary java code ProtonMail requires when using a web browser for email?

You mean JavaScript; particularly, https://github.com/ProtonMail/WebClients.

Also, why the required login on their free VPN service if they are all about privacy and encryption?

Because they need to limit how many instances of the VPN you're concurrently accessing somehow.

Why do they want someone’s network traffic in order to use their free VPN?

To use a VPN, you by definition are giving someone your network traffic.

Over the past 6 months my suspicion grows bigger and bigger of who is behind Proton, the agenda behind starting the service, and how it caught on? Why don’t free encrypted anti-government services catch on?

I'm not even touching this...

Until ProtonVPN removes login requirement and release VPN server code under open source license like RiseupVPN or CalyxVPN

That would be meaningless. You login to a protonmail account, which you can create anonymously. The server code can also never be verified to be what's running on the servers.

I will choose to treat Proton like a spy agency.

Go for it.

I've tried to switch in the past, but tripped over the differences in Podman vs Docker networking. IIRC Docker is better for creating an isolated network.

I have noticed that Docker doesn't do the best job at graceful shutdowns (say for automatic installation of updates). I suspect Podman with systemd integration could do much much beter.