Just tried it using ProtonVPN and it is not working for me either. They've apparently got a way to detect and stop it from working if you use a VPN. source
Hi Andy! Thanks for doing this. Eventually, using a VPN comes down to “how much do you trust the VPN provider”. And a lot of this trust is directly tied to the people running the company today. But people will inevitably change or find a new job and leave the company and after a while the core ideas behind the company might get lost or could become compromised. So - first question - how are you planning to ensure that your line of thought will be consistent and coherent throughout the years as well as with future boards of directors and management and when should we become alarmed in case things go wrong? Second question - looking at what happened to /r/CopperheadOS how can we be sure that there won’t be any hostile takeovers from third parties? I realise that from a legal point of view Switzerland is not the US so someone taking over the company is rather unlikely, but it’s also worth remembering that ProtonVPN is, in fact, a separate company but nonetheless we have to trust a separate entity that is legally not the same as “ProtonMail” and the software ProtonVPN is running is not directly verifiable like for Open Source software, hence my question.
From their website:
We believe privacy and security are fundamental human rights, so we also provide a free version of ProtonVPN to the public. Unlike other free VPNs, there are no catches. We don't serve ads or secretly sell your browsing history. ProtonVPN Free is subsidized by ProtonVPN paid users. If you would like to support online privacy, please consider upgrading to a paid plan for faster speeds and more features.
;utm_campaign=1302&bestdeal
For the 1000th time:
Protonmail has to comply with the Swiss law when they are asked to keep IP records. Before that, they did not keep any IP logs.
Even then, the Proton Company fights every claim they get (as shown clearly on their yearly Transparency Report, and in this instance they couldn't say no.
Proton is not gonna put their head out for some random user that happens to have done something illegal.
For this reason, Proton actively encourages people to use TOR/ProtonVPN when connecting to ProtonMail: on ProtonVPN they will give only the VPNs IP, not the end-user's one. As for TOR, well, they only have a Tor-exit-node IP to give, as IP records previous to that were not registered.
Don't let sensationalism and click-bait headlines deceive you. Always do your own research.
Hi guys, VikingVPN admin here.
Our warrant canary is a "dead man's switch" style canary that activates if we do not refresh a timer at regular intervals. I am currently in Austria doing unrelated work for OSTIF (negotiating with the Austrian government to establish an EU wing) and did not get to it in time due to an overloaded schedule. The service is fine and we have received no requests for information, clandestine or otherwise.
I will publish a signed statement on the transparency blog shortly.
I'm glad that someone noticed!
Edit: The canary has been updated, and the PGP signed statement is up on our transparency blog.
Since you mention ProtonVPN, by default ProtonVPN would redirect all DNS requests.
There's lots of stuff I want back for extensions but it all comes down to the ability to modify the browser chrome like they used to. Because that would give extensions:
The ability to create native-looking UIs (FoxyProxys configuration window, Greasemonkeys integration into about:addons). In general better integration with the browser.
Styling the browser chrome without having to manually hack on some css file which might need to be updated for every other firefox version. (With Classic Theme Restorer an experienced developer took care of that for me.)
Hiding existing browser toolbars (like the tabs) and adding new toolbars.
Multi-line tab bar or moving the tab bar below the address bar or even below the content view
Reordering context menus and removing unwanted items
Better interoperability between Addons. As an example TreeStyleTab didn't implement a new tab bar, it simply restyled the existing one to be vertical. That means other addons that would e.g. color tabs on some conditions or add items to the tabs context menu would still work.
A consistent experience for Mouse Gestures. With WebExtensions they have to be detected using injected content scripts. As I understand websites might try to mess with that plus they do not work on internal pages.
EDIT: Not to forget the most powerful addons like Tab Mix Plus, Tab Groups, Vimperator and Pentadactyl were only possible because of that
Also from the article: > The items above represent some of the bigger changes,
Toggling reader mode API is some of the bigger changes? That has to be a joke.
Not really reddits fault though, I hope you realize that? Reddit was already a huge and known time waster when it only had messaging. Chat was surely just the straw that broke the camels back.
Anyways we have bluecoat where I work too and since I'm a sysadmin I can't have it randomly block important blogs or forums that I'm trying to read so I've setup a number of ssh tunnels and manage them with the Firefox plugin FoxyProxy. That way FoxyProxy recognizes by the URL which proxy I need to use and sends me through that tunnel.
Improvise, adapt, overcome. Or quit your job.
This is the best deal on the internet.
-Edit- So I've also heard you can have your account banned from purchasing further on Origin, however, this is NOT again st ToS so they can't rightfully do that. Therefore, you can call EA's support and argue that not only is it not evident in the Origin / EA ToS that purchasing software from another country for your American account is against the terms, but it's a wrongful ban, causing you mental and physical damages, as well as massive amounts of stress, which can be brought up in court, if the ban was not reversed.
16, just slap that motherfucker in a dvd player and extract the files. Then download and set up YouTube-dl and ffmpeg so you never have to burn a CD again. As long as you have a good ad blocker (I recommend Ublock Origin) and a VPN if you're paranoid (I use ProtonVPN), and have choice selection, and has cracked versions of most popular steam games. Of course, piracy is WRONG and ILLEGAL and A CRIME and you should totally NOT do it to be NOT cool. This went off track from burning cds, but alas
They claim
> ProtonVPN for Android is the world’s only Android VPN app that is completely free and doesn’t have bandwidth limits. Unlike other “free” Android VPNs, ProtonVPN has no ads and does not secretly sell your browsing data.
Read the article dude,
>Free services these days are rightfully regarded with a bit of suspicion. After all, Google and Facebook, which are “free,” are actually charging you by compromising your privacy to advertisers. But ProtonVPN is different. We are the only free VPN with no bandwidth limits, data caps, or privacy invading ads. We do not install malware on your device or sell your data to third parties (we have a strict no-logs policy). Instead our free VPN service is supported by paid plans, which come with advanced security features and higher speeds.
Furthermore, it got audited by Mozilla, and they are the same devs behind ProtonMail — they’re more than reliable.
I used to trust ProtonVPN, but they actually broke their own policy of not logging user data and handed the email of a climate activist to the Swiss government.
