I don’t even see where they’ve been particularly “contradictory” they stated that the wireguard-go implementation wasn’t feasible. The reasons for that are unknown but likely some technical limitation(s) that would have made it a lot more work than just adding some stuff to Boringtun.
The interesting part will be how this implementation upon Boringtun is able to help with leaks. Will it only help with server switching issue, or will it be able to help more generally…
Being able to fix the issue themselves by changing to a new wireguard implementation contradicts their earlier statement that the OS was the problem.
The two can be true at the same time. My guess is that the routing table will be configured to point to this internal tunnel the one which macOS sees, and then bridged in some way to a tunnel that goes to Proton, that way when the tunnel to Proton changes it won’t pull down the whole VPN.
To manage the two tunnels there’s likely some control glue in between needed that wasn’t possible with the go implementation. One thing I have noticed throughout the source, there seems to be a lot more distinction between different Apple platforms, so I’m thinking Boringtun has better support there generally.
The real question I want to know, is how they will handle not having pf and whether that implementation will be as secure. The server-switching thing seems like the easier issue to fix.
If this was intended as a response to me I really think you are misunderstanding something I’m saying and I don’t know how to be more clear or help beyond just pointing that out. Either way, I think this is not a productive conversation between us at this point.
That’s a great. I do hope in the future you hire a project architecture manager or something so you don’t use a suboptimal architecture that compromises user privacy.
Imagine trusting a “privacy first” VPN and then find out that your own info is leaked and got court orders, and VPN provider just says “ooppsie whoooppssie” and fixes some wording on their webpage instead of fixing the problem.
Tbh I think if your threat model would be that high trusting a VPN on a system like macOS would be a bad idea anyways.
But I agree that Proton should do better.
I have been a paying Proton customer for over 3 years and use several of their services (VPN, mail, drive, SimpleLogin), but this privacy-endangering flaw for Mac users coupled with the persistent, deceptive, false advertising, even after it was brought to their attention three years ago, has me seriously considering finding alternatives for every service I use of theirs.
I honestly thought Proton was a company of integrity, who would be especially quick to fix any and every privacy risk flaw as they became aware of such flaws.
But now I am sincerely wondering if they have been willing for three years to not even acknowledge—much more fix—this serious flaw for Mac users, then what other serious flaws are they aware of in-house that they are not acknowledging and fixing?
I vote to delist them.
Maybe so, but if that’s the case then Proton should do the responsible thing and recommend alternative ways of running their VPN. They currently don’t. The way that I see it, they at least want you to believe that they consider their client to be secure in such scenarios, based on what they’ve written on the site.
I agree with the idea, but court orders is a separate problem. Proton VPN doesn’t store logs.
Not a separate thing. If your IP leaks due to Proton‘s fault then you will be in trouble.
I thought you were referring to court orders against Proton. But yes.
I don’t think Proton will provide anything else on the matter of the kill switch. They are going to fix it. They recognized it should have been done earlier:
I can understand this feeling:
I echo this feeling as another paying customer and user of their products. To me the CEO doing politics and the marketing at Proton are 2 big issues that made me more critical of Proton.
Here’s my question, if hopefully Proton is still reading.
There has been a trend at Proton to lie in their marketing which I believe this thread is all about.
How will you react in the future when your customers point to the misleading statements about your products?
Forget about the kill switch. Reading this was terrifying https://x.com/DoingFedTime/status/2030108076531995016
He has some valid points though. Proton’s marketing sucks and they HAVE TO improve it imo.
Hardly FUD, the post is full of citations and sources. The author addresses statements like this throughout the post, but perhaps this most closely responds to FUD “counter-arguments”:
“You just hate Proton.”
I pay for a Proton account. I’ve never said “don’t use Proton.” I posted their own numbers from their own transparency report and quoted their own privacy policy. If reporting what a company publishes about itself counts as hate, every financial analyst on Wall Street is a hater. I kick them in the teeth becasue they can do better.
The problem for many is that email is not suitable for encrypted communication. And of course, the obnoxious marketing.
Please stop treating email as if it’s supposed to be secure. Yes, Proton has insanely misleading marketing that should result in PG (and several class action lawsuits) taking action against them. Also, if you need complete protection of your data on the internet, stay far far away from email and most Proton products. Please treat Proton like a slightly better Google and nothing else.
I wonder what kind of information was provided to Proton Mail requests. Tens of thousands of complied orders are a bit concerning.
