There are only two free and trustworthy VPNs; windscribe and proton. The former has a limit of 10 Gb. So, which VPn are you planing to use? Why is TOR not secure in this case?
Besides, having a high level threat model and using email for communication are inconsistent. Why will you need to use email for communication instead of secure messengers?
This would be a very very niche case such as being a whistleblower or sth like that, and you only have an email address and no other way of communication.
Even to use the free version you have to provide them with an email address and theyre picky about it. For example, they do not accept @vivaldi.net addresses. Why would that be?
It mostly depends on exit strategy âA topic we probably should cover more â How easy is it to move away and do you know to what and how? If moving is not a problem using an ecosystem can he beneficial in terms of UX and adoption.
Privacy can be overwhelming for many so simple solutions that offer a great alternative with similar convenience is also worth something.
Ask yourself, if the provider goes away suddenly, what are your options, and do you minimize the risk and thus reduce the impact. If you can get to a minimum impact, like a few hours of work to move to other services, this can be acceptable depending on your requirements.
Now this is all a lot of security management theory but I will add a little bit more. Because it is good to realize that when using multiple services you also introduce more risk. Namely for example you add complexity of your IT landscape which requires more knowledge to stay in control, more maintainance effort and costs, and a bigger attack factor. The last one meaning there are more ways to compromise you.
In other words: âDonât shit where you eat andâ and âkeep it simple stupidâ are good rules to follow and you need to find the right balance for your situation between them.
This seems like a decision thatâll take a long time to figure out⌠Proton seems like the best company out there but what if one of their services/apps has a user privacy breach? Then your whole life could be turned upside down⌠Very scary thought!
Using multiple services does not mitigate the breach impact really. And if you trust the cryptography (which you should) the impact or breaches of providers like these are limited.
I agree, this is why I would like Proton to move to post-quantum encryption. Each day that passes without this encryption brings us a little closer to a hypothetical case where encrypted data from Protonâs servers is stolen and then decrypted in a few years.
I agree with your post that anyone who complies with law enforcement is a red flag. Genuinely curious what the solution to this is though, since basically any provider of technology can be compelled to do so in most or all of the countries where they operate. We could use tiny open source products, but once they reach a certain size, or if they are not anonymous, they will also be compelled to hand over data at some point. Or am I missing something?
How do you expect a company as big as Proton to operate in other countries, or even in Switzerland, without complying with law enforcement? Sometimes people seem to forget how things work.
Even Andy Yen of Proton has said that the only solution is to operate in international waters. But even that would not work as countries through which you may receive resources to run your operation in international waters may force you to comply to their rules if you want to continue needing their support. If you keep extrapolating the logic, open operating in international waters will not work (as silly or cartoonish as that idea is to begin with)
Or run the organization anonymously and in a decentralized fashion but monetizing it will be an issue and wonât be sustainable.
No real solution.
Also, if you think a company complying with law enforcement is a red flag, I donât think anyone can change your value system enough to see a more rational, logical, and a pragmatic way to look at the world/understand how the world works given reasonableness of the lived human experience. All these words to say this really: what youâre thinking is really silly and makes little to no sense. Every entity has to comply with legal requests. Thatâs how they exist. But Proton offers you to use and access all its services privately and anonymously. This is a non issue if done right.
If you read my whole post (four sentences), youâd see that I literally made the exact point that you took your time to post (while also condescending to me).
there are plenty of ârational, logical, and pragmaticâ reasons why someone would distrust the motives or actions of âlaw enforecementâ in a very, very large number of countries (all of them, perhaps).
i also use proton. i think both you and the previous response are misunderstanding my question.
you didnât read my (4 sentence) post which literally says âany provider of technology can be compelled to do so [hand over user data] in most or all of the countries where they operateâ.
