The new emerging hybrid model of non-profit foundations paired with for-profit businesses is certainly interesting, as it combines some "greater good" principles with the ability to build products and run businesses in a modern competitive market. I feel it may take some time to work out the details of these models. The biggest example we've seen is OpenAI, which, in my opinion, still hasn't solved this model and is torn between lucrative multibillion business opportunities and adherence to its founding principles.
> it combines some "greater good" principles with the ability to build products and run businesses in a modern competitive market
There's also the PBC (Public Benefit Corporation), which in addition to profit / shareholder value explicitly defines positive impact on society as a goal, and exists since 2010 in some states, while in others only since 2022 [1]. But as far as I understand there are no legal requirements or audits that ensure those goals are followed.
Kagi (the search engine, popular in the HN community and I'm a happy customer myself) is one example of a PBC [2].
The biggest (by quite a margin still) is the Novo Nordisk foundation, but it is not really a new one. And its setup is rather different compared to OpenAI.
I agree we'll need to work out the kinks, but the big difference is it's hard to see a path towards a gazillion $$$ upside for Proton, while with OpenAI it seemed inevitable. Maybe the AI/ML space will be perfect for a hybrid organization in 30-50 years?
While still working on lots of stuff in their portfolio, I’ve been extremely pleased with their entire portfolio. They just continue to improve and have become a viable competitor to Google in all but the photos area, and they are working on that.
I wish they'd have something more sensible for people that need a few inboxen at a domain. Having to pay full price for every new family member added to a family domain for instance is a bit too expensive for my tastes.
After Eich was ousted and formed Brave, Mozilla's C-suite are led by an ex-Kinsey person and are extracting all the wealth from the company in the form of massive executive bonuses.
They are now an "AI company" and Firefox isn't a concern anymore.
I expect Mozilla to die within the next few years and the web to become Chromium only, finally solving my chronic online-ness.
Yes. Though I'm having trouble imagining Tim Berners-Lee as an enforcer, able to keep a for-profit side in line, in a post-Altman boardroom.
(Whether it's slamming a rogue exec up against a pillar in a parking garage whilst cursing corrective instructions, or deploying his vast power to destroy his enemies from a distance, or whatever skills and resolve are required.)
Why aren't cooperative business models more common among software companies? Starting a software company typically doesn't require a large amount of capital, especially with open source projects where individual contributions can play a significant role. In these cases, a cooperative model could effectively distribute ownership among the contributors, essentially making them co-owners. This approach seems simpler than managing a hybrid of nonprofit and for-profit elements.
just because a VPN or exit node has been used before doesn't mean SMS is the best anti spam measure, I don't know what data you're operating on or what's better for that data, but it undermines the privacy aspect for an SMS prompt to ever be triggered
Since the title confused me: "nonprofit foundation model" = "a business model based on a non-profit foundation", not "a machine learning Foundation Model built on a non-profit basis".
By looking at the headline I thought Proton would be changing to become something like Mint Linux and not Ubuntu Linux. But then after reading the article, Proton looks more like Ubuntu with Canonical backing it.
Reminder that Proton is not "private". They have all the keys, and willingly operate in a jurisdiction where they bend over backwards for ridiculous court orders.
From their own transparency page:
Number of legal orders: 6,378
Contested orders: 407
Orders complied with: 5,971
They did this to expose protestors and people who upset the powers that be, rarely real criminals.
They could choose to operate in a country that respects rights and design their tech so that there's nothing valuable to hand over. This is what Mullvad did.
*Edit: HN has been overwhelmed with poor quality users and bots growing in the last few years. Same as reddit there are paid services used to manipulate voting. HN needs to migrate away from this in order for real discussions to return.
You should back up your claim of "they have all the keys", because for things like email and file contents they claim they cannot decrypt them because they do not have those keys (which you have said they do).
This is pretty inaccurate. Proton's E2EE works by encrypting client side, and we can't just replace the GPG key because we have both key pinning and key transparency: https://proton.me/support/key-transparency
Proton does not claim no logs and has never claimed no logs. We do not retain logs by default, but our privacy policy has always been clear that we are legally obligated to follow Swiss court orders, which can ask for IP logging on specific accounts.
Listen, if you don’t trust their ProtonDrive - GPG encrypt before uploading. If you don’t trust their email, GPG your message and paste it in or include as an attachment. There are a lot of ways to be able to use proton without trusting them… and if you are an activist of any sort, like just stop oil or cnd, then I am sure they will be doing all of that.
