In some of their blog posts, and their roadmap, it seems like Proton Drive will get an SDK and that will be used for the Linux app. How long until we get it? Probably a while.
On the topic of the Authenticator app, I do think it’s geared more for people currently using Big Tech apps for that end, and that’s a good thing. I am slightly disappointed about the tokens in the logs bug, that shouldn’t have slipped. However, it seems like overall a nice addition for the ones that need it.
Agreed. I’m hopeful we’ll see a flatpak package soon, but at least I can install it on Fedora and give it a try.
Ideally, all of their products should launch with packages but at least they haven’t forgotten us entirely.
Reading reviews from the Google Play Store and the Apple App Store there appear to be a couple of issues/bugs with the app.
Seems like it’s not quite ready and polished.
I hate to be “that person”, but I’ve had zero issues on Linux and Graphene.
I saw an issue where a user was perpetually stuck in the bio-metrics screen, which is pretty bad. But we shouldn’t dive straight into a new critical authentication app without a fallback.
My only problems are design oversights: Swipe to delete, and non-encrypted .json backups, which should be easy for them to correct.
Yes, to give them credit. It seems like they’ve mostly sorted out the larger issues.
I agree though definitely don’t dive in and delete your old authenticator app, leave it around for the time being to be extra sure you won’t lose your data.
Remember to keep backups everyone!
Apologies for the late reply. I respectfully disagree. Malice is the intention to cause harm. I am saying that Proton is being disingenuous, which is very different. Proton is pretending they are the first and only open sourced alternative to Google, Microsoft, and Authy, which is not true. The fact that Notesnook also called them out is telling.
THE PRIVACY COMMUNITY LOVES COMPETITION
I beg to differ. It is extremely common for people in the privacy community to seek better alternatives to the FOSS services they are already using. Plus, Proton Auth is practically a clone of Ente, so to pretend like it doesn’t exist is ridiculous. Moreover, as far as I know, Ente was the only authenticator that showed you the current and next token simultaneously, until Proton copied it.
Proton would have been more subtle and effective with their deception if they had included in their comparison FOSS authenticators that are not as good as theirs. Neither Bitwarden nor Aegis show you the next token in advance.
Instead, they compared themselves to Duo, an authenticator I have never heard of, and I’m confident, most people haven’t either. I highly suspect the only reason they added them is because Duo has ads and Proton authenticator looks so much better by comparison. It’s lame.
PROTON RELIES HEAVILY ON THE PRIVACY COMMUNITY
I don’t think Proton’s target audience is necessarily outside the privacy community. Especially when they are launching a new product. I think they are trying to reach people both inside and outside, and they rely heavily on the privacy community to do the marketing for them.
I personally hate it when companies say their primary audience is newbies when they rely heavily on dedicated users to do their marketing. This happens a lot in Hollywood every time a popular intellectual property like a video game or novel is adapted to the screen. Let’s take Game of Thrones as an example.
The writers and studio said that they are primarily targeting people who didn’t read the novels. But the popularity of the show is in great part due to all the book fans creating content about the story that newbies are consuming. A whole economy was built around it.
The final season of Game of Thrones was universally disliked, especially by the book fans. After it ended, James Hibbert, an insider journalist who worked for Entertainment Weekly (owned by Warner Media at the time, i.e., the same parent company that owns HBO), wrote a book about the show. And when he promoted his book he hosted an AMA on r/ASOIAF, the Reddit sub for the Game of Thrones novels, which at that time had less than 500 K followers. He chose to host an AMA on the book sub, instead of the show sub, r/GameOfThrones, which had almost 2 millions followers at the time. That makes no sense.
Why did he do that? His book was about the TV show, not the novels. And although both fan communities (readers and non readers) were upset about the show, there was definitely more anger in the reader community.