Edit: They seem to be under legal obligations, and they can only be forced to give info for ProtonMail and not ProtonVPN. So, yeah, they're good.
No problem!
A SOCKS proxy is very useful when it comes to troubleshooting. Let's say I'm sat in my office, and I want to see what's going on on the network that a remote server is connected to. I have ssh access to the server.
By using a command like:
$ ssh -D 4444 my.testing.server
I have created a SOCKS proxy that I can connect to.
If I now use something like FoxyProxy in Firefox, and input the SOCKS proxy details as:
localhost 4444
I will be able to browse local machines on the remote network that are running a web server, just by typing in their IP address.
So if my remote server is on a private network, at 192.168.0.10, and they also have a web server at 192.168.0.11. I can create a proxy, fire up foxy, and view their site as if it were on a machine sat next to me.
You can even take it one step further!
Let's say my ~~government~~ company doesn't want me looking at ~~other countries~~ pictures of cats during work hours (as an example) and they block traffic to ~~/r/murica~~ /r/aww.
I can set up a SOCKS proxy, and then change all of my Internet settings to go through the proxy (as you would with FoxyProxy.)
On OS X this is trivial (slightly more in depth with Linux/Windows/Other) in that you just go to System Preferences -> Network -> <Your Device> -> Advanced -> Proxies -> SOCKS Proxy -> <Fill Details>
Now everything you do in your session (iTunes, Safari, Messages, Spotify) should honour your Internet settings, and all traffic goes through the system you're ssh'd into.
How great is that?!
My personal privacy setup is using as much open source software as possible and avoid Google/Amazon/Microsoft/Apple/Facebook/Dropbox as much as possible
OS: Windows 10 and Fedora 29 Dual Boot
Smartphone: Iphone (waiting for Librem 5)
Browser: Firefox with Ublock, HTTPS Everywhere, Privacy Badger, Decentraleyes, Facebook Container, Cookie Autodelete, KeepassXC Browser Addon, Joplin WebClipper,
Brave Browser as my second Browser
Email: Tutanota as Main Email, ProtonMail and Disroot Mail as Backup/Second Email
Thunderbird for accessing old email providers - Instead of the inbuilt email app (worst email program ever)
Cloud Storage: Nextcloud server from OwnCube Free 5GB and Discroot Cloud - Instead of Dropbox
Notes: Joplin and StandardNotes stored in Nextcloud(more Joplin because it's better structured with different notebooks) - Instead of Evernote and Onenote
Music and Video: Clementine Music Player and VLC Media Player - Instead of the inbuilt Windows apps (worst music and video player ever)
Messager: Signal - Instead of Whatsapp (Most friends still using Whatsapp :( )
Watching Videos: Invidious - Instead of Youtube ( I know it's still Youtube but a bit more anonymous)
Maps: OpenStreetMap - Instead of Google Maps
Password Manager: KeepassXC and Keepass Touch on IOS
Translator: DeepL - Instead of Google Translate
Search Engine: Startpage - Instead of Google
PC-Cleaning: Bleachbit ; File-Manager: 7zip - Instead of Winrar and Ccleaner
Office: LibreOffice ; Creative: Blender, Krita, Gimp, Inkscape - Instead of Microsoft and Adobe products
VPN: ProtonVPN
Protonail was legally obligated to give ip addresses of a specific user because of Swiss law surrounding email. the laws are different for vpns, they cannot be compelled to hand over data for ProtonVPN.
edit: they did not have ip addresses on hand, they were forced to start logging for one specific user and then forced to hand those over.
TLDR: as long as its not email, and you are not a Swiss criminal, you are safe with proton
We actually have more developers now, but the difference is that recently we have been working on bigger projects and clearing out some technical debt from the earlier days to pave the way for the next stage of development.
ProtonMail Bridge is an example of a "big" project that takes longer. Bridge adds IMAP support, but this also means that changes are required on all clients (iOS/Android/Web, etc) in order to support the new range of behaviors that are possible with IMAP. However, a lot of the work done here can be re-used, and for example, will allow us to add IMAP import/export much more easily.
ProtonVPN is also on an accelerated development timeline. ProtonMail was 2 years from beta to public release, with ProtonVPN, we're reducing this to 4 months.
There has also been more focus on the backend (stuff users don't see). For example, improving search performance, improving API performance, finding more reliable ways to store petabytes of encrypted data, and overall site reliability engineering to reduce even further the risks of downtime.
Then there is also time spent on several other email related "big" projects, some which are among the most ambitious we have done so far. We're not ready to give too many details yet, but generally speaking, the new features we are adding, all tend to have longer development lifecycles, because they are harder and more revolutionary.
Relay Pro for reddit
Spotify / SoundCloud / Phonograph for music
Evernote for note-taking
Snapseed + VSCO for photo editing
Action Launcher for Launcher
SwiftKey for Keyboard
Firefox + Addons for Internet
Youtube Vanced for PiP Youtube
ProtonVPN for VPN use.
Some will likely don't like that this essentially is Mozilla advertising an external service.
But to me, at least, that is outweighed by the fact that for Mozilla this is an additional revenue stream which means they are less reliant on their deal with Google.
And for users this means that a VPN service, in a sea of questionable options, has now been scrutinized and recommended by Mozilla. Which means that ProtonVPN gains an even greater level of trust as well as the promotion Mozilla provides.
So a good VPN will grow while being closely monitored by Mozilla for any possible, albeit unlikely, future shenanigans.
So users can be fairly confident that it's a good, and safe, choice if one wants to use a VPN service.
Partnership with ProtonVPN. Good company, fast speeds. I use it at hotels when I travel to prevent snooping on open WiFi.
EDIT: Don’t buy through Firefox though, they charge $10 for the same thing that Proton sells for $8.
Andy here, I literally just had a call with Jason Donenfeld this afternoon about this. Yes, it is planned, most likely sometime next year. ProtonVPN's infra and user base has grown a lot in the past 12 months, we just released the iOS app, and we're working on preparing to make all the apps open source (as that's one of our firm goals we have outlined for 2019), so we've got a lot of plates spinning at the same time on the VPN side (and this is without getting into all the projects happening on the Mail side). We need a couple months to stabilize things and then we will start working in this direction.
