- cross-posted to:
- linuxfurs@pawb.social
- cross-posted to:
- linuxfurs@pawb.social
So, what is general concesus about Proton, is it safe or not? I dont use it because you need to pay for Bridge to use it in Thunderbird. Maybe I would use if it has a dedicated app.
It depends on what you want. If you want a solution that makes sure your provider won’t be able to read your data? It is sure safe for that.
Generally I would distrust any company claiming that our swiss privacy laws are worth a dime - in fact they are shit and among the worst in Europe. Swiss intelligence laws actually force companies to cooperate in a much broader sense than even the national security laws in the US do. And of course there is no judge involved and they can basically share the collected data with whoever they want.
"Anyone can download the app, but free users will be given a 14-day trial to test drive it.’
So it’s only for premium users ?
Hey it takes effort to make a WebView for mail.proton.com
They need to see how to package the dedicated browser for all the different distros and operating systems, make a nice icon and so ok. It takes hours
They should sell this masterpiece for much more
Baby steps that take Proton from a great service to a toy for the masses in the effort to increase revenue. AI features are next
“After years of pushing their proprietary and closed solutions to privacy minded people Proton decided that it was in their best interest to further bury said users into their service as a form of vendor lock-in. To achieve this they made more non-standard desktop clients for their groupware features (contacts and calendars) and the bridge will be discontinued soon.”
Only if there wasn’t CardDAV, CalDAV, IMAP, SMTP and dozens of other highly standardized protocols to handle e-mailing and groupware.
Is the bridge actually being discontinued? People have been saying that a lot recently but I’ve not seen any evidence for it, and not in the linked article.
I’m annoyed that they don’t support SMTP, but realistically they actually can’t unless they have the ability to read your email, which they don’t.
Is the bridge actually being discontinued?
No, but what from their moves it is very clear it won’t live long.
they don’t support SMTP, but realistically they actually can’t unless they have the ability to read your emai
Technically they do use SMTP… and it’s possible for a provider and provide submission and generic SMTP do clients without having to read the email content.
There are lots of ways to do e2e encryption on e-mail (no server access to the contents) over SMTP (OpenPGP, S/MIME etc.). There are also header minimization options to prevent metadata leakage. And Proton decided NOT to use any of those proven solutions (in a standard and open way at least) and go for some obscure implementation instead because it fits their business better and makes development faster.
Because with proven concepts the swiss intelligence services would be locked out. And now people have to trust their claims of “swiss privacy laws” (who are shit - the worst in Central Europe. Switzerland had multiple scandals, from a system that had intelligence files on a large percentage of their “unreliable” citizens as part of the “Fichenskandal” to them recently admitting that most internet traffic within and all traffic leaving and entering Switzerland is monitored by the swiss intelligence services - without so much as a judges permit). Yeah, I know, they are audited…But since Snowden we all know how much that is worth.
Aaaand it’s electron garbage.
Out of the loop, what’s wrong with electron?
It’s basically Chrome. It’s not a real application, it’s a website pretending to be one. It uses a metric fuckton of RAM and eats your battery faster than Prince Andrew a minor.
If Firefox could allow their engine to be packaged like this I’d use it. The problem I see here is chromium. Everything is a trade off and we need more ways to build maintainable cross platform applications.
Slack, for example, is Electron and it runs great. One of the best apps I’ve used. And it works better than the browser version…
The hate on Lemmy of electron is a bit of an overreaction if you ask me. Yeah it uses more ram than is necessary but again everything is a trade off. Not everything can be a hard to maintain rust app. Let’s try to embrace cross platform solutions, though yes fuck chrome/google, so sure criticize that part of it.
Rust is infinitely easier to maintain than mountains of untyped js garbage libraries built upon left pad
Let me get this right… you’re complaining about Chromium, but you use Slack? You do realize Chromium had better Linux support for things like HW-accelerated decoding than Firefox? Also, the Chromium sandbox is superior to Firefox.
Chromium had better Linux support for things like HW-accelerated decoding than Firefox?
Source? Experienced the exact opposite, especially on Wayland.
You can track the bug history here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1751363
You can see here Chromium had support for this for several years prior:
https://aur.archlinux.org/cgit/aur.git/log/PKGBUILD?h=chromium-vaapi
Android being based on Linux prob has something to do with Chromium’s strong Linux support, but Mozilla has consistently prioritized Windows/Mac. Despite it still be challenging, building Chromium from source has always been a lot easier IMO than trying to create a custom build of Firefox.
Regardless, when it comes to privacy, Chromium itself is pretty stripped down and has policy-based integrations that put it on par with Firefox in terms of security. Even with Firefox, you’d have to modify quite a few policies to improve security. Tor/Mullvad Browser though do a better job in many ways and there is no equal to those privacy enhancements on Chromium that I know of, unless you’re using something like GrapheneOS.
Point being, people like to complain about Chromium a lot & act like Apple fan bois for Firefox, when in reality privacy is nearly the same with both with some minor configurations.
Chromium is not stripped down at all, just use googerteller and see. It contacts Google everywhere, on the password list, on the account list, in some settings pages, and just randomly sometimes.
It is very crazy. And also it is not fingerprint resistant at all.
I am using all flag settings, policies and GUI settings possibly existing and it still is like that. So no, it is not the same privacy-wise.
Let’s try to embrace cross platform solutions,
[JavaFX has entered the chat.]
I don’t know what javafx is, but java is hell. For me. I’m glad it works for others
I don’t know what javafx is
It’s what you deploy to your users if you want to work around ad blockers and browser extensions. It’s a great tool to get operating system level access to exfiltrate information about your users and identify them uniquely, even if they would prefer that not to happen.
All that with the help of Google’s telemetry engine aka Chrome, which further helps Alphabet to manifest their interpretation of web standards in the world.
