[pcb-rework]

Proton suffers from the Lavabit problem but worse, it pretends to offer security and freedom when it does neither and acts as a tool of foreign governments to abuse individuals. Use your own GPG keys and better clients, preferably with self-hosting in Iceland or Sweden.

[cpach]

For truly sensitive communication, it’s better to use Signal: https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

[pcb-rework]

You're a fool if you believe handing over metadata like your personal phone number so you can be tracked is an improvement. That's not email and not a replacement for GPG, something that actually works properly. Session is a superior app for text replacement. I think you need to find new blogs that don't offer crap advice.

[cpach]

What kind of threat model do you operate under where Signal Technology Foundation knowing (one of) your phone numbers is a large risk?

[gertop]

The fact that signal knows my phone number doesn't bother me.

The fact that anyone who knows my phone number can know that I use signal does bother me.

[palata]

Settings > Privacy > Phone number has two options:

- "Who can see my number". If you choose "Nobody", then your phone number will not be visible to anyone unless they have it saved in their phone's contacts.

- "Who can find me by number". If you choose "Nobody", then nobody will be able to see you're on Signal unless you message them or have an existing chat with them.

[cpach]

May I ask why you’re bothered by this fact?

[Ylpertnodi]

[Not op] People (newbs) join signal and it shows I'm on. So they message me "hi!". If I wanted whatsapp etc chats, I'd be on them, but signal is for my real friends, and essential contacts. I chose for several reasons, and being visible on everyone's list is not one of them.

[roastedpeacock]

Session started as a fork of the Signal client/server to use identifiers that are not phone numbers (perfectly sensible) but having deviated from the known primitives of the Signal protocol and omitting PFS gives me pause.

[akimbostrawman]

Session was the go to couple years ago but now SimpleX chat is imo superior with proper PFS even quantum resistent and better UX.

[roastedpeacock]

And how is the situation with desktop clients? Last I saw the situation was not exactly great.

[akimbostrawman]

no problem so far

[palata]

And now Signal allows you to use identifiers that are not phone numbers (except for your registration to the server).

[midenginedcoupe]

They resisted this change for years, but eventually gave in and fixed it. You no longer need to hand out your phone number.

https://signal.org/blog/phone-number-privacy-usernames/

[palata]

> They resisted this change for years, but eventually gave in and fixed it.

I believe that one big reason for that is that it was not trivial to get with the quality they wanted. I respect the fact that they "resisted" instead of just adding some bad implementation for the sake of it.

[cpach]

Nitpick: AFAIK, revealing a phone number is required for registration. But it’s no longer required in order to communicate with other Signal users.

[palata]

There is no reason to tell people they are fools. Especially when you believe that email with PGP "actually works properly" w.r.t. metadata.

[justinclift]

You mean the company with a HQ in the US?

[_blk]

Protonmail is not Crypto AG. Swiss laws are great for that purpose and it's a nice island inside the EU. Also a few actual cases disclosed by Proton that show the workings when collaboration does indeed happen: "here's the encrypted data that we store. Good luck."

As long as you keep emailing within the Proton realm, there's not much risk of a data leak or foreign govt. intervention. Maybe a denial of service? Or why do you see this as a risk?

Personally I love that they explore more for businesses but as a full biz suite they're not quite there yet. Love their email and VPN though.

For extra email privacy you can still use proton on a separate domain or a subdomain https://bitcreed.us/bitblog/howto-protonmail-as-secure-whist...