ProtonDrive Security Model

I tried really hard to move to protonmail and detach from a Google ecosystem, but really struggled to import my existing emails (their import&#x2F;export tool was incredibly prone to breaking).<p>You&#x27;re also locking yourself into an ecosystem without open apis. If you want mail on your phone you have to use their client, if you want it on the computer you need to install the protonmail bridge (which seems to restart itself and overlay over the top of whatever you&#x27;re doing)<p>The apps don&#x27;t seem to behave well on MacOS either, something about how the windows are designed means that they won&#x27;t show up in the Mac cmd+tab switcher.<p>All this means that their security model is irrelevant to me, if I can&#x27;t do the basic things that I need to do.

The problem I have with ProtonMail or ProtonVPN is that they rely upon Neustar to handle all of their perimeter security, meaning that every single client that accesses their services will be inspected by Neustar, which IMO defeats the purpose. At the moment, I don&#x27;t trust Neustar, and presume they&#x27;re a US military contractor (located in Virginia).

Since the drive can be used to store and share docs related to sensitive topics such as covid, will this prevent it from being used in the Apple store unless they put filters into the app?

I went in hard with email security a year or so ago. In the end I decided it was a broken system if security is the goal. I signed up for Hey and have really been enjoying it. I keep any secure comms on more secure platforms like Signal or Telegram.

The killer feature here isn&#x27;t end-to-end encryption, other services offer that and you can trivially roll your own with rclone, but the flexibility to share files on your filestore with other users without compromising that E2E encryption. I haven&#x27;t seen anyone else offering that in a usable manner.<p>Pretty neat stuff. I hope they open-source it so I can self-host.

&gt;model prevents any attacker who gains access to one of our servers from...<p>If an attacker gains access to your server, they can just inject javascript to gain access to whatever they want on the client&#x27;s browser. I&#x27;m a big fan of Proton* products, and pay for a variety of their services.<p>However, I can&#x27;t really get behind this method of data storage. But, it is the best option I&#x27;ve seen for centralized file storage. Syncthing is what I currently use for distributed storage, and I share encrypted files over that. Anyone have a better idea?

I&#x27;m guessing the password is tacked onto the URL as a fragment, which browsers do not send to the server. But this means that it relies on the trust that browsers follow this requirement.

I simply can&#x27;t get around Proton&#x27;s pricing model. A lot of services already work with rclone, which has a crypt backend on top that encrypts everything stored in the cloud. With ProtonMail&#x27;s current Visionary plan, you get 40GB of storage for $30&#x2F;mo and with ProtonDrive it looks like you&#x27;d get maybe 140GB of storage for $30&#x2F;mo. G Suite is $12&#x2F;mo and you get unlimited storage. If you&#x27;re worried about security, you&#x27;d simply use GPG on top of IMAP or Mailvelope.

I like protonmail a lot, and I&#x27;m a happy paying customer. But, I&#x27;m a bit sad they&#x27;re rolling this out instead of improving their mail product. I don&#x27;t want a google drive replacement. I suspect other users probably do.<p>But, I don&#x27;t think people should generally be storing files in the cloud. And, I with Protonmail were finally finishing support for FIDO2 authentication rather than rolling out a cloud storage solution.

Never really had issues with Bridge and have been a professional subscriber for about 8 months. I got the subscription mainly to use my ProtonMail email address with Thunderbird instead of mail client on MacOS. I don’t agree with the “LAZY” way around getting a basic app install on Mac and p.c. Either way, I’m still a satisfied customer and haven’t had any issues with my emails and transfers.

If password is reset, protonmail says I will lose all my mails; Is it rational ?

uh huh, still waiting for that calendar.

For me the key feature(s) I want that Proton doesn&#x27;t have is the docs and spreadsheets. If you&#x27;re already on Google Suites&#x2F;apps it&#x27;s hard to move over without those.

I would _never_ trust anything *proton. They hide behind Swiss law but will cave to any serious American request for info.