I am not an activist so I don’t need to jump through such loopholes.
I don’t despise proton as much as I despise most of Silicon Vally though. I just hope they fight every single court order, because there will be lots of good people being targeted. However, I reckon that is wishful thinking.
Proton has the burden of proof, and has continually failed to ensure their systems are E2E. They have failed to develop better tech like signal, and continue to change their infrastructure to appease swiss orders that come from other countries.
They have every means to decrypt, they control both the client software, server, and data. You would never know if they logged your key, and they can be compelled to by flimsy order.
This is inaccurate. First, Swiss law does not allow the breaking of E2EE. All of Proton's client side code is open source. We cannot arbitrarily change keys in an undetected way due to Key Transparency: https://proton.me/support/key-transparency. We also have open source mobile and desktop apps, so you don't even need to rely on the web app if you don't want.
The key has to be on their servers though? If I log into a proton account on a new computer I could see all my emails decrypted. I don't have to store the key somewhere and move it to my new computer.
Second, I am not talking about swiping the key, but the password. When you log in, you send your password to their server. They presumably hash the password and compare the hashes then send you the decryption key if the hash is correct.
The problem with that is they could keep the password you entered (pre hash). If hashes are good then use the password you entered themselves with the key to decrypt your email.
It sounds like the separate decryption password may work around this, but is not the default meaning a large chunk of the users are vulnerable to proton logging passwords.
I have been with Protonmail since 2014. And I feel that they are essentially now the same as any other company which makes loads of dollar - they give up their values.
Don’t get me wrong, I have multiple ‘Visionary Accounts’ but I have just no expectation of them protecting my data completely.
How do they get peoples passwords / keys? Easy. They just wait for you to log in and they swipe it then. It’s targeted.
They are a perfect example of why you cannot really trust any company selling ‘privacy’, like Apple, Mozilla and whoever else fakes it. Even TOR to a degree is a pile of pish because all the relays can be hosted on mostly American VPS companies… so although the rest of the world would struggle detecting who people are, five eyes are in an excellent position to be able to unmask. It’s intended for the Five Eyes spies to hide among - they need the randomers on there or it’s a useless tool for their global spies to use - I don’t think enough people actually realise that.
No, in fact we have no way to decrypt the emails on our servers, nor can we share them in an unencrypted format with any third parties (law enforcement included). All the data requests we comply with only include metadata which needs to remain unencrypted for the services to function properly.
Besides, none of it really matters when their customer service backdoor lets you into an account if you can enumerate recent emails that account has received. I'd never trust anything serious with Protonmail. (Try it)
I don’t see there customer support call as a recovery method. I‘d expect that for paid accounts you could theoretically verify your identity to CS via payment, but in that case you lose the data anyway.
Even if the attacker cant decrypt existing e-mail the concern is by hijacking the account they can intercept future e-mail received such as password resets.
Some searching finds this comment. [1] I would be interested if such a password reset were possible against someone who for instance had 2FA enabled, no recovery information and only accessed their account using the Tor onion-service. ;-)
Tor onion service relays are mostly on VPS. And those VPS are mostly American.
The number of tutorials I have seen about spinning up a tor relay on a VPS is crazy. These tutorials are probably written by three letter agencies - though I have no proof.
Regardless, protonmail doesn’t let people register when connecting with Tor unless you use phone number or card to make a payment. You will have to give up something which identifies you, and so it really doesn’t matter when you connect with Tor after you have already registered - there is a way to connect who you are.
Traffic of onion-services is encrypted. Traffic correlation to deanonymize the client can still be theoretically performed but ultimately you need to draw the line in the sand somewhere.
> Regardless, protonmail doesn’t let people register when connecting with Tor unless you use phone number or card to make a payment
Actually if you attempt enough times you will get the option to verify the registration with an e-mail. And they are rather liberal with which options they accept. So it is not exactly a circular dependency.
From there is it an exercise to the reader to create an account not linked to any other identity.
Valid point, however that happened at least 5 years ago. Proton was smaller. I don’t know if this is still the case for today: I would expect that they continuously improve security of user accounts as they grow.
Your link doesn't apply here. The attacker's recovery process is to just send an email to support@protonmail.zendesk.com and start flapping their gums.
It doesn't matter if you lose data. If you control an email address, you get all future email including forgot-my-password emails.