Hi, ProtonMail team here. We have responded previously to this, it's a smear campaign being run against us by Private Internet Access since ProtonVPN is competing with them.
You can find our response here: _and_tesonet/
I used a throwaway Pi image and connected through ProtonVPN. I then asked for the english version of the page and proceeded to click on pre-sale. First of all, the page switched back to spanish as it is the only option. Then it asked for my name, e-mail and verification for which I selected Passport. I entered a made up name, one of my my fake spam addresses and some random numbers for passport. It accepted all of it! No picture of my passport was requested, just a field to type in. It then proceeded to throw up all over itself.
I've seen some sketchy shit in my day and this one stinks to high heaven.
EDIT: Oh. MY. God. It worked on the second try. It says it is sending a verification e-mail. I USED GIBBERISH AS VERIFICATION!! For the love of all that is holy, do not give these people your banking information or any information.
If you look closely, you will see that the new storage space indicator is inspired by the server load icon which first debuted on the ProtonVPN windows app back in 2017.
We spent a lot of time refining little things like that. The 4.0 design also has a "single piece" background, which makes it easy for users to customize colors or add their own background image to make your encrypted services unique and truly yours.
The quick select to go between Day/Week/Month, etc, views, instead of using a dropdown, makes calendar navigation much faster and less confusing. The quick access time-zone dropdown also makes life a lot easier if you work/travel across multiple timezones (as the Proton team does as we have team members from practically every continent). The next event display at the top is also something that we hope users will find useful and makes it less likely to forget an appointment. There are also little subtle things, like the week of the year visible in the month view.
In general, the beta version will only have maybe 10-15% of the overall feature set that we plan to introduce eventually into ProtonCalendar. The crypto is also quite sophisticated. Not only are events encrypted, but they are also digitally signed, so you can be sure that the server didn't tamper with it without your knowledge. We like to get things right before we release them, even the little things, and that's why in general, we don't like to rush the process.
No such thing.
You need to assume any public WiFi like that is insecure (because they are).
Instead you’ll want to use a vpn service. I recommend ProtonVPN, but this is something you want to spend some time researching because all VPN services are not equal.
OK For those who are unable to connect:
Go to Amazon. Sign up for a free micro instance.
Start Micro instance.
Log into instance. Execute the following commands:
sudo su - root
yum install gcc
yum install asciidoc
Download tiny proxy:
wget .bz2
bunzip2 .bz2
tar -xvf
cd tinyproxy-1.8.2
./configure
make install
Edit your tiny proxy config file: ( located in etc dir source code. You may want to copy this /etc filename: )
LogFile "<file location>"
PidFile "<file location>"
Add your IP address to config
Allow <your IP address>
Port 80
Run tiny proxy:
Configure your browser to use your new proxy.
Act like a smug prick because you now can watch ESPN 3 from any location, even if your ISP is too cheap to pay our ESPN overloards. (Will work for International douche bags as well!)
EDIT 1: Amazon EC2 provides 15 GB of transfer absolutely free. It's $.10 per extra gig. I've never hit the limit.
EDIT 2: Micro instance is free for 1 year. On-Demand Micro instances are .02 per hour after your free trial is up.
EDIT 3: You may need to allow inbound access to your chosen port. Click on Security Groups from the EC2 console and add your port. (Not sure if 80 is open by default. I've been using my instance for quite some time so I'm not sure what ports are there by default..)
EDIT 4: For Linux and Mac douche bags:
Quick Config
Start your ec2 instance
ssh -i <pem file> -D 5777 -f -N ec2-user@<your ec2 instance name>
Install FoxyProxy in Firefox
Set your host to localhost and your port to 5777 in Foxy Proxy.
And you are done.
Did you even read the comments? I'm not saying that I support protonmail (or any other proton services). But you can't trust everything that is online.
> protonmail: We've unfortunately had to deal with a lot of this recently. The issue is that we have turned the VPN industry upside down by providing a free service, and that is likely hurting profit margins across the entire sector so everybody is trying to hit ProtonVPN now. We just aren't very profit driven, and that's the type of competition that brings down prices (and profit margins).
> protonmail: ProtonMail team here. The above is not correct. ProtonVPN is developed and operated by ProtonMail. However, it exists as a separate legal entity for security reasons. This is to avoid ProtonMail getting banned in jurisdictions where VPNs are illegal. An example is China where ProtonVPN is banned, but ProtonMail is permitted. Had they been the same company, both would have been banned together. So from the legal standpoint, we put as much separation as possible between ProtonMail and ProtonVPN. Like ProtonMail, the ProtonVPN team is distributed, split between Geneva, Skopje, Vilnius, and San Francisco. Tesonet (one of the biggest IT firms in Vilnius) was previously used as outsourced HR before we incorporated our own entity in Vilnius. We have similar arrangements for our staff in San Francisco, Prague, and Skopje. The above poster's intentions are a bit suspect, given that he's the co-founder of PIA...
> Not really reddits fault though, I hope you realize that? Reddit was already a huge and known time waster when it only had messaging. Chat was surely just the straw that broke the camels back.
Most corporations probably use some sort of 3rd party filtering system in their firewall and whoever runs the categorizer bot had it recognize reddit as a chat service. This is kinda reddits fault because the chat runs on their main domain instead of a separate subdomain. If it did it would probably only categorize that subdomain as a chat service. I have a similar problem where I work, whatever service Zyxel uses has blocked imgur.
> Anyways we have bluecoat where I work too and since I'm a sysadmin I can't have it randomly block important blogs or forums that I'm trying to read so I've setup a number of ssh tunnels and manage them with the Firefox plugin FoxyProxy. That way FoxyProxy recognizes by the URL which proxy I need to use and sends me through that tunnel.
I do a similar thing, but I just use one SSH tunnel to my windows machine at home and then run a VPN over it. Has the advantage that it can work without ssh port forwarding which some firewalls can detect. But as a programmer or sysadmin nobody questions if you have random terminals open anyways.
> Improvise, adapt, overcome. Or quit your job.
As a sysadmin can't you just exclude yourself from the rules?
I doubt your friends ISP will notice unless hes downloading hundreds of GB to TB of stuff. My friend got a letter from his after getting tons of movies, but it was just a cease and desist letter first. I wouldn’t worry about it. Fuck how expensive text books are.
