Proton has a business model where they want the user to put their eggs all in one basket. If you want that kind of userbase you need to leave your personal politics out of it. The problem isn’t that the CEO is right wing. It’s that he is very publicly right wing. Supports a known huckster. And lastly could be vying for a role in the administration. All of this calls into question just for how long Proton will be secure before they are selling user info to the state.
Politics are very fucking important in terms of security for whistleblowers and dissidents. They are the canaries in the coalmine as far as personal liberties go.
Most people don’t compile their clients, Proton could potentially compile a malicious version.
If you ever use the web version, they could send you a malicious javascript.
Sure, you can compile your clients, but even then, most incoming email are not end to end encrypted, Proton has access to the plaintext of almost every email you receive, things like password reset links, verification codes, etc…
They could also log any metadata. IP addressed, time of access, email address that you sent to and receive from.
Proton has a business model where they want the user to put their eggs all in one basket. If you want that kind of userbase you need to leave your personal politics out of it. The problem isn’t that the CEO is right wing. It’s that he is very publicly right wing. Supports a known huckster. And lastly could be vying for a role in the administration. All of this calls into question just for how long Proton will be secure before they are selling user info to the state.
Politics are very fucking important in terms of security for whistleblowers and dissidents. They are the canaries in the coalmine as far as personal liberties go.
This is the importance of it being open source. If they started shifting away from that then it would raise eyebrows
Umm… open source doesn’t mean a lot.
Most people don’t compile their clients, Proton could potentially compile a malicious version.
If you ever use the web version, they could send you a malicious javascript.
Sure, you can compile your clients, but even then, most incoming email are not end to end encrypted, Proton has access to the plaintext of almost every email you receive, things like password reset links, verification codes, etc…
They could also log any metadata. IP addressed, time of access, email address that you sent to and receive from.