[-] dazo@infosec.exchange 4 points 2 months ago* (last edited 2 months ago)

@abobla

I kinda struggle to believe it's that difficult. I mean, Tresorit has a pretty good and functional Linux client. What have they done which makes it sustainable for them?

Filen.io also has a pure sync-client, which is distributed as an AppImage. This also works, but the FUSE integration Tresorit provides is quite awesome and performing quite decently.

I would actually recommend Proton to start the development on an older Linux distro. Like RHEL/Alma/Rocky 9 or Debian 11 (which is EOL, though) and make it run there. Moving from that distro to newer distros will then go smother and you'll get other distros supported quicker.

The mistake too many Linux efforts does is to take the "latest and greatest" distro version - often coupled with what a single Linux developer considers the "most used distro" and then hits lots of challenging when needing to support older distros. That's going to be painful.

@protonprivacy Please take note and forward to Andy and other managers.

[-] dazo@infosec.exchange 4 points 9 months ago

@testeronious

What is the difference between Proton Pass for business vs ordinary Proton Pass?

To me it looks like "same sh*t, new wrapping".

[-] dazo@infosec.exchange 4 points 9 months ago

@Telodzrum @EmperorHenry

Uhm ... ever heard of Computer Science at universities and such?

Just one quick example:
https://www.eecs.mit.edu/research/computer-science/

[-] dazo@infosec.exchange 27 points 9 months ago

@testeronious

So I spent a little bit time to dig up what Notion is.
This is what I found when searching for it ... https://www.notion.so/about

And I honestly have no idea why Skiff would be interesting for Notion. From what I can grasp the only Notion features overlap are Skiff Pages and perhaps Skiff Calendar. It's so off I struggle to fully grasp this.

First of all, Notion is not a service talking about privacy at all, afaict. And that was one of the main arguments Skiff had.

And then the first thing this merges states is that Skiff services are closing down.

I hate to say this, but Skiff founders couldn't really have cared that much about privacy then, when they chose to close down so quickly and abruptly like that, without a continuation plan on bringing privacy to Notion.

I believe the Skiff founders, if they really cared strongly about privacy, realised their service was not sustainable in a longer run, with too high running cost and too low income. In addition they might have seen that they would need to invest a lot more into further development and that it was too hard to improve their revenue stream. So the alternative was either to go down with a bang (bankruptcy), or they could sell "something" to another company and make it sound nicer.

Right now I just wonder what Skiff managed to actually sell to Notion. Most likely manpower, if I should guess.

[-] dazo@infosec.exchange 24 points 9 months ago

@Rookwood @testeronious

Tuta seems to be driven by idealists and privacy activists as well. AFAIK, they also don't have venture capital and their user base of paying users is what keeps them alive. Which is also why it's still a small company.

I don't recall how Tuta got their initial funding to get startet. I don't think they were crowdfunded in the same way Proton did.

But the idealsism goals of both Tuta and Proton is what generally makes it less likely they will sell out.

AFAIR, Skiff was VC funded. The idealism of the founders are easily ignored when the VC backing wants to cash in on their investments. And that's what happened here, in some way or another.

43

Also, @protonmail @protonprivacy

Linux users really need a decent Proton Drive app.

6
submitted 9 months ago* (last edited 9 months ago) by dazo@infosec.exchange to c/protonprivacy@lemmy.world

Hey @protonmail @protonprivacy !

When will you start implementing internal sharing in Proton Drive, with ACL (like read, write, share, admin privileges) per share?

That's essentially what's missing for several of my users, which means we could finally close Tresorit.

[-] dazo@infosec.exchange 3 points 10 months ago

@LunchEnjoyer

@protonmail could start by actually attending various open source conferences. There are several of them only in Europe. #FOSDEM is the largest one (actually happening this weekend), @devconf_cz is another one, with lots of #Linux distribution focus as well.

Sending HR folks and developers to these conferences, having a stand somewhere, meeting people is a solid way to find new hires with a specific skill set.

[-] dazo@infosec.exchange 9 points 10 months ago

@Prototype9215 @LunchEnjoyer @LinkOpensChest_wav

That's what really happens when @protonmail insists on doing everything on their own, not even doing the continuous development in the open. They provide source code updates only on stable releases, and even that can be delayed some days until after the release.

That's not how you build a community of users, developers and package maintainers.

Had they instead spent resources getting their Linux packages into the native package streams for the most important distros, they would have solved more bugs earlier with help from the community.

That is probably the most disappointing aspect of Proton. They still don't grasp how to interact with a broader community, to get real help.

They would still need to review contributions, just as I expect they do with changes from their own employees. So it wouldn't reduce the security.

Also, they can't really hide behind the code not being ready to be published; they code is being published in the end.

But they really miss the opportunity to get their packages into the standard Lunux repositories. Which would help resolving all the incompatibility issues they now have with certain Linux distributions.

On top of that, all the needed tooling required already exists. It just need to implemented correctly in their processes.

