• John Richard@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      92
      ·
      5 months ago

      They act just like Microsoft. Lot’s of people think Microsoft is successful. If you think Microsoft is the champion of privacy though you might be in a cult.

        • John Richard@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          19
          ·
          5 months ago

          Really? So Proton saying that they can’t open source the backend code to improve security isn’t something Microsoft would say as well? Proton sells statements, but they don’t back up those statements with proof.

          • nieminen@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            5 months ago

            Exposing their backend code to the public would be inviting bad actors to find loopholes in the logic. Your excuse for how they’re not secure is in fact one of their security features. No code is perfect, and you give enough people enough time to peruse through your software they’ll find a flaw to exploit. So they only provide their code to 3rd party audit companies they trust.

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        35
        ·
        5 months ago

        I’ll tell you what. When proton ships a product that takes a screenshot of my desktop every 5 seconds and stores it in an unsecured DB any user on my computer can access, we’ll call them even.

        • John Richard@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          32
          ·
          5 months ago

          I’ll tell you what. If you can prove to me by pointing to the specific source code that would prevent Proton from capturing your private key password when you login or decrypt using their standard clients then I’ll join the Proton cult.

          • ArchRecord@lemm.ee
            link
            fedilink
            English
            arrow-up
            17
            arrow-down
            1
            ·
            5 months ago

            This simply isn’t really possible.

            Even if they published open-source code for their backend, it wouldn’t prove that it’s actually what their systems are running.

            And when you are storing your data on their servers, and decrypting it by sending over your password, there’s no way you can actually truly prevent them from accessing your data, if they were to modify how their systems function overall. (this is true for every company)

            Even if they were using zero-knowledge proofs to verify and prove to you the computation done on the server matched what would be expected from published open-source code, then either their very own systems (and by extension, their administrators), or a different company’s proprietary TPM module, would be the root of trust for those ZK proofs, and would still have the same underlying trust assumptions of at least 1 company having the ability to potentially steal your information.

            If you want to rail against Proton for this, you have to be against every single cloud-based instance of code that hosts encrypted data, by any company, for any user.

            Saying Proton acts just like Microsoft is a laughable comparison to make in order to justify claiming a lack of privacy or security on Proton’s part.

            Why? Is it because they’re both companies that offer online services? Guess what, loads of companies do that. But you know what Proton doesn’t do? Give away the contents of people’s files, like Microsoft states they do in their own transparency reports, that they conveniently stopped publishing in 2022. Microsoft handed over the content (not just IP, email, etc, but actual docs, communications, stored files, etc) of thousands of people’s accounts to law enforcement. Proton hasn’t given out content once.

            And this doesn’t even consider the fact that Proton’s business model is privacy. For Microsoft, their users will keep using their services regardless of their privacy, but for Proton, if it comes out that their services are no longer private, nobody will use them anymore, because nobody who got them for privacy would need them at that point.

          • nomous@lemmy.world
            link
            fedilink
            English
            arrow-up
            18
            arrow-down
            2
            ·
            5 months ago

            prove to me by pointing to the specific source code that would prevent Proton from your private key password

            You want them to point to code (that’s not publicly available) that prevents Proton from capturing credentials?

            What a dumb hoop to tell someone to jump through. Do you expect someone to actually post a block of code? Would you even be able to read it?

              • Grippler@feddit.dk
                link
                fedilink
                English
                arrow-up
                11
                arrow-down
                1
                ·
                edit-2
                5 months ago

                Yes I can read it. You think I’m an f’ing idiot?

                I mean, you’re certainly not providing much proof that you have any measurable software skills that enables you to do the proper evaluation even if you received the code from proton. Why should anyone believe this unsubstantiated claim from you?

                Edit: for the record, I’m don’t give a shit and I’m just yanking your chain here.

                • John Richard@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  16
                  ·
                  edit-2
                  5 months ago

                  I’m a black belt in TypeScript, JavaScript, Go, Rust, C, C++, Python & can read and write assembly with my eyes closed, okay?😉

          • conciselyverbose@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            6
            ·
            edit-2
            5 months ago

            Such source code isn’t possible with the general audience service they offer, even if being open source were a requirement for credibility in any way.

            You’re comparing them to a company with a long history of actively hostile behavior despite the fact that there’s never been a single hint of anything resembling hostile behavior from them, they operate from a country with meaningful privacy protections and only surrender data when compelled by their own courts (who only do so in circumstances that actually warrant it), and haven’t actually given up information that’s useful when required to because they don’t have it.

      • Muscar@discuss.online
        link
        fedilink
        English
        arrow-up
        29
        ·
        5 months ago

        I’d almost believe you were paid to hate on proton, but you’d get fired for how fucking dumb your arguments are.