Honestly, if you try it, you will find it doesn't really work this way. A lot of heuristics are used for recovery, many which are not visible to the outside for security reasons. Also, data recovery is never possible because of the use of zero access encryption.
Protonmail's customer service agent CCed my recovery email (me) in the email thread where the attacker was social engineering them. And the attacker was successful until I had to reply to the email chain myself to tell them to stop.
And yes, signing up to Home Depot's email newsletter and other services so that they could tell the customer service agent "my last few emails were from Home Depot and ..." was successful against their customer support system. That's just how amazing it is.
Finally, I don't expect the social media guy running protonmail's HN account to give us much insight into protonmail's customer support security issues, but if you're going to show up, I would've at least expected you to forward my email somewhere for follow up.
Just providing the information on the most recent correspondents is never enough to provide access to a Proton account. Please share your support ticket number with us so we can see what happened exactly.
Are you aware of a better alternative? I am trying to see if I should commit to using Proton or not. I am just a normal users who do not want to be tracked or my data used. Maybe Proton is still very decent for that
From the same transparency report page, they refuse any requests from countries that are not Switzerland, and only provide information to Swiss authorities when necessary (I.E. valid international legal assistance, violations of Swiss law, etc).
As well, emails and files are encrypted. And their VPN is a no-log VPN.
Lastly, they can comply with an order and just give them nothing, because they don't have anything they can give. No files (E2EE), no VPN network info (No-logging), no emails (E2EE), etc. That's still, legally, an order they complied with.
You're making multiple conjectures to get to that conclusion, of which the only evidence presented is another company based in a different country than Proton.
It may be true, it may not be, but there needs to be more information or facts before we get to the original comments statement that Proton gives data to expose protestors to protect "the powers that be".
If a government says "Give us everything you have on this user", and Proton gives them a sheet of paper that says "Here's the primary email for the account, we don't have access to anything else", the order is legally complied with.
Granted, I don't know much of how Swiss legal processes work, but I do know Switzerland has the best privacy laws when it comes to VPNs (which is why a lot of VPNs use Switzerland). Switzerland even has laws on their books that prevent them from compelling no-log VPNs based in Switzerland to log specific users.
I provided an instance of Proton giving the IP address and Device ID of a user after the French authorities requested it.
In their own policy:
> “In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.”
So there's no question whether or not they do it, it's more of how often they do it and for what. The French case was a big deal because it didn't seem to meet the "extreme criminal case" threshold, and yet the logging was still carried out.
Feels to me after reading the article they earnestly try to do their best to offer privacy enhancing alternatives and push back often. What percent of these requests do Meta, Google or Microsoft fight? Ratios like that matter
Proton is extremely transparent and said:
If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation. This obligation however does not extend to ProtonVPN (see VPN privacy policy here). Additional details can be found in our transparency report.
> What percent of these requests do Meta, Google or Microsoft fight? Ratios like that matter
What others are doing doesn't matter, that's whataboutism. Yes there's many shittier services, and Proton is much better than them.
What matters is if you can trust Proton to be private, and the answer is... mostly.
Yes I like Proton and I use Proton as my daily email driver, because I don't expect privacy from governments, I just don't want Google tracking.
But a lot of people see the "no logs" thing and think that there's never any logs, which is not true, they add them on request, and they've done it based on foreign government requests, for questionable searches, as I've linked above.
If you want privacy in your hands, use Tor when accessing Proton and pay in crypto obviously.
Those are techniques needed for privacy because they can access that data and you can't trust them to safeguard any data they can access because they legally can't.
It's not their fault, it's just the system, but you must expect it.
Yeah, that's shitty, and it's no excuse, but I understand that, as a company, Proton will still have to comply with Swiss law, and if Swiss law requires IP Address monitoring in "extreme criminal cases" which I doubt Proton has the ability to decide whether it fits that or not.
I saw in the article that Proton also offers an onion address, which will make the IP Address monitoring useless anyway. So they, legally, have to do the monitoring, but provide a tool that makes their "monitoring" useless.
I agree with you that Proton is security theatre. Even if they were truly benevolent, they ultimately control both the server and the client. It would be trivial to serve a special js to a specific user to capture their key. Nobody would ever know. But that part:
> HN has been overwhelmed with poor quality users and bots growing in the last few years. Same as reddit there are paid services used to manipulate voting. HN needs to migrate away from this in order for real discussions to return.
is absurd. Is it really the only way you can explain why you're downvoted? Could it not be because you've made several unsubstantiated claims?