But if he wantsa good free VPN, just download ProtonVPN. It’s free and it’ll probably give him some peace of mind.
You should stick to these 5:
>ExpressVPN – As part of an investigation into a crime in Turkey, Turkish authorities demanded user information from ExpressVPN. ExpressVPN denied the data request because they did not have any logs to provide, and they also did not fall under Turkey’s legal jurisdiction (based in the British Virgin Islands). As a final attempt, Turkish authorities then raided the datacenter and seized ExpressVPN’s Turkey server – but they still were not able to obtain any logs or customer data.
>Perfect Privacy – Authorities in Rotterdam, Netherlands were attempting to obtain customer data and seized one of Perfect Privacy’s servers. They were not able to obtain any information and customer data remained secure.
>NordVPN – In November 2018 NordVPN released an audit that successfully verified their “no logs” claims. The audit was carried out by a reputable “Big 4” accounting firm and confirmed NordVPN’s claims and practices.
>VyprVPN – In order to transition to a no logs VPN service, VyprVPN underwent a full audit and consultation from Leviathan Security Group. They have successfully transitioned from a VPN service that kept connection logs to a fully-compliant and verified no logs VPN service, which was independently audited in November 2018.
>Private Internet Access – PIA’s no logs claims have been verified in two separate court cases – one in 2016 and another in 2018.
They all either have been audited or proven in court to be "log-free".
Later versions of ProtonVPN have resolved this issue and an update was rolled out to all users starting about a month ago. It is important to note that an attacker needs to already have access to your computer for this exploit to work, and it only impacts Windows users.
Yeah I was wondering what everyone was on about in the other post -- I'm absolutely thrilled with ProtonMail and it's easier than running my own server. It handles mail for me and that's the number one thing I need, it's already my daily driver (I do keep a GMail as a backup but all important mail flows to Proton now).
Night mode, advanced calendaring (well more than they already have implemented) and that other stuff is just icing on the cake for me. Maybe I'm too casual a user. I expect an email provider to mostly provide me access to my email.
Paid up for multiple years at this point (actually I need to go back and check, renewal might be coming up) -- very happy with ProtonMail as a service. ProtonVPN is a nice to have, I don't use ProtonDrive but might someday. I make do with +
aliases for most things, make proper aliases the other times.
I almost don't care what speed ProtonMail goes at as long as it's sustainable -- obviously they need to develop features fast enough to entice and keep new users (not doing so is unsustainable if everyone churns), but they don't want to move too fast and grow beyond their means or introduce new bugs (also unsustainable).
ProtonVPN is free. Also, if they're blocking by IP it's not hard to get another without VPN. Use wifi at different places, new IPs everywhere you go. Turn your phone off for maybe 10 min. There is a chance your IP will be released to another subscriber and you'll grab a new one.
If you're at home, you could turn off your cable modem or whatever you have. Though I've found that most ISPs will preserve your IP for quite a while.
ProtonVPN. Based in Switzerland and no logging. They have a free version with reduced speeds and no torrenting that’s subsidized by the paid users, not paid for with your personal data because they’re not a data company. Their email client is end to end encrypted by default.
Also the vpn client is open source and has passed security audits.
I of course recommend checking out ProtonVPN :)
But more importantly, I recommend understanding what a VPN can or can't defend you against. As with any tool, understanding the threat model is the most important part:
It is. The privacy was the whole draw for me and now they’re no better than any other mail service. I was looking to switch to their VPN when my service expired but I definitely don’t trust their no logs policy. “We at ProtonVPN value our customers’ privacy and keep zero logs… until we are court ordered to provide them.”
I’ll put in a plug for ProtonVPN and ProtonMail.
If you don’t have a ProtonMail account, get one. Stop allowing your ISP, Yahoo, Google, or Microsoft to read your mail. ProtonMail is based in Switzerland and must follow Swiss privacy laws. Their entry level accounts are free.
Protonmail it's becoming the trendy and secure alternative to Gmail, at the moment they have a super secure e-mail services compatible with PGP and a great VPN service called ProtonVPN, however they are also creating a whole world of services like calendar, agenda, and so on... Soon they will completely replace Google services.
I'm using it and I'm happy with.
It costs a little extra, but if you use a smart DNS like Unlocator, you can get around the blackout restrictions on (and other sites, like the BBC).
But yeah, the best option would be to let us just pay them to watch the games.
You can use ProtonVPN, its pretty good even with the free tier, and has recently announced a GUI client for Linux as well. Also, as its made by the people behind ProtonMail, so it can be trusted as well as the same ProtonMail account can be used
Andy, how are you able to operate protonmail within mainland China without blocking from censors? Every single encrypted email service like tutanota is blocked in China but Protonmail works! Even ProtonVPN is blocked, but works like a charm. (Hopefully not a CCP sponsored charm.)
Do you have mainland Chinese servers that handle protonmail email and do you cooperate with Chinese authorities in any way?
ProtonVPN does not. It is owned by Proton Technologies AG, who also make ProtonMail, and E2E Encrypted Email with a 3FA. In addition, there are many paid options for ProtonVPN. The free version of ProtonVPN is more or less an endless trial that you have until you wish to upgrade.
The sheer number of affiliated Nord VPN links on each and every VPN review has always made me very cautious about NordVPN. Can't say I'm surprised.
Edit : just noticed ProtonVPN is in the picture too. That was spoken on the hacker news a few weeks ago. I have to say, this one surprised me quite a bit. The one who accused them were competitors (PIA).
EDIT : Protonmail has responded but their response is being downvoted. Which is strange. Here it is in full :
"Hi, ProtonMail team here. We have responded previously to this, it's a smear campaign being run against us by Private Internet Access since ProtonVPN is competing with them.
You can find our response here: "
I don't believe for one second that any of these apps' no-log policy is true. I read that no VPN with a single lifetime purchase should be trusted, and that makes sense to me (unless it's something like ProtonVPN which has been extensively reviewed, I guess).
Without watching the video, total anonymity is very hard and probably not necessary.