[-] dazo@infosec.exchange 8 points 10 months ago

@unruhe @Tutanota @protonprivacy

I dunno. I more often feel people who complain loudest about poor support comes from people who want a specific outcome but gets angry when they don't get what they want and expect. And then let their steam out in social media angling it in a way that they are the victims.

And this trend isn't specific to Proton, but more as a general impression.

The best way to check the support level is to actually reach out to them with an issue and then see how they respond to you.

[-] dazo@infosec.exchange 7 points 10 months ago* (last edited 10 months ago)

@unruhe @Tutanota @protonprivacy

I've been in touch with both. I've let Tuta behind. The Proton support was superb. It was delightful to actually be in touch with support personnel actually understanding how e-mail and the delivery mechanisms work. Solved my issues pretty quickly.

But was on Proton business and Visionary plans when I reached out, so the support level expectations are quite higher there.

[-] dazo@infosec.exchange 36 points 10 months ago

@testeronious

You know Proton has grown big when others take the time and effort to create scams like that.

It's no longer a tiny operation which is easily ignored or forgotten.

Question is what kind of scam is it? It looks like a crypto scam on the surface. But could it be more? Password phishing? Session hijacking?

18
submitted 10 months ago* (last edited 10 months ago) by dazo@infosec.exchange to c/fairphone@lemmy.ml

So I got a crazy #idea for #Fairphone ... Would be fun if some one could proxy this idea to the official folks there. @gael, @WeAreFairphone, @fairphone ?

Fairphones has a replaceable battery. Sometimes I would like to have a spare battery with me, to replace on-the-fly. In some situations, that is more convenient than to have the extra "dongle" known as an external USB battery pack.

The challenge is: How do you charge them? Back in the old phone days, you could have desk chargers for spare batteries. Another challenge: How do you carry external batteries safely?

So I got this crazy idea. Combine those two challenges! With an additional twist!

What if there was a portable "box" which could carry up to two Fairphone batteries, with a USB-C port to charge them. But! Let it also function as a USB-C battery pack which can be used with Fairphones (via cable) or other USB devices.

That gives you a portable battery charger, battery carry case for 2 batteries and a 3905 or 7810mAh OTG battery pack (based on FP4 batteries, depending on if 1 or 2 batteries are present).

If these cases can be designed to support more FP battery generations, you get something which could even be quite sustainable.

[-] dazo@infosec.exchange 8 points 11 months ago

@sasquash471 @Papanca How do you think the rclone protondrive support appeared?

https://rclone.org/protondrive/#limitations

[-] dazo@infosec.exchange 9 points 11 months ago

@Papanca @synapse1278

I've been testing out the rclone Proton Drive integration for a bit. As it is today, the rclone approach is currently too slow, especially using the "mount" approach which lets you access Drive files on-the-fly only downloading data as needed.

Using an "sync" approach (where data is stored both locally and in Drive) might be a better approach, unless you expect rapid syncing of files.

Considering the setup efforts, I cannot recommend Proton Drive for Linux in a productivity context.

Alternatives to Proton Drive on Linux there is @filen and Tresorit, which are both fully #e2ee. I've been using both for a while and both are decent.

Filen is the cheapest alternative and feature wise pretty close to Proton Drive - but they have a sync client for Linux. They do not have a possibility to access files "on-the-fly"; all data must be synced locally. And sharing data via URL need to happen via the web portal. Sharing data between Filen users was read-only access last time I checked.

Tresorit is fairly expensive, but also a lot more feature rich, especially on the sharing side. The Linux client supports both synchronising files between local storage and the cloud as well as a "drive mount" where all files in the cloud are available and only downloaded once you access it - or uploaded directly if you store something there.

Both Filen and Tresorit are fairly efficient in regards to uploading and downloading data via their sync clients. Using the web portal is slower, especially on larger files. This is naturally and not unexpected; the data is decrypted first on your device when the data has been downloaded from the cloud storage. Proton Drive is no different here.

Filen is a more properly open source based product. Tresorit is non-open source and built on top of Microsoft Azure services.

13
submitted 1 year ago* (last edited 1 year ago) by dazo@infosec.exchange to c/protonprivacy@lemmy.world

Hey @protonprivacy, @protonmail

I just had another quick test of #ProtonCalendar .... I'm really happy to see the internal sharing capabilities coming in place.

The only truly missing feature now is basically a bridge solution so I can have my calendar in Thunderbird. Is such a bridge in your plans?

Also, how integrated is the calendar on #Anrdoid these days? I've not tested it this time, as last time it was completely unintegrated and was quite a hazzle to get other apps adding events to the calender. I can probably get used to using only the Proton Calendar app on Android - but an interface for other apps to add events is a must.

As this is progressing, I'm getting closer to replace #EteSync for calendars with Proton Calendar. But you're still not quite there yet, unfortunately.

#privacy #e2ee

view more: next ›

dazo

joined 2 years ago