As a Proton Unlimited subscriber & general supporter of the company:
I don't care who it is hosting it, I don't want my password manager connected to the internet. There is cognitive dissonance when this community that distrusts IoT, call-home LLMs, URL bars that send data to Google and 5G-connected vehicles is willing to connect their most critical private data to a single, profit-seeking source-of-failure.
The password generation and encryption is an easy, solved problem that you can get for free! For any of these services, you're only paying for the UI, backup and internet connectivity. Companies have failed at this before and will fail again.
How do you sync your password manager between computers, out of curiosity? Most people put that file online somewhere they can copy it to other computers. Or is the ad-hoc nature of this usage a defense?
I use KeepassXC though, I'm still not terribly confident that I haven't lost data from forgetting to merge another modified database before overwriting it.
Every time I read about Proton I remember about that time CIA/BND created a fake crypto company in Switzerland because the country was perceived as neutral and used it to sell backdoored crypto equipment.
Crypto AG wasn't a fake crypto company; it was a real crypto company selling a product with a CIA/BND backdoor.
Proton makes open-source alternatives to big tech spyware and provides the service with a freemium model. Not sure what the comparison you're trying to make here is; they're both headquartered in Switzerland?
> Like every other Proton service, Proton Pass will be open source and publicly auditable upon launch, so anyone can independently verify our security features and their implementation.
I doubt its going to include sever side code like bitwarden.
But I pay for proton and I'm happy to switch if their product can fully compete.
Genuine question - how is it useful for them to release the server-side code? How do you know for sure that the code they have released is the same as what they are running?
Having the server code would be useful for self-hosting, but if you're relying on Proton to host the code for you, then you have to have a certain level of trust with them regardless.
With how Proton handled the French climate activist debacle, who is going to trust this over pretty much any alternative if they're concerned about privacy or security?
Proton Pass utilizes end-to-end encryption, so not even Proton can decrypt user data, and there have been hundreds of court cases that have proven that Proton's encryption cannot be bypassed by court orders.
Proton like all law abiding companies must follow court orders. But unlike most companies, Proton actually fights in court and won a legal victory against the Swiss government after the case in question, overturning an earlier ruling that email providers can be classified as telecommunications providers. Details here: https://proton.me/blog/court-strengthens-email-privacy.
While I like players such as Proton entering the Password manager space, I hope they don't lose focus with the multitudes of products.
What I liked about Proton was the simplicity on just one product and executing it well, but lately they've kept on adding new products some in their wheelhouse and aligns well (VPN for example), but some a stretch (Drive/Calendar).
I feel like drive and calendar go with e-mail fairly naturally. The play seems to be giving people willing to pay for a google alternative everything they'd want to replace. They can't give them everything but, encrypted storage feels like a fairly simple thing to provide and calendars are a well trod problem space.
Overall though, I agree with you. Proton seems like a solid company with good offerings and it would be a shame if they lost quality in their core offerings for the sake of adding features.
Only their mail product was vaguely good, but became very outdated as the years went on. I liked Proton VPN but ultimately ditched the whole in favour of better value, better UX, more features.
I have been a user of Proton since shortly after crowdfunding. I kick myself regularly for not buying a lifetime subscription.
I’m a Proton fan mainly for one reason - assuming that they aren’t a CIA company with back doors, my government must get a warrant to access my data there. This is my right and is recognized in the fourth amendment but increasingly my government chooses to ignore it. I am simply reasserting my rights.
Before I used Proton I used Hushmail for the same reason but they gave up years ago on innovation, and Canada is practically a totalitarian state nowadays anyway so I don’t trust them anymore.
I'm happy subscriber of protonmail and proton calendar. Those are products which provide some value to me, that other products can't (end-to-end encryted, privacy-first, ....).
I would like to see other apps such as proton contacts or proton notes, that provide the same values.
However, I'm not sure if we need another password manager, there are so many already that propose exactly the values listed above...
Another cloud based password security solution. The cloud is as reliable as the weather. Fairly reliable for the next 24 hours, until it isn't. Because gremlins. This is the reason I have to migrate away from 1password this year, what with manifest v2 deprecation and them abandoning personal vaults.
I currently use Firefox for passwords, this syncs nicely between desktops and despite their awkward killing of Lockwise it still works adequately for logging in to Android apps. I don't see any compelling reason for me to switch here even though I already pay for proton mail.
Although the company has good credit in terms of developing secure services, the idea of putting my passwords, my VPN and my emails in the same basket doesn't align well with my threat model. I'll stick to KeePassxc.
i really hope its passphrase generation is on par with bitwarden. I'm not going back to a nonsense password generator, i hate typing these into other devices. Give me CorrectB4tteryStapleHorse! or no deal.
edit: i really like that they leverate simple login, that might be a reason to switch.
