Hi,
A question for Proton users. I have a proton account registered under a pseudonym, so as not to directly tie it to my real identity.
However, the same logic leads me not to use certain features (like sharing files and pictures or online documents) of Proton Drive with family and friends, in order not to create a digital link between them (with their real identity email addresses) and me. Does this make sense?
For now, i end up uploading specific files I want to share onto a separate Proton free account and share from that account instead.
Does this make sense or am I missing a point?
Thanks!
What exactly are you trying to accomplish here anyway? I think more clarity on that will aid me to provide an answer for what you’re asking.
It’s not clear to me right now.
1 Like
Don’t confuse anonymity with privacy.
I think a better way to say/word to use there is conflate. Sorry for the pedantry.
But yes.
1 Like
Fair points. I guess what I seek is to limit the ties between that Proton account and my real identity. For instance, I never give out this address and only use aliases with a custom domain. I have other email accounts with my name for official services. But if i was to directly share a file with family members, then observers (Google, since most of the family uses gmail) could draw a direct connection at the very least between my family name and that account (since I would not be using an alias when directly sharing a photo album, for instance).
This. If you have a paid Proton Mail account, that means you can create multiple Proton addresses for different purposes.
A lot of cloud services will show your email address when you share a file via link with someone. I don’t know if that is the case for Proton Drive, someone please confirm. I personally don’t like that and would prefer having the option to hide my email and/or my name.
By default, any time I have to share a file with someone, I use Tresorit Send which is E2EE and I use an alias address with it. I don’t have a paid account.
If I have to send very large files to people who are complete strangers to me, I use Swiss Transfer, which is not E2EE, but it’s a pretty good Swiss company that allows sending up to 50 GB for free. They also don’t require an email address. The files get deleted after 30 days. You can password protect them, and use a VPN to protect your privacy. The files I send via Swiss Transfer are never personally identifiable (passport, photos of me, documents that pertain to me or my family, etc.). It’s usually files that are or were once publicly available (e.g.: YouTube videos). If somehow someone intercepted them, my privacy wouldn’t be harmed.
I’M ON THE SAME BOAT
All that being said, I’m in a similar dilemma to yours in that I don’t want to expose any of my Proton addresses to email accounts from Bid Data providers (Gmail, Yahoo, AOL, Hotmail, etc…). I still haven’t figured out what the best strategy is:
A) Using a Proton Pass alias every time I have to email a Gmail account.
B) Use a Proton address and encrypt the email with a password.
I tend to lean on A, but I would like to lean on B. My issue with B is, once a Gmail user has my Proton address, it’s likely that if they ever need to email me in the future, they will use that address, at which point, my emails are no longer E2EE.
That bothers me. If my emails are not gonna be E2EE, I’d rather use an alias.
For option B, I would ideally want to instruct the Gmail user to reply to an old Proton email I sent them every time they need to email me, that way it’s E2EE. But E2EE emails from Proton to non-Proton addresses self-destruct after 30 days.
1 Like
You can try to impose arbitrary things at people, but people being people will not always be inclined to go with our “whims”. Focusing on content privacy rather anonymity is a more successful strategy.
Its weird to make people call you or put you under a different name on their phones. You can tell people to call you “Smith, Ben” instead of your real name “Smith, John” on their contacts list, but if you tell me years ago to call you that, the immature me will probably put you under the contact name Smith, “Wants to be Called Ben” John.
Accoring to Proton’s TOS sec, 2(7), you cannot.
You agree not to use your Account or the Services for any illegal or prohibited activities. Unauthorized activities include, but are not limited to:
Having multiple free Accounts (e.g. creating bulk signups, creating and/or operating a large number of free Accounts for a single organization or individual);
Did you even read my comment?
Sry seems i quoted the wrong post. Let me fix it
No worries. It’s all good. 
I meant to quote this, just did a quick test, if you use “manage access” to get a direct link instead of using “Share” function, you can share a non-sensitive file to anyone, but it allows anyone with the direct link to access that file. You can protect it with password though.
IF you use “share” feature and share to your contacts (I failed to add non-contact to share list), Proton will send an invite to those people, saying “{YourProtonLoginEmail} shared an item with you”. I dont see an option to hide {YourProtonLoginEmail} from the invite.
Who said I had multiple free accounts?
This is indeed the issue I had and am trying to address. Thanks for checking it. So manage access would be the way, then? But I guess that doesn’t apply to photo albums, right? (might be mistaken, but i think that is a feature now)
If no then that’s all good.
I did a bit more testing on PC, specifically I tried to change default account and see it would also change the {YourProtonLoginEmail} in the invite email, and it worked, though it took like 10 minutes to reflect the change.
If you simply doesn’t want to share your daily driver email address with the others, you can create an email address, and use the “share” function.
I have to say that newly created address does become your login credential so not perfect, but as long as you don’t use that new address for anything else, meaning there is nothing out there to be scooped by 3rd parties, (esp. your family and friends email providers, all the apps with contact permission on their phones, etc.)
However, what HauntSanctuary said is completely valid, so it downs to your priority, would you prefer to
a) protect the shared content through access control but exposing one of your emails, or
b) protecting your REAL DEFAULT address but risk exposing the shared content as it is publicly shared and only protected by a password.
Sure the second you allow the others to download the content then you lose the control of that data.
In terms of “Album” feature, I don’t see it from my web client, it might be a WIP? Current handling of images are just the same as files.
Your best option seems to be to share via public link. I also just did a quick little test, Proton Drive public links don’t share your email, but they also don’t share your name, which I appreciate.
One thing I didn’t like about Mega is that when you share a file with someone via link it shows your name, ie whatever name you have attached to your account, if it’s Bugs Bunny, that’s what will appear. Although you can change the name linked to your account at any moment, and it only takes seconds, I still didn’t appreciate that by default my name appeared.
Although you don’t have to do this, as a general rule, unless there is a time constraint, if I have to share a file with someone that is in my Proton Drive, I will not use Proton Drive to do it. I’ll use Tresorit Send, precisely because it’s not linked to an account (the free version). Both are E2EE. It’s just an extra measure I take, but again, you don’t have to do this.
1 Like
The main problem here is…why use Proton Drive for this functionality? Unless they are also on Proton either through an individual or family account, I can’t see why you can’t download and send these files over Signal, an aliased email address, and perhaps Tresorit Send for larger files.
The only scenario I can imagine where a Proton Drive link is needed would be for larger files or folders. If you are worried about having your Proton account linked with your family and friends, you risk breaking the security model that compartmentalization offers you. Although public links can prevent people from viewing your account information, there is the issue of whether you are more worried about anonymity (i.e. from government threat actors) and tying your account information to that particular real-world connection. If you don’t care about this threat model, then public links work well for your usage case.
You should use intermediaries like an aliased E2EE email or Signal to send most files. If there is a need to send larger files, Tresorit send works fine like what @PurpleDime mentioned.
I guess it applies to files, but maybe my use case is more pictures. I used to use Ente, but the free account won’t let me share public links anymore and I have long since reached my limit for paid subscriptions. Since i already pay for proton, might as well use it and it does display pictures somewhat nicely.
I had done some tests with my Proton account opening the link in incognito mode -using Brave-, I did not see that there was any way to display my email or my name when sharing a file without the option to collaborate, but using the function to collaborate in documents does show my name in the public link, and I did not see that there was any option to hide it.
I just tried, I couldn’t see owners’ information on a publicly shared document, but of course if you collaborate with your account logged in, or made suggestions with your account logged in, your username will be shown.