[SlowRobotAhead]

I lost a lot of faith in Proton when I learned how much funding they took from the EU. It just runs entirely counter to evidence we’ve seen of Snowden, 5eyes/14eyes, and other programs that the EU truly wants end to end encrypted comms for people.

Am I wrong to be skeptical?

Edit: oh apparently I’m wrong to even suggest something we have other examples of

[Youden]

I disagree with much of your comment:

> I lost a lot of faith in Proton when I learned how much funding they took from the EU.

Unless the origins of the money are unethical (e.g. blood money), it's not where it comes from that matters, it's what's done with it. I haven't seen any misconduct from ProtonMail and the EU's motivations for giving the money seem to be economic, which makes a lot of sense. They want competitive EU tech companies.

> It just runs entirely counter to evidence we’ve seen of Snowden, 5eyes/14eyes, and other programs that the EU truly wants end to end encrypted comms for people.

The EU is not a member of the 5 eyes nor 14 eyes, some of its member states are. The EU is composed of 28 member states, so not even half are participants in those groups.

Even if the EU were a member of the 5 eyes, the EU is not a monolithic entity. The SIGINT arm of the EU (if such a thing exists) may very well oppose end to end encryption while the economic arm promotes it. The same is true in the US, where the NSA attempts to break encryption while the Department of State funds Tor development.

[vabmit]

Possibly. There is very little to no private funding for true privacy products. I think this is one of the reasons that Proton had to initially rely on crowdfunding. Perhaps, this is because so many tech companies are stuck in the AdRev mindset where sharing customer private data is how they make their real money? If you look at the ecosystem, you see many privacy products are actually government supported either directly or indirectly. For example, the Tor Project has directly taken massive amounts of funding from the US Military and you may recall the story of how Microsoft was forced to buy Skype in order to open it up to surveillance or lose massive amounts US DoD software license contracts. Those are just two examples. But, there are really limitless cases. Trust Google? But, Google receives massive DoD/EU contracts. Apple? Same thing. Role your own? But, nearly all standard encryption and hashing algorithms were either developed by or reviewed by government funded academic researchers in the US or EU.

The way I think of the privacy ecosystem is that it makes dragnet surveillance much harder and it provides some protection if the government has specifically targeted you for data collection. So, companies/products like ProtonMail and ProtonVPN are good things. But, creating something that is 100% safe for the individual is impossible (or at best so impractical to be untenable).

[elliotec]

They have a grand total of $4.8MM in funding, and €2MM came from an EU grant. Hardly even a modest sum considering the tech funding climate these days.

The EU is one of the most privacy-conscious government entities on Earth right now, and it needs to be noted that ProtonMail is located entirely within Switzerland, an even more privacy-conscious state that is not a member of the EU.

[leetcrew]

you could say the same thing about tor, which was originally developed by the us military. it could be a long-term honeypot with backdoors, or it could be that giving it to the general public makes it more useful for state-sponsored clandestine operations. hard to say, really.

[SlowRobotAhead]

You could say that, but it would be fundamentally misunderstanding why the US Government needs TOR users.

There is no extra safe guards to encrypted email that lives on a server the more users you add. It doesn't matter. It was a point to point transfer once. All emails are SSL/TLS sent anyhow.

TOR is a different thing. It's active user browsing. If only US spies (example) used TOR, it would be pretty damn obvious what they were doing or at least show that this was vital traffic to inercept. But add in millions of normal users and it's much easier to keep your nefarious deeds hidden by just blending in with the crowd.