Ideally you shouldn't be looking at the actual contents of your passwords! All my passwords are long and, apart from my password manager which requires my devices and 2fa token, I won't log into any of them by typing a password.
[+] [-] devnullbrain|2 years ago|reply
I don't care who it is hosting it, I don't want my password manager connected to the internet. There is cognitive dissonance when this community that distrusts IoT, call-home LLMs, URL bars that send data to Google and 5G-connected vehicles is willing to connect their most critical private data to a single, profit-seeking source-of-failure.
The password generation and encryption is an easy, solved problem that you can get for free! For any of these services, you're only paying for the UI, backup and internet connectivity. Companies have failed at this before and will fail again.
[+] [-] webstrand|2 years ago|reply
I use KeepassXC though, I'm still not terribly confident that I haven't lost data from forgetting to merge another modified database before overwriting it.
[+] [-] ementally|2 years ago|reply
[+] [-] Mindwipe|2 years ago|reply
If I'm not hosting it then it isn't.
[+] [-] dist-epoch|2 years ago|reply
https://en.wikipedia.org/wiki/Crypto_AG
As a rule, never depend on only one company for all your opsec. Use different companies for you mail/VPN/password manager/antivirus/...
[+] [-] cyclecount|2 years ago|reply
Proton makes open-source alternatives to big tech spyware and provides the service with a freemium model. Not sure what the comparison you're trying to make here is; they're both headquartered in Switzerland?
[+] [-] nabnob|2 years ago|reply
[+] [-] drcongo|2 years ago|reply
[0] https://proton.me/pass
[+] [-] jacooper|2 years ago|reply
I doubt its going to include sever side code like bitwarden. But I pay for proton and I'm happy to switch if their product can fully compete.
[+] [-] amanzi|2 years ago|reply
Having the server code would be useful for self-hosting, but if you're relying on Proton to host the code for you, then you have to have a certain level of trust with them regardless.
[+] [-] hammyhavoc|2 years ago|reply
[+] [-] protonmail|2 years ago|reply
Proton like all law abiding companies must follow court orders. But unlike most companies, Proton actually fights in court and won a legal victory against the Swiss government after the case in question, overturning an earlier ruling that email providers can be classified as telecommunications providers. Details here: https://proton.me/blog/court-strengthens-email-privacy.
[+] [-] brianjking|2 years ago|reply
[+] [-] avinoth|2 years ago|reply
What I liked about Proton was the simplicity on just one product and executing it well, but lately they've kept on adding new products some in their wheelhouse and aligns well (VPN for example), but some a stretch (Drive/Calendar).
[+] [-] AssertErNullNPE|2 years ago|reply
Overall though, I agree with you. Proton seems like a solid company with good offerings and it would be a shame if they lost quality in their core offerings for the sake of adding features.
[+] [-] devnullbrain|2 years ago|reply
[+] [-] vr46|2 years ago|reply
[+] [-] e12e|2 years ago|reply
https://proton.me/blog/proton-pass-security-model
https://proton.me/blog/proton-pass-beta
From their existing github, i expect they will only open up the client part, unlike bitwarden.
[+] [-] efitz|2 years ago|reply
I’m a Proton fan mainly for one reason - assuming that they aren’t a CIA company with back doors, my government must get a warrant to access my data there. This is my right and is recognized in the fourth amendment but increasingly my government chooses to ignore it. I am simply reasserting my rights.
Before I used Proton I used Hushmail for the same reason but they gave up years ago on innovation, and Canada is practically a totalitarian state nowadays anyway so I don’t trust them anymore.
[+] [-] timetraveller26|2 years ago|reply
[+] [-] broodbucket|2 years ago|reply
[+] [-] varjolintu|2 years ago|reply
"Proton Pass is also one of the first password managers to include a fully integrated two-factor authenticator (2FA) and supports 2FA autofill."
Highly doubt that. There are already multiple password managers with the feature.
[+] [-] layer8|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] computerfriend|2 years ago|reply
[+] [-] stockhorn|2 years ago|reply
I would like to see other apps such as proton contacts or proton notes, that provide the same values.
However, I'm not sure if we need another password manager, there are so many already that propose exactly the values listed above...
[+] [-] AwaAwa|2 years ago|reply
[+] [-] Y_Y|2 years ago|reply
[+] [-] nokya|2 years ago|reply
[+] [-] drcongo|2 years ago|reply
[+] [-] beardedwizard|2 years ago|reply
[+] [-] hammyhavoc|2 years ago|reply
[+] [-] 16bitvoid|2 years ago|reply
[+] [-] jagermo|2 years ago|reply
edit: i really like that they leverate simple login, that might be a reason to switch.
[+] [-] Y_Y|2 years ago|reply
[+] [-] sph|2 years ago|reply
I need to set that up then.
[+] [-] cryptoegorophy|2 years ago|reply
[+] [-] bigbacaloa|2 years ago|reply