Why do the people in this thread care if proton is digging into their competetors as far as i can see they have every rights and i see this as community awareness
this post was submitted on 13 Feb 2024
93 points (96.0% liked)
Proton
5002 readers
73 users here now
Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.
Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.
Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.
Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.
Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.
Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.
SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.
founded 1 year ago
MODERATORS
Encryption will not protect your privacy in the specific case of Dropbox.
They look into your activity, not files.
And that's pretty much standard for any kind of commercial SaaS, just because of security concerns.
Also, they are quite transparent about the provider they are using for internal activities (Stripe, etc.). Companies in EU will typically not disclose such information. For example, Dropbox disclose the use of AWS (for hosting the infra & code, I guess), whereas Proton does not disclose any hosting company.
Because they actually run their own infrastructure? They own their own IP space, so the only thing they'd be disclosing is the ISP's they advertise that IP space through, which you could glean via traceroute anyways.
Don't get me wrong, these Proton blog posts are all just thinly veiled ads for their own products, but knocking them for not being transparent about their tech is disingenuous, with their track record of the opposite. Are they open source? No. Are they forthcoming on the steps they take to protect your data (including from themselves)? You betcha.
Dropbox on the other hand has been breeches multiple times, and each time they slow walk customer notifications to try and mitigate damage to their brand, to the detriment of the customers.
I was not saying "Dropbox good" or "Proton bad", just correcting a few things about the privacy policy in itself and what it means.
When you say things like, "Proton doesn't disclose any hosting company," after going on about Dropbox being out of the norm because they do, you are in fact specifically saying "Dropbox good, Proton bad." You haven't corrected anything, just rushed to the defense of your preferred company. And if you prefer Dropbox over Proton, that's fine. There are plenty of people who simply don't care about online privacy or see the trade offs for giving their data away as a fair price for "free" services. That said, there's nothing in that Proton blog post that's actually wrong, as far as I can see.
Just to clarify, I'm self-hosting. I'm using neither Proton nor Dropbox.
However, I'm a privacy pro, and I read Privacy Policies on a daily basis (ok.. weekly basis).
The US companies recently moved to disclose ALL the providers they are using (including for controller activities) where European companies still hide this information (and disclose only the providers used to deliver the service). For a very concrete example, Salesforces is mentionned by Dropbox where Proton is silent about the crm they use.
On this specific aspect, the USA are ahead of EU.
That's all I meant.
If you want to read it as "give your data to the USA", feel free, but that's not what I said.
The clarification is appreciated, but I didn't say anything about giving data to the USA. I was talking specifically in the context of free vs paid services and in this case, if one opts for the free tier of Dropbox, one is giving Dropbox and all those other companies listed access to one's info.
I have been meaning to empty my Dropbox and move everything over to proton drive.
BoxCryptor was bought by dropbox about a year ago.
Just use encryption like Cryptomator, before sending data to the cloud (so also Dropbox) and you are safe.
So that solves the problem of them reading your files, but it doesn't solve the metadata collection portion.
They will still have your location, details of your device, geo location data, probably IP space, not to mention the ability to do pattern of life analysis on you as you modify and move files.
Protecting the contents of your files seems like a logical first step, but that's not the only step.
I use encryption for my backups but so far it's proven too inconvenient for the actual files
Why? Just store your files locally in the encrypted vault, which will be synced with Dropbox. And you could even use MountainDuck for the communication between Dropbox and your computer, so you don’t need the Dropbox software (and all the tracking/analytics) at all.
(I use onedrive but same principle applies)
Mainly just that, there's no way to access files except thought the vault software. Other apps, third or first party, can't use them. I can't see them online or use any web documents/shared documents. It basically turns cloud storage into a syncing app, but I can just use syncthing for that.