We worked to move things onto the web. Now people bring the web back to your desktop with every application bringing it’s own browser shell. We have come full circle and we’re now using 10x the resources.
Electron is the prime example of everything that is wrong in IT.
Wow. That sounds horrible. Do you have a source about the system level access statement? I would like to see people’s thoughts on it, if it’s as bad as it sounds, I’m surprised I haven’t heard about it before
Do you have a source about the system level access statement?
Electron apps are native apps with the Chromium browser embedded in their windows, so they can do anything a native app can. It supports Node.js modules for things like filesystem access, and can interop with C++ code by writing an add on (https://nodejs.org/api/addons.html)
Ah ok gotcha. Thanks.
What source do you need? It’s almost literally the mission statement of Electron.
I’ve never gone to the webpage of electron
It’s just the webapp. If we want the webapp we use a browser.
This. Its webapp with more persistent storage maybe. If the Browsers could integrate this, it would be a gamechanger.
I am also very sure that Chrome preloads google. com to make it seem to “load faster”. Its all just preloading or persistent storage
Each electron App is actually a full independent chromium browser install running a website. It’s easy to code for and works cross platform as a result, but it’s essentially just a website, although they can run offline depending on what’s been built in to the local app.
Each electron app running on your system is a separate full chromium app running, with no sharing of resources between each instance. So they take up a lot of space each and duplicate all the resource usage, and potentially the security flaws.
oh yikes. that sucks.
Electron runs a core Chromium Browser + NodeJS + a bit more.
Unlike Chromium itself it is not backwards compatible and removes a ton of things like its sandboxing capabilities.
I am not sure how it is less secure, but it may use more RAM (also not always but generally yes of course), doesnt allow hardening (unlike android WebView apps) and breaks LD_PRELOAD-ing another memory allocator.
This is only a big problem in special cases, in general it makes apps strictly dependend on GNU glibc and others, no idea how it works on Alpine or others (that actually try to make a secure system).
If somebody knows more about security concerns about Electron, please add.
Ugh, I was looking forward to replacing Thunderbird/Bridge, but never mind.
No way.
I went here for this info. Thanks.
Idk, got thunderbird set up and feeling pretty happy with it.
The proton desktop app was pretty slow when i checked it. I might give thunderbird a go.
Have to use a student account, gmail and my main protonmail account. Tying everything up in one window is just nice.
Speaking of mail apps, has anyone used Thunderbird recently? I had used it for a year or two up until . . . a year or two ago (probably two or three, actually) and then switched to kmail to satisfy my masochism. Thunderbird just hadn’t been doing it for me with meh functionality and slightly more meh looks.
Fast forward to yesterday when I’m updating my steamdeck desktop to use nix stuff instead of rwfus+pacman and I couldn’t get kmail from nix to behave right so I thought I’d give thunderbird another look. I’m several hours into tinkering with it and holy hell has it changed pretty much completely from a few years ago. Looks fantastic and works pretty much exactly how I want/expect it to. Good job mozilla!
Thunderbird is fine.
Tbh I have no idea what they are doing though, they have more funding than GNOME but after Supernova I didnt see any updates.
See my list of flatpak repositories
There is an unofficial Thunderbird nightly Flatpak, that will likely reveal what the hell they are doing.
So Supernova is kinda nice, mainly a big overhaul of the underlying stuff, making it easier to maintain.
It lacks a ton of things like Threads (the addon TB Conversation works though). Also their “spaces” bar is useless, as it just opens tabs, so it is redundant. Good idea, but only if it could replace tabs.
Their search and filter stuff is still the same, really bad. Either displaced in the message list column, as the global search still opens a new tab which is kinda bad UI.
Some addons broke too, not a big deal though.
I have the feeling they removed nested filters, which is extremely bad, but filters still work.
Thunderbird works well.
I believe I read somewhere they’re focusing heavily on the mobile app at the moment (or rather turning K-9 into their mobile app). Once they get that out, we’ll see where the desktop goes.
That too but afaik thats a separate Android dev
I’ve never found Thunderbird search bad compared to alternatives, as long as I’m not looking to find content inside attachments. Really fast and responsive and being a desktop client without paginated results makes moving and deleting in bulk so much easier. Would love it to be as powerful as Voidtools Everything to get a bit more granular sometimes but otherwise pretty happy with it.
I mean, I think their global search is not that useful, while their inline mail list search is. So I have a cluttered UI with 2 search bars, to supplement the incomplete inline search.
Yeah, Proton is awesome, that’s for sure. Now, being a “security and privacy” company, it blows my mind that they put so much effort on making apps for Windows and Mac first, leaving Linux behind, and when they finally get to it, they just dump in a glorified PWA. This world is really weird 🤣🤣
And that they decided to go with RPM and DEB instead of just doing a Flatpak
I prefer rpm over flatpak. at least I know any os dependency updates are happening regularly, flatpak may not get weekly dependency updates from proton
Its kinda annoying for anyone not on debian or fedora (and derivatives) though.
I’m on OpenSuse which will take a Fedora RPM, and most will take deb, if they don’t you can uae the alien tool to convert it for your OS…extra steps which sucks
“Extra steps for thee, not for me!”
Its just a webview app…
Yep. Installed it, started it, saw it is basically the website in an embedded browser, uninstalled it.
Like, come on, you have a web version. Why should I use an extra application to view a website. This seems like a cheap excuse for a desktop app.
Does it support offline access?
It does not. Which is the reason I wanted the app…
How to completely fail on a mail client. Holy hell.
Proton seems on the wrong side of the usability - privacy spectrum. Every last feature I’d want from an online provider is impossible or massively neutered by the overly strict security.
I wish there was a similar service in a trustworthy country with a more sane level of safety, like opt-in encryption for example.