Yes you can be tracked by your cell tower and your WiFi, but what's the point of a phone if you don't use the internet or cellular towers? Just get a GPD MicroPC
In my opinion, most people don't need to do this. If you're hiding from a specific ISP, just switch to a different one or use a VPN all the time (ProtonVPN is the only fully private free VPN, although it's slower). If you're hiding from the government, stay offline entirely. If you're hiding from corporations (in this case Google, though feel free to move your question to r/privacy for more general help), a degoogled Android is plenty. Avoid apps that ping google servers for ads, maps, or searching backends and you'll be fine. You can even install personal proxies (netguard) to drop any connections to google before it hits them. It'll completely shut down several things, but that's the point.
I'm not sure how far you are into trying to degoogle, but the place to start is F-Droid. I can't recommend Graphene or CalyxOS because I haven't used either one, but either way, you'll want to grab F-Droid because that is how you'll use your phone without being tracked.
I am subscribed to ProtonMail Plus and ProtonVPN Plus. I am really disappointed by what I pay for and what I get. Having lots of problems with the clients, ProtonVPN Speed often is horrible and/or doesn’t work so I have to use Windscribe. The development of ProtonMail is extremely slow considering the amount they charge for it. It does not even have a real iPad App with Columns!
If everything would work at least... but for now I just wish I could get my money back :(
Pretty accurate tbh. I use ProtonMail and ProtonVPN (when I'm at school just for bypassing site blocking) and it works fantastic. I've read through their privacy policies and it's very straight forward.
Mozilla recently announced they're partnering with ProtonVPN
I'm guessing these other VPNs are pushing their services now before ProtonVPN corners the market with a boost from Mozilla.
Tutanota is a lot better than Protonmail.
There are some downsides but they have a great dev team who are working on things as well as great support.
They are all actually in the country we claim that they are in, and you can actually verify that by checking the ping times and running traceroutes.
For example, our servers in Iceland actually are in Iceland, they are physical servers we own, on a network we control, running our own IP addresses, and our own dedicated connection to the underwater fiber operators.
This is part of the reason why ProtonVPN tends to be more expensive than other VPN services. We have significantly higher fixed costs from the way that we run our infrastructure (in top of the costs of supporting free users).
> Care to point me to a positive review lol?
And miss out on his wonderful journey of tech hassles and shady marketing practices? Oh okay.
Spoiler alert:
Review
VikingVPN Review
I use ProtonVPN and I'm pretty satisfied. They do have an app for android but you can also download OpenVPN configs and use them. It's also free if you can't/don't want to pay for their service. Check out /r/ProtonVPN for more information.
If you have Chrome it's easy-peasy (I believe Firefox also). Get the extension FoxyProxy and then get yourself a list of some of some proxies and just pick a U.K. one. I've got a Macbook and am watching track cycling as we speak. I'm amazed at BBC's iPlayer, it has a phenomenal interface.
There has not been any official comment, but I don't think there really needs to be an official comment. It's quite clear from the article that it's not applicable in ProtonVPN's case. As long as encryption is used, there's no way to really know who's traffic is who's because of the sheer size of ProtonVPN servers. Most servers have thousands or even more users connected at once, and thus, any sort of traffic correlation attack is incredibly difficult. This is because ProtonVPN servers function as an opaque box (I am assuming PVPN servers are uncompromised), and thus even if both the input and the output are watched, it is unlikely that one can correlate in and out traffic when thousands are doing pretty similar things. ProtonVPN also has some neat tricks up its sleeve, since servers often don't have the same exit IP as the ingress IP, and sometimes even have multiple exit IPs. The VPN accelerator (which uses a split-TCP proxy) even further obscures this attack, since there is no longer any guarentee that any TCP packet that goes in comes out the same. However, it is true that if you make your traffic unique in some way (such as doing illegal activities: portscanning, web crawling etc), then your traffic will stand out and will likely be able to be tracable with netflow data.
Yet ProtonMail has an eerily close relationship (formerly shared offices; formerly shared staff) with a major data mining organization (Tesonet). They even used Tesonet signing keys for one of their android apps.
To be fair - the ProtonMail and Tesonet people responded to such claims on reddit, and their recruiting pages emphasize machine learning.
But in any case, you probably want some privacy protecting anonymization layer (tor, and cash payments) between you and Proton*.
So how's this going to compare to ProtonVPN? I've seen people say that Proton is trustworthy despite being free because their free tier is supported by the paid tier and other paid products they have.
Is this similar?
Don't use any Facebook related services, like Whatsapp, Instagram, Oculus Store... But Facebook is not the only one, do you trust Google? Microsoft? Apple? Amazon? Most of them probably exchange data between their database anyway. If you try to avoid them it's nearly impossible to have a digital life.
The best is to use multiple fake accounts, give as few personal info in them and split your contact on these accounts (one for family, one for close friend, others type of contacts should not be on social media anyway). Don't forget to backup everything you can and don't hesitate to start from scratch from time to time and delete as much old posts, upload and whole accounts. But don't use one or two accounts then one day get new ones and reset everything 1:1, you have to progressively migrate from one to another.
Offer to use other platforms, at least your close family or close friends could accept to use Wire, Signal, XMPP OMEMO, , ...
Connect as much as possible using tor or various VPN (also consider VPN with Tor output like ProtonVPN offer but it's expensive).
Use uBlock and other tools as you said to block as much tracker as possible. Use a clean browser that leak as few data as possible (very hard in practical).
Others would recommend more or differently but in any case it's a really hard and constant work to minimize your trails and it's never 100% efficient, plus your contacts might not follow you and you might lost them sometimes because they are not up to date or just don't care doing the efforts.
I'm not doing all of this and I already put a lot of effort into it, so you have to judge how much invested you might go but in my point of view being aware of what you do and what you share is the first and most important step.
why not just use a 3rd party like PIA or ProtonVPN? What reason would it need to be bundled with your browser. Unless you want a free VPN. You dont get a free VPN and privacy, you have to pick one. VPN servers are expensive so you cant expect them to provide it out of the kindness of their own heart. The only way 'free' VPN's make money is by using your data for profit. ProtonVPN has free servers but those dont allow torrents/tor and are essentially a trial, although they dont limit your time.
