I think this is an important point. Even if we do not think that Proton is trying to grow their consumer base, it can still be their primary targeted audience, which I discuss below.
I think you may be attributing malice needlessly to Proton. If their consumer base knew what Bitwarden Authenticator or Aegis were already, then there would be no need to market to them. It could be that the targeted audience here is not people within the privacy community who are already aware of the many alternatives, but rather the many people who use privacy-invasive products/services from big tech such as Microsoft or Google.
To the average internet user, Proton Authenticator would be entering the field as a competitor of MS Auth and Authy and Google Auth. However, to people within the privacy community, we know that Proton Authenticatorās actual competitors are that of Aegis and Bitwarden and the likes. If it is true that Protonās targeted audience is outside the privacy community (which I think is the case), then I see no intentional malice being done.
Competition is not a word that can make sense by itself in this context. Businesses compete for customers. If Proton promotes their new Authenticator app as being a competitor of MS Auth and the likes, then their targeted audience is IMO clearly big/privacy-invasive tech customers.
This is a silly thing to be mad about. No company has their marketing team mention other available alternatives when they promote a new product, unless its to throw shade like they did at Microsoft.
Well, I also discovered that at least the local backup option on Android stores everything in plain text. I donāt think there is yet confirmation how they do this on iOS or could they be storing those backups unencrypted in the cloud as well.
I wanted to try and replicate this with Proton Authenticator but the app just crashes for me. Which was an issue previously, then it started working following an update, and now crashing again.
If what this Reddit post claims is true, itās beyond concerning. Especially when paired with this post:
People here and on reddit or Lemmy seem to think that the Proton client base is some sort of monolithic group of security snobs and ghosts that expect only their needs met. Protonās running 100 million accounts. Which may actually be more than 10 million real people (I know I have 3 accounts).
Itās a diverse pool of people, and itās a solid first stop for people on a De-Googling journey. Self-hosting oneās email isnāt something I can convince my spouse or family to do when they donāt see anything wrong with posting photos on Facebook from their Chrome browser with 900 tabs open on Win11.
Iām not even a fan of every single thing Proton does, but Iām a paid subscriber and the misplaced, under-informed and overly-contorted expectations and hate really only demonstrate to me that theyāre trying stuff and looking at what else they can do for a more encompassing UI. Growing pains are real, early adopters find bugs, and the most conservative among us should know better than to jump into something brand new and expect it to be 100% locked down. Anyone who doesnāt realize that doesnāt deserve to complain loudly that something wasnāt perfect from the start. Thatās unreasonable. But they probably donāt pay for anything anyway.
Try it out. I did. Itās no better than Ente which has tags and some other organizational features. But it works, and I see it as a āpublic serviceā app that will bring no revenue to them. There is no Mac desktop app, in reality it is the iPad app ācompatibleā with Mac. I am sticking with Ente Auth which is really good.
I also agree with many comments on this forum saying that the launch was not clean.
And it worries me that the logs do contain all the secrets in plain text. This is a really BIG oversight from them to be honest.
Here is Protons follow up to that. They did release a patch on iOS this morning.
Thanks for reporting this, this is an oversight in our iOS app, it should only log the entry ID and not the secret (this is the way it is done in our Android app). This will be changed in the next version of the app.
Note, secrets are never transmitted to the server in plaintext, and all sync of secrets is done with end-to-end encryption. Logs are local only (never sent to the server), and these secrets can also be exported on your device to meet GDPR data portability requirements. In other words, even if this was not in the logs, somebody who has access to your device to get these logs, would still be able to obtain the secrets. Protonās encryption cannot protect against device side compromise, so you must always secure your device.
Thanks for reporting this, this is an oversight in our iOS app, it should only log the entry ID and not the secret (this is the way it is done in our Android app). This will be changed in the next version of the app.
This is fixed in 1.1.1, which is live on the App Store
I guess that depends on what your definition is for considerably longer is. If by 5 or 6 seconds is considerably longer to you then I guess it is. When I go to unlock my phone there isnāt anything that cant wait an extra 5 seconds for me to get into my phone. If I ever need to call 911 that can be done without unlocking the phone. So I really donāt see the downside to using the password. If I had fat fingers and it took me a minute to enter my password then I would probably reconsider using a password.
So, the version 1.1.1 fixes this and yet, Proton doesnāt share that in the release notes, and only talks about fixing something with import. Seems like they want to limit the spread of the information that their app had a serious security issue
I see many comments saying to avoid being in Protonās ecosystem, but also many who are in the Apple ecosystem already.
I think being in an ecosystem is fine as long as you can easily bail if/when policies go down the toilet. Appleās ecosystem isnāt exactly easy to leave, especially if you have all their hardware.
Just backup critical data in multiple locations/services.
But specific to the Auth app, I like that it has .rpm Linux support from the go.
Now, Proton Drive support plzā¦
