TL;DR: THO goes into how Proton makes its users vulnerable by having a large ecosystem.
In my opinion, THO makes some valid points. It’s always good to compartmentalize and have the option to easily do so. I don’t have an issue with Proton creating an ecosystem. It’s important that they are able to compete with Google and Microsoft, especially on the business market. If Proton and other privacy companies can steer businesses away from these two Big Tech companies, it would be a huge game changer.
What I take issue with is Proton trying to lock people into their ecosystem. Specifically, I take issue with Proton not allowing their users to have multiple subscriptions under the same account.
This is something I have voiced multiple timesin the past. If I only need Proton Mail Plus and Proton Drive Plus, I should be able to subscribe to both and not be forced into upgrading to Proton Unlimited. Having to create a second Proton account is useful, but offers a subpar experience for those who just want to use a single account.
I also agree with THO that if you use Proton Pass, it is probably wise to not use any other Proton product with the same account, other than Simple Login.
Moreover, Proton should try to find ways to protect users who use multiple Proton products under the same account. For example, IMO, they should copy 1Password’s model and have a unique security key for Proton Pass, so that if someone has your password, they cannot log into your account on a new device without that security key.
The more involved a user is in the Proton ecosystem the higher the switching cost is to diversify. Which makes it easier for Proton to keep you paying a subscription. This is why Proton does not allow you to choose services ala carte and instead forces you to bundle. This just increases the chances you will rely on Proton for more services.
What do you mean? THO is a well-known and reputable member in the privacy community. He may have strong and somewhat extreme opinions, but he’s very different from people like Rob Braxman, or am I mistaken? I do agree with you that we should spend less time talking about fud, except for warning others about it.
That doesn’t by default make him an authority on how best to evaluate things especially when the reputation appears to be waning if thought about it critically (or atleast ought to be).
You should read up on the Proton video he made that was posted here and see what people are thinking. THO is becoming more and more sus if he keeps up with being contrarian just for the sake of it.
I mentioned this in a TWIP podcast before, but no content creator should be trusted blindly 100%. Privacy Guides should never be trusted 100% as well.
At the end of the day, content creators have their own views. There is nothing wrong with hosting opinions, but projecting them as an objective truth is dangerous.
Perhaps THO was irked after being ghosted by Proton, which reinforced his growing doubts about the Proton ecosystem. There are a lot of people who agree with him, and for valid reasons! Like, would you trust any company with your data just because they said so? I even unsubscribed from Proton Unlimited for this very reason.
So if that’s a completely valid take, why am I even typing this? Well, not everyone has the money to self-host or pay for multiple services. Proton being an ecosystem is a benefit for the average person, but not particularly great for high-risk threat models.
While I’m sure that he doesn’t have ill intentions, there is growing trend of content creators going after privacy-friendly solutions because they don’t go far enough. Which ironically ends up harming a lot of people. (not saying that THO is doing this for the record)
TLDR; THO has valid opinions, but reconsider whether your situation would actually fit what he suggests is the optimal choice for your privacy journey.
Yes, I put that just because I heard the argument here before that since they’re non profit, they will never go the enshittification path, which I find a bit naïve.
Well, anything can happen to any company. But I trust Proton at the moment to ensure of this.
Also, I don’t believe everything THO is saying here about Proton is valid. Some are, some aren’t. For all the examples he gives, he doesn’t mention the details of the story but only covers as the headlines reads.
Also, not everything THO is saying is also accurate here. It’s all his opinions but he says it like he is claiming things as they are. He’s wrong. He also says this is a nuanced take. Not quite, is it now? Given the bone he has to pick with Proton? But I don’t want this thread to become another debate here.
I never understood why a self-proclaimed “hated one” and a creator prejudiced by Google’s algorithms is not making their content available on other platforms, such as Peertube.
Valid points and thoughtful realistic suggestion at the end, good stuff as always. Convenience is mentioned a lot in his YT comments. Every good OPSEC dies right after that word.
His points are absolutely right, and on Privacy Guides we should be suggesting the best approach first (diversification) rather than suggesting stuff just because it’s easier for the average person. The average person would not be reading privacy guides anyway if they have no need or interest. If they have a need or interest, they should be diversifying their apps.
I’m a proton plus subscriber and I use it for email, calendar and drive. Nothing else though. It’s definitely super annoying to see how they just keep putting out more and more products instead of focusing on their core business products. Proton is a mile wide, inch deep platform at this point. It’s especially frustrating how they still haven’t addressed some of the super requested features for years such as supporting UnifiedPush instead of relying on Google’s push notification platform for Android.
I’d be happier if PG started recommending for users to use custom domains (maybe too complex?) when signing up for these email providers. At least this way a user would never be too tied down to them and could always jump ship without having to update their email everywhere.
Besides the data centralization concern, I wanted to use Mullvad and didn’t feel Proton was useful enough for me beyond its email feature. If Proton Drive supported Linux, I may resubscribe. Otherwise, the ecosystem was a bit tiring to deal with unless you go all in.
I’m new here. I know nothing about THO and have never watched their videos before.
However, I don’t know how anyone on this forum can totally back a service or collection of services which progressively and furiously target so many social media accounts to fund, sponsor, etc their products. It leaves not only a bad taste in my mouth, but gives me an absolute reason to not trust their product(s) at all. I mean, look at the controversy on their subreddit for example. They’re using alt accounts on other subreddits to pretend to be an average user to promote their spreadsheet product. Their main subreddt itself removes any submission that could slightly be critical of their services. How can anyone support this? There is no transparency at all.
The arguments in this video are sound. If given a court order, not only does this “privacy” company have data on your usage of one of their services, but usage on all of them, and can link them between metadata.
I’ve had a bad feeling of proton for some time now, and I cringe anytime I see it suggested as a solution to any sort of privacy.
I think the concern is, should the people who’re likely to be targeted with search warrants use a non-self hosted solution in the first place? Instead of any company, maybe they should just self-host their own email and storage, or use cryptomator for the cloud-based storage they require.
Proton has a specific usage case. They’re currently an imperfect ecosystem at worst, but it’s still appealing for people who don’t want to use Microsoft 365 or Google Suite.