I like how transparent ProtonVPN is. Proton took a step forward and explained the situation, not to mention that they always communicate a lot with their users - they did not ignore the claims, they took them head on. I suggest checking out what Proton themselves have to say about the whole situation before pointing fingers and making more false claims -
Hi, I’m someone who is deep in the privacy topic and I can recommend NordVPN or ProtonVPN to you. You SHOULD NOT use ExpressVPN, because it is based in the 14 Eyes.
The 14 Eyes are a Alliance of Countries that share data and if your VPN Provider is based there, it’s not safe to use and there need to keep logs, protocols, and all the stuff you initially didn’t want someone to have!
So, even if you have to pay for the service, please use one of these two or an Open Source Alternative NOT based in the 14 Eyes.
If you are not careful this can be a double edged sword. VPN providers can see your traffic just as easily as the patrons sitting next to you while using the cafe wireless. You need to trust your VPN provider - do your research before going for something cheap and easy just because it came up first in your search results.
For any who ask, I use ProtonVPN. I've also heard good things about Nord VPN. And there is always Tor for the perpetually paranoid.
^^ This is the best advice ^^. Don't waste the resources you have with unnecessary bloat... unless you want to!
Ok, now disregarding everything I just said, here is my list: 1password
2Do
Affinity Photo
App Cleaner
Be Focused Pro (college student)
DaisyDisk
Day One
Fantastical 2 (just release calendars 5 already!)
Firefox nightly
galaxy client
keka
lighting (for LifX Bulbs)
MS Office (nothing beats it, shit)
OmniOutliner
Onyx
PDF Expert
Plex
Relisten (connects to )
Spark (replaced mail but totally didn't need to)
Steam
Taurine
Transmission
Tunnelblick (for use with ProtonVPN)
Ulysses (redundant, i know, but i love it!)
Vox (because fuck itunes)
xACT (because .flac files)
Xld (because .flac files)
None are necessary, most are redundant, but all do a better and worse job than the stock apps. Its all about finding whatever works for you.
edit Haazah!
ProtonVPN is a free VPN, just connect to netherlands and you can go ahead and spin away! I'm from poland too. It's odd how I, 25, can't spin for free for a guaranteed, well, something in a cide game, but I can go to any major city and go to a literal gambling house.
As a person living in India under an oppressive government, both Protonmail and ProtonVPN are useful but regrettably extremely expensive services for us. I would love to pay for a lower tier with enhanced services than their free versions, but it's quite impossible at their current rates, thereby excluding an entire continent of customers.
ProtonVPN stood out to me for their in-depth Reddit posts. This comment in particular made me feel like they were a good choice.
Cloudflare's app does not protect all of your traffic - it only intercepts DNS queries and then sends them (encrypted) to their own DNS servers (i.e.: 1.1.1.1). This would be like comparing apples to oranges. ProtonVPN encrypts all traffic (protecting it from wireless snoopers, ISP, mobile network provider), while Cloudflare only encrypts DNS queries and sends everything else (HTTP, SNI requests, etc.) in the clear.
This is one of the dumbest things I’ve read in awhile, although there seems to have been an influx of shit posts here recently.
Of course ProtonVPN has a rough idea of how much load their servers are under and no, that has no privacy implications whatsoever.
edit: Looks like OP ninja-edited this post to phrase it more like an honest question instead of a false accusation, however I’m confused by the clickbait FUD title if this was just an honest misunderstanding.
Using a VPN is not hidden at all. Any network device between your device, and the VPN can see 'this traffic is using a VPN. And then they can look at the IP address of the VPN and figure out, that is owned by ProtonVPN.
Deep packet inspection is just reading the entire contents of a packet. Since you are using a VPN, the data (the text you typed, email, image you are looking at) is encrypted, so even if someone looks at the packet, the data remains indecipherable. Some information is still plain text, that is so network devices can send the packet to its destination correctly.
If you would like to know, can they figure out if you are using BitTorrent, yes, over time they could do some packet analysis and build-up a profile of what torrent data appears like, and be quite confident you are using torrent, but they would not know if it was a Linux ISO or pirated material. Same with any other protocol, if you are browsing, that is a very obvious profile. Think about what happens when you visit a page, it downloads the HTML file, then it gets all the graphics, and the scripts and everything that makes the page, then it stops. Then 30 seconds later (when you click a link), it does it again. If you saw traffic like that, it would be a good guess to say those packets are web browsing, but still, they couldn't know what page or what you clicked on.
ProtonVPN has a shady history in that they used to work together / share infrastructure with TesoNet, a Lithuanian data mining company. TesoNet even had the signing keys to ProtonVPNs Android app for a while. And the guy who runs TesoNet also runs NordVPN. Shady as fuck. I recommend sticking to either Mulvad, TorGuard or Private Internet Access and avoiding anything connected to TesoNet/NordVPN.
> For ProtonVPN while only launching a new version (mainly cosmetic) of the ProtonMail web version & calendar & drive “betas” and only for the web & Android (calendar only)! It’s been months since they’ve been “testing” a calendar iOS app. The calendar beta in particular has felt just like it’s taking an eternity.
I think you should inform yourself a bit further before posting such claims.
v4 is not only mainly cosmetic, it has been completely rebuild from the ground, includes single sign on for proton services, persistent logins, subfolders, calendar integration.
Additionally since then they released the attachement reminder and started to release the encrypted search.
This is all very far from mainly cosmetics.
My general starting advice for noobs is Startpage for searches, Brave in private mode only as a browser, the only free VPN I'd recommend in one device only ProtonVPN and O&O Shutup10 for Windows and links to some privacy websites/forums including this one.
Let's face it. It's really hard to get people started. They 1) don't really care about privacy and 2) are not tech savvy enough to understand even the basics. I prefer DDG and hardened Firefox, but most are coming from a Google ecosystem. Brave means no new UI to learn or tweaking to do with a browser and Startpage is close to Google search. My GF hated DDG but is fine with Startpage. Loves the ads being blocked by Brave out of the box. That's all she needed to like it. Has no idea what 3rd party cookies and fingerprinting are, but they are blocked well enough. Hardened Firefox would be better, but baby steps are needed with your average person. Tor will be considered too slow while it breaks sites plus a new UI for noobs. And no average person is going to make a switch to Linux unless they really get into privacy, and that will take a year or two.