My guess is, he did it because the book fan community perhaps takes the story more seriously than show-only fans, and perhaps have more cultural cachet. I also suspect he was afraid of the level of hate he might get in the show sub, which is now more than 2 million strong. IMO, he should have gone to the show sub because that is the topic of his book, and the show clearly didn’t care about book fans.
All this is to say, Proton knows that they rely heavily on the privacy community to promote their services, and to pretend otherwise is dishonest. Various services like Alias Vault and Mailfence have asked PG to add them to their recommendation list. Also, various privacy companies like Proton have an official presence on PG. That suggests that the privacy community is a huge part of the equation.
I agree 1000%. But there’s no need to be deceptive about it.
First of all, there’s no such thing as Proton photos. There’s only Proton Drive, which is not that special, for which backing up photos is a feature.
Secondly, and more importantly, Ente is in a league of their own.
As far as E2EE cloud back up services are concerned, absolutely no one is doing what they are doing. Not Proton, Not Mega, Not Syn.com, etc…
Ente is the only E2EE service dedicated to photos, and to creating a superior experience for it.
Ente is innovating. No one in the FOSS market is comparable to them. So it makes sense that they are comparing themselves to Google Photos and not Proton.
Aegis does, in fact, have an option to show the next token in advance. Not enabled by default, AFAIK.
I didn’t know that. Thanks for correcting me.
True. What I’d like to see from either bitwarden or proton is a way sync auth both ways, and to give me the option to wipe auth codes off a specific device preferred via the password app. (send the command, wait for confirmation, if it never happens, then you know you likely need to start going though and chaning your auth keys)
I do appreciate that Proton is providing this auth fully free (I mean cost free not, libre mind you) with non google/apple syncing and backup options. It’s also the first auth I’ve found that those features and supports desktop apps on most platforms (deb/rpn, windows, and macos) and most mobile platforms (android/ios). (Edit: e Ente also supports these platforms) Also the fact that you can easily export out of it if you need to is a win (I feel like I read somewhere that Ente lacks this ability but I haven’t confirmed this myself) (edit: this was incorrect).
I just wish there was a single option out there that had that remote wipe option.
Ente Auth is another great option and equally good as Proton Auth if not better. It very recently went through a proper audit so that’s another positive.
Proton Auth does offer sync. You can log into your account and have everything sync.
Not true.
What purpose would this serve?
Sounds like I actually need to take a closer look into Ente. Thanks for the info!
Also the remote wipe would be for if my device was stolen. Ie. you send the kill signal, your device receives it and sends back a confirm signal so you know it happened. If it doesn’t then you know you need to start resetting all your codes.
Your device being stolen is different than the thieves getting into your important apps if they are password protected that don’t rely on biometrics or your phone passcode.
Yes, please do. They make great apps and are fantastic options.
Hey Ente actually do have a way to kill your session from another device under security > view active sessions. If it had a confirmation on the issuer side it would be perfect but still definitely better than the other MFA apps I’ve used. I think I’m sold on Ente. Thanks again for prodding me into taking a deeper look.
There you go. Ente makes great stuff.
I am becoming more certain every day that YubiKey is the best and most secure option among all those available. It’s true that many services don’t support the newest features, but the standard TOTP function works on all platforms, is always with you, and there’s no need to worry if someone were to gain access to your phone.
edit. Took the picture off, just in case someone could still get the deleted names. 
If only you knew… 
Tangential: Here’s Mo Bitar from Standard Notes explaining to Vishnu (CEO at Ente) why he rather not sell, if he could go back in time:
While this is concerning, it isn’t that big of a breach on unrooted Androids, as other installed apps cannot read logs coming from another app. Besides, the 6+ digit output from TOTP on its own isn’t valuable, you’d need the actual password to compromise the account; or the “passcodes”, or the actual underlying secret key from which TOTP is being squeezed out every 30s or so.
Prothenticator is what they should go with if they decided to shorten it. That’s just my 2 cents
Sounds like something in the veterinary world !