The only open source mentioned in the post is their encryption. Not the document editing software. OP please remove your change to the article title, it’s extremely misleading.
Well, they’re not wrong. It is ‘open-source’, not Free Software.
Just tried it out with my proton account. Looks great! It’s very simple, but I also like that about it. And of course being private is wonderful.
How is it private?
Today we’re announcing a new end-to-end encrypted, collaborative document editor that puts your privacy first. Docs in Proton Drive are built on the same privacy and security principles as all our services, starting with end-to-end encryption. Docs let you collaborate in real time, leave comments, add photos, and store your files securely. Best of all, it’s all private — even keystrokes and cursor movements are encrypted.
Literally the second paragraph of the post (but I’m sure you haven’t read it, since you seem so busy replying to every comment here about how Proton is becoming Microsoft or something).
So sending a company your private key and trusting their servers to do E2E encryption despite them being able to modify their code whenever they feel like it to capture your password without encryption and masked in obfuscated JavaScript is now considered security? Wow, people really are gullible.
I agree with your general sentiment here (that such an arrangement is not trustworthy enough for me to feel completely private) but your delivery of said sentiment is really fucking rude, dude.
Even if it’s not secure enough for you or I to feel private, it likely exceeds the security necessary to satisfy most people’s threat models so they can not only feel private but objectively be more private than if they just used Google docs.
incremental or opportunistic privacy improvements are better than none, a fact that has seemed to be lost in elitist privacy circles these days.
Incremental in what way? There is an illusion of privacy. If that makes people feel good then sure, you increase your illusion of privacy.
Dude, you’ve made your point on virtually every comment on this thread. We get it, you don’t trust them. The world has given all of us every reason not to blindly trust this sort of thing. But I’ve done enough digging that I’M happy with the security, and the fact they’re not feeding my private content to the AI monster.
Please, for the love of the flying spaghetti monster, don’t keep spamming EVERYONE with the same 3 points you’ve already made elsewhere.
Open source ? Does that mean I can host my own ? Would it be compatible with other self hosted instance ?
EDIT: the only source code I found hasn’t been maintained for 3 years.
As I’ve slowly been expanding my homelab, NextCloud caught my attention. I haven’t tried it quite yet, but it might be closer to what you’re looking for.
Damn. Proton is doing a good job of stacking up W’s these days.
They act just like Microsoft. Lot’s of people think Microsoft is successful. If you think Microsoft is the champion of privacy though you might be in a cult.
I’ll tell you what. When proton ships a product that takes a screenshot of my desktop every 5 seconds and stores it in an unsecured DB any user on my computer can access, we’ll call them even.
Comparing proton with Microsoft like this is a joke.
Really? So Proton saying that they can’t open source the backend code to improve security isn’t something Microsoft would say as well? Proton sells statements, but they don’t back up those statements with proof.
Exposing their backend code to the public would be inviting bad actors to find loopholes in the logic. Your excuse for how they’re not secure is in fact one of their security features. No code is perfect, and you give enough people enough time to peruse through your software they’ll find a flaw to exploit. So they only provide their code to 3rd party audit companies they trust.
Sounds just like Microsoft to me.
They’re just too expensive. Like, sure, it costs money to run, but 3.49€/month (the discounted 24 month rate) for the mail only plan, 15 GB storage. (41.88€, $45.17 USD, $67.28 AUD per year)
That’s really expensive if you just want mail.
The other stuff, is also really expensive. To the point that makes you think, “there is no way google is making THIS much to make up the difference in advertising to me for a comparable plan”.
remember, it’s not just about making up the difference per user in advertising, it’s about getting and keeping as many people into their ecosystem as possible.
then they make some cash from selling data, and having more data to scrape to train their models and such. proton isnt making any off your data
it’d be great to be able to easily compare cost and expense, but companies obscure so much in the backend. rental car companies buy discounted in bulk, then sell the cars tens of thousands of miles later at a profit, and that’s before any income from rental
ooooh I love this. Proton is just winning constantly these days.
No they’re not. They can’t even finish a single solution, let alone actually make anything functional when you’re not using their proprietary servers. They’re becoming Microsoft.
They can’t finish a single solution
Gee, it’s almost as if that’s the whole point of an ever-evolving SaaS platform.
A SaaS solution that claims to be private but won’t provide the backend code to prove it. You don’t find it at all suspicious that they claim releasing backend code would make it less secure? What kind of security product is not open for inspection? The same kind of “security” you get from Microsoft.
Yeah because enterprises primarily use a ton of open source security tools…
ಠ_ಠ
Enterprises are using a plethora of open source tools at this point. They may still utilize closed source solutions, but they definitely have quite a bit of open source solutions tied in.
I imagine it probably is inspected, just not by the public. They probably do it themselves.
And they may have contracts with certain companies specializing in this sort of security that also inspect it.
And there’s also the cybersecurity companies that test it whether they’re contracted or not. At some companies, their entire job revolves around finding bugs (especially security bugs) in other companies’ software.
Just because it’s not on GitHub doesn’t mean it’s not a good product that hasn’t been thoroughly tested.
You realize that Microsoft code is inspected as well, even more heavily and regulated… and yet they still end up with major breaches. Security evolves through open source collaboration and inspection by experts that aren’t being paid to say you’re doing a good job.
Surely we’re not gullible enough to accept “we inspected ourselves and determined we are secure and you should use our services”?
Releasing unfinished products and expect users to just make do while they launch the next product can’t be the solution either.
Then it’s a good thing all of their products are fully functional and working as advertised, I guess.
Sure, whatever you want to belief :)
Which bits are not functional? I’m using their email and calendar… they aren’t completely polished, but they’re very usable.
Drive has no Linux client, Photos is extremely barebones and locks you basically in, as there is no export function.
Pass still has no proper SimpleLogin integration, no credit card support and UX wise is the browser extension pretty bad. Funny enough, years after launch you still can’t auto fill on Reddit.
The only thing I don’t like about Mail is that you still have to create reverse aliases through SimpleLogin. Better integration would be great.
Contacts still don’t sync to you local mobile contacts. Which means you either do it manually or you have to keep two sets updated.
Calendar is good too, I’ve heard it has no offline support though. Although I haven’t verified that.
Last thing I would like to see is notification support without Play Services.
Some of those things might be super unimportant to some, but for me it makes the use of their stuff unnecessary cumbersome. Especially if you consider that those are all Proton products and should work together well.
My by far biggest problem is their communication and general development speed though. Stuff like contact sync has been requested for 5(?) years now but there hasn’t been so much as a “we’re working on it”.
It feels to me they come out with new products all the time, like the document editor now, without addressing the little things that would make their ecosystem great.
Anyway, long ramble. But I appreciate that you asked for more details without insulting me.
A lot of people confuse open source with community driven/governed.
If things go awry, you’ll be locked-in, married to Proton.How do you mean? You’d just export your data.
Proton drive has export?