If they get these four down and show an interest, migrate to Firefox, Signal for talk text with me (and hopefully get others into it) and Protonmail for email. I get Tuta offers twice as much free storage and is much cheaper when you reach a gig and leaves less metadata (for instance, it encrypts subject field), but if you make a full switch to an e2e email, I have more confidence in PM staying in business long run. Tuta will probably be fine, though.
This article is a bunch of fake news, misinformation and guess without any clues that only lead people to believe about a situation that is not at all as they described.
Fake news include Nord/Tesonet being the true owner of ProtonVPN (which has been denied by Proton and clarified one the how and why there is a link between Proton and Tesonet, which has nothing to do with the later owning the former but only a pure service-contract between both companies).
Another is the idea that Mozilla might buy Proton, which is a pure assumption based on no facts and which goes totally against the communication and values of Proton Technologies as well as the real situation of both entities (there is only a partnership between both companies as they both defends privacy).
I did not read everything but I am sure there are more fake news in this article.
It seems quite probable that you work for PIA (Private Internet Access) who is responsible for this smear campaign. All your posts are attacking ProtonVPN and only about this issue. These shady business practices really say a lot more about PIA than it does about Proton.
To be absolutely clear, ProtonVPN does not use any servers from Tesonet, and has never used any servers from Tesonet. It may have been previously offered or considered, but it never happened. There is no contradiction in what we have stated.
You can in fact confirm this yourself, as this is publicly verifiable. Just go through the list of ProtonVPN servers and check who the providers are.
We don't view Tesonet as really different from any other vendor such as Radix or LeaseWeb, in the sense that it is not possible to achieve full trust. That's precisely why we have Secure Core VPN:
It's registered by a company called Perfect Privacy that allows people to own domains through them without having to publish their information to the WHOIS database. It's possible wizards started using them when securing websites for upcoming products since historically product names would first be discovered by new wizards domain registrations or trademark filings, but could easily be someone else taking the name.
Hhahahaha nice joke, great root backdoor, great security.
How do we know you or github doesn't change the script that you install as root without even checking a hash of the file?
No.
Get a dedicated VPN. VPN "addons" are pretty much always super shady.
Mozilla is partnering with ProtonVPN (which also have a free option with limited server selection but no other restrictions, possibly the only non-shady free VPN offering) so if you are looking for something it might be a good starting point.
Disclaimer: I am personally a ProtonVPN customer, my mention of it is not supposed to be a recommendation based on their actual service but rather due to their partnership with Mozilla. I am not being paid or otherwise rewarded by ProtonVPN for mentioning them here, always do your own research before trusting your traffic to any internet service provider.
Because pal, a logless VPN is a single point of failure. In a secure design, you never want a single point of failure if you can avoid it. A Tor connection creates three; or in other words, to catch you, three separate servers, all in different countries, would all have to simultaneously agree to log you and share your information with each other and more importantly the end authority. If even one link refuses, they can't trace you. Furthermore, Tor servers don't log requests to try to prevent abuse; since it's an open network, and not a commercial enterprise, the Tor network doesn't need to keep temporary logs to detect that. You'll find a lot of logless VPNs do that in the fine print, like for example, I believe ProtonVPN does to prevent abuse of its free plus trial with new protonmail accounts.
>Please do some research before you end up like this kid in the article.
Look buddy, you're not going to bullshit your way past me. I don't want to risk sounding rude or mean, I really don't, but you're either severely misinformed, or way out of your depth. Or perhaps both.
We do these sales in order to accumulate the resources to build new services. For example, something like ProtonVPN requires a lot of capital investment (e.g. losses) for many months, before we can start to generate revenue from it and fill in the hole it created in our balance sheet.
When more people pre-pay for services (whether it's 2-year plans, or Lifetime plans), this gives us a cash surplus to absorb many bruising months of losses in the runup to a new product launch, in the period before the new product can pay for itself. In this case, we are using the proceeds from this promotion to partially cover the "hole" ProtonDrive will create in our balance sheet.
We believe it's good for the community too. Long time users can benefit from discounts/savings, while simultaneously enabling us to make the product they have invested in better.
>Offering paid services
this has nothing to do with FF market share, besides, people already have their own favorite privacy VPN like ProtonVPN while Mozilla VPN is only available in 8 countries with the same if not better price.
Basically don't be a tard. As long as you don't visit .tor sites that are normally hidden that you would never casually just stumble across, you won't encounter viruses any more than normal browsing.
Download TOR, download a good VPN (you will have to pay, but remember, if it's free, you lay with your data. I recommend ProtonMail as well as ProtonVPN but do your research), and go from there. There are more steps you can do to ensure your privacy but I'm not gonna do that here.
If you wanna visit sketchy parts of the internet, look up how to, plenty of youtube videos in how to do it and be safe.
Also, lie when you post shit online people. You aren't hurting anyone and it's a pretty easy step to take. I'm probably 3 different races, 5 sexualities, have 20 different animals and live in 6 locations. The one time you should lie is online to keep yourself safe.
I think it would be great if someone compiled a list of Free and Paid VPNs for people here. I know of only Nord and ProtonVPN, is it okay to take the free plan or would you guys recommend the paid plan?
Thanks for this amazing feedback, it means a lot to us! We have really tried to take a different approach to building a VPN service, one that puts security and users above profits. Unlike a lot of other companies, we do NOT try to monetize the free version through ads or selling user browsing data. For us, ProtonVPN's free version is not a loss center, but instead an essential part of our mission to make privacy tools accessible to all.
We can also comment briefly on this:
> It's a crime how seldom this product is included in 'professional tests and reviews'.
This is actually not due to the age of the product as one other commenter mentioned, but more due to our ethics as a company.
One dirty secret of the VPN industry that we discovered is that almost all "professional tests and reviews" are actually paid reviews. In other words, if you want to be "Editor's choice" or number 1 pick on sites like PCMag or CNET, you don't have to actually be the best VPN in terms of security or privacy, you just have to be the service willing to pay the most $$ for the review and placement.
95% of VPN reviews out there are either paid affiliates or placements. This is simply a practice that doesn't quite meet our ethical standards, and even though this puts us at a competitive disadvantage, this is something that we would like to avoid compromising on for as long as we can.
As a result, most real ProtonVPN reviews (there are fake ones out there) are of a different variety. They are made by real users, normal people who many times are actually more knowledgeable than the "professional" reviewer who is paid to print what other VPN companies request.
You can actually find a list of ProtonVPN reviews here:
They do exist, but they have a much more homemade feeling, because well, most of them ARE homemade, and we think that's actually a strength and something great about the Proton user community which we serve :)
Lelki szemeim elott latom a holland szolgaltato fejet, amikor megkeresi a NERes szolga, hogy torolje mar a gazdat kompromittalo tartalmat... A ProtonVPN-nek egyebkent pont egy amsterdami serveren is van ingyenes szolgaltatasa, de en se akarok otleteket adni.
Good post and captures my thoughts as well. I've been a paid ProtonMail user since the beginning and have enough credits in my account to keep it paid for at least another five years. That said, my confidence in PM has dropped gradually over the years to the point I no longer rely on this service and definitely no longer recommend the paid service to anyone.
PM is by far the slowest development cycle of any product I use. The team always hides behind the "encryption is hard" excuse for not releasing new features, but I think we all know that's just an excuse at this point. It's not hard to implement basic features, such as notification sync across devices. Every multi-device app you use likely has this basic feature, except PM. I remember when PM released ProtonVPN and charged top dollar for a slow, buggy VPN. It took a solid year before the product was worth even half the price of what they were charging. The free users praised them and loved it, of course, but the paid users were the ones paying for an expensive product that did not work well. That's always been the case with ProtonMail - the paying users support the free users.
The bottom line is that PM does not have good product management and they have either not recruited industry talent or their management team is stifling productivity. They have a lot of staff and have stated that revenue is not a problem. Then what is causing the slow development cycle? It seems to me at this point they need to turn over some of the management by removing the scientists from CERN and bringing in industry talent who have experience managing large-scale software products.
Why do you seem reluctant to just use ProtonMail? I’ve been using ProtonMail for two years and am not going back! It’s a great service.
I pay $9.60/month for ProtonMail Professional with 10 addresses and ProtonVPN. They give you 1 extra GB and 1 extra VPN connection for every year you have been a paid subscriber and occasionally they gift extra storage.
I often hear the phrase “that’s steep just for e-mail”... well, your e-mail contains very personal details lf your life. Your purchase receipts, services you use, contacts, etc. I can tell a lot about who you are as a person if I had access to your inbox.
"The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others."
"The flaw works because Internet Explorer and Edge (on Windows 10) allow a user to access local network shares but don't fully block connections to remote shares."
"Perfect Privacy, a virtual private networking (VPN) provider, said in a blog post that VPN connections are also affected."
"The group set up a proof-of-exploit page."
"Chrome and Firefox users aren't affected."
ProtonMail did that, ProtonVPN is registered as a separate Company and unlike ProtonMail, they cant be forced to give out user data by law because jurisdictions for VPNs is not the same as for mail providers.
Worth noting is that this happened before they were bought by the Israeli company so their no log claims need to be tested again for this to be valid.
It seems like VPN service [ie. ProtonVPN] under Swiss law can't be forced to collect information.
Basically I'm following the thread "Cutting Google out of your life (2019)" So til now: - Firefox with duckduckgo + privacy modules - Protonmail and tutanota (still keeping the gmail one for my current work unfortunately) - Using ProtonVPN - On my android phone:using Netguard, Blokada, Duckduckgo - Deleted my main Instagram account. Still have another one for my photography business.. Not sure how to proceed with that And I'm actively looking for an alternative to google maps, I use it quite a lot :(
I'm currently on an internship abroad but when I'm back in my country, I'll switch to Linux and try to find something else for my phone
One dude in a dolphin onesie? Rest assured, there’s a whole team of us. u/atomlib_com
_demand_protonvpn_team_or_at_least_one_member_of/
George Duke-Cohan wasn't arrested because he used ProtonVPN. He was arrested because he was a criminal and because he left clues that were easily uncovered by infosec professionals. Even if we had it (we don't), IP data wouldn't have been necessary to find him.
If anything, the fact that he felt comfortable using ProtonVPN while DDoS'ing ProtonMail probably attests to our reputation of always sticking with our principles. We could have logged his IP, but we didn't. If the US decides to indict him, the indictment will contain information about how he was discovered, and it would show conclusively that it wasn't because of ProtonVPN logging his IP. If we did log his IP, it would have taken a day instead of a month to find him.
A lot of this is just not true. NordVPN and HolaVPN probably are Tesonet and are both unforgivably sketchy but the only reason ProtonVPN got lumped in is because Darius Bereika incorporated a subsidiary location in that country. This is common for companies to hire local experts with big resources to do this. He is not the director of ProtonVPN. It's an unhappy coincidence that ProtonVPN had their android app made by a freelance developer who signed using the wrong keys. It's also being fixed. Google does not allow apps to change this once it's done. ProtonVPN is not alone in this, lots of other apps (even high profile games) are signed by developers with keys from their old companies even.
That's the entirety of the link and this has been proven independently. Go on hackernews and you can see basically everyone thinks this whole link even got established by PIA as a smear campaign against Proton because their free VPN has been eating away at their subscribers who only use a VPN casually. Also the guy that "blew the whistle" is a cofounder of PIA and is routinely chastised for not knowing wtf he's talking about when it comes to netsec. Anyone who knows what their talking about knows this Proton link is bull. I feel bad for those folks getting lumped into this crap. I will continue to use Proton and support them whenever I can. Boycott PIA.
tl:dr - Don't use Nord or Hola, and don't use PIA out of principle. Proton is okay.
Proton team here. If you saw the other thread, you have probably also seen our previous comments about this topic:
_is_protonvpn_on_the_vpn_comparison_chart_of/djdqvrp/
The choice presented to us by TOPG comes down to the following.
It's not a good choice. But given this choice, we prefer to be transparent and honest, so we picked the second option.
Unlocator (the paid service) is safe from this, it's really just the "free" public VPN that causes issues.
Unlocator opens up DNS routing to a specified location based on your own IP, but doesn't funnel traffic through your own IP.
>Has loyal customer base.
​
>Creates promo and makes loyal customer base ineligible.
​
>Posts promo in subreddit where ineligible loyal customer base will see it.
​
ProtonVPN (probably): That aughta fix that.