A shame that OP recommends Proton. The fact they don't support open email protocols like IMAP/SMTP without an extremely frustrating proxy setup is what ultimately turned me away from their service. Being able to "just" use a native mail client is pretty much a must.
The vendor lock-in from something like Proton feels way worse as a result.
Can't speak to Proton Pass, but it strikes me as a replacement that seems unnecessary: if Bitwarden is a problem, the server can be selfhosted, something which the OP seems to be familiar with.
Some of the others feel of more... questionable issues to have with US cloud services; it's hard to find problems with Dockerhub and NPM that aren't just general problems with these services/the company behind them (mainly NPM). Maybe that's just because the public/private concern for both of those services is pretty different than the others mentioned here.
What's a good alternative to Proton? Still haven't migrated my business away from Google Workspace, and I was thinking Proton would be a good alternative, but apparently not if they don't even support IMAP/SMTP.
Mailbox looks very solid, although I don't have long-term experience: https://mailbox.org
It provides email, online storage, video conferencing, calendar etc., all of it privacy-preserving by default. You explicitly don't have to provide any personal details.
Fastmail[0] is what I use for my personal email. They support all the standards, but are also pushing things forward with standardising the JMAP protocol[1] which is much better suited to mobile clients than IMAP.
They only have email and calendaring though, no equivalent of Drive/Docs/Sheets.
Australian businesses have to provide GDPR protections to EU citizens, regardless, just as EU companies operating in Australia have to obey Australian law.
I also have a feeling the Five Eyes agreement is about to end.
Not mailbox.org (!) unlike many have suggested. In last few years mailbox has gone into the gutters in almost every aspect (almost) - I am stuck there because of a large recharge/purchase I had done and they don't do prorated refunds anymore.
There are other options - tuta, posteo, runbox etc (I have just made a longer comment and I am sure you can find more on the net).
IMHO - we should not ignore other things when looking for a service replacement I mean aspects of a service other than privacy and for me responsiveness and customer service comes near the top or at the top.
I am migrating away from Proton. In theory they check all marks, in practice they fail in delivering baseline functionality in all categories.
1. The Web interface email is so-so, but the proxy email bridge is really heavy and takes a huge amount of disk space. It also makes my computer start flying from time to time. The iOS email client(very important as they dont support standard protocols) is just useless. The text is rendered like an image which I need to pinch to zoom in and slide across the text. There is no way for the font size to be increased to a legible amount. The images in attachment are not in a carroussel so I need to open1/close1/open2/close2/open3/close3 if there are 3 attached images. In an email client this is absolutely basic.
2. ProtonDrive: It took a long while before rclone was supported and for their web client to be working, "ok". Anyway it is basically unusable as a backup cloud service because it takes forever to encrypt in the browser. I just gave up and have no idea what is the state of sync of my files there. I just moved to backblaze and am waiting for my Proton subscription to expire.
3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
4. ProtonCalendar is proprietary and not compatible with generic tools in iOS or linux or Android.
I gave up trying their other services as I just expect them to be as incomplete.
I mean: Email is the thing that needs to work right and every time I need to see some email together with my wife I feel like this goofy person that complicates what for everyone else is one of the most basic tasks in using a computer.
If I could I would just cancel and ask my money back, unfortunately they do not do that.
> 3. ProtonVPN: Good on paper, totally untrusted and blocked by the internet. I can't navigate without filling 10 captchas or just be outright blocked.
Even residential IPs are being blocked nowadays, we have Cloudflare to thank for that.
Yes! I run Firefox on Linux and I constantly get captcha'd everywhere (by that typical cloudflare loading page) because I'm not part of the 95% that runs Windows or Mac. Cloudflare is an awful thing for the internet.
cloudflare seethes at firefox users that have strict tracking protections enabled. OTOH it's still much less violent than hCaptcha or google. Especially if you install their PoW pass extension.
It might be because I tweaked my user agent. I had to do this, because Microsoft is being obstinate and disabling a lot of M365 features if you're on Firefox on Linux. When I set my UA to Edge it suddenly works totally fine. I'm just a bit stuck with M365 due to my work, unfortunately.
It's not really "big tech slavery", cmon. A large majority of bots on the internet try to fake their User Agent to pretend to be someone else. Unfortunately, your browser does the same. When they compare your browsers signature with the expected user agent and real user agent, they find discrepancy and flag your browser as suspicious.
The real solution is to only modify your user agent for the MS apps you have trouble with, and all your captchas will disappear.
No they don't because I had them too before I started using M365 and had to edit the UA. Maybe not as much, but I think the tracking protection also has a lot to do with it like another poster said.
You're looking at this in black and white. The CEO praised one of the administrations picks for being tough on big tech. While I think he's wrong in his statement on who stands for "the little guys" praising one pick for her stance on big tech does not mean he wholly supports the administration and it's actions.
Not all things require an equal reaction. Someone saying "this pick has a good track record" doesn't require the same level of drama as if he had said everything this administration does is awesome.
Yeah, I was a Protonmail evangelist but their mobile app sucks and their client software has nonconsensual surveillance embedded in it that you have to remember to turn off.
Yes I'm not a fan of Proton either. Especially because they hammer so much on their "Encryption" thing while 95% of the mails you get will come unencrypted from one of the big tech parties, Google, Microsoft, Amazon. So what is the point, really? And because of this indeed it is very hard to connect to it.
Email is just dead as a tech. It's no surprise nobody uses it for sensitive content anymore but instead just uses it as a notification service ("Please log in to our portal to read your message").
I don't personally like bitwarden either because it uses a master password, I prefer "pass" which encrypts each password with your GPG key (which can be stored on a yubikey for hardware security). But yeah self hosted bitwarden is a good option too and very popular.
There's so many organisations moving away from it though. Email password recovery yes. But really, what does Proton's E2EE add to this? The email is still sent unencrypted across the internet. And only gets encrypted when it gets to their mailbox. It's not as if someone could easily break into gmail either. Unless they know your password but then Proton is just as vulnerable.
I just consider their "Security" window dressing to be honest. It totally ignores the gaping wide problem and fixes only a tiny pretty irrelevant part of it.
Many emails aren't sent unencrypted any more — just not E2E encrypted. It's harder to stop an active MITM from downgrading the connection, but the bulk of non-spam messages to my server come in with TLS. And while it's not going to be possible for most people, I have pinned most of my larger destinations to require TLS with a suitable certificate, so I can have confidence that my outbound email won't transit the Internet unencrypted.
Obviously if you're a client of a big hosting service that you don't trust then E2E has value. But that's not the whole problem, or the whole solution.
It's really the only game in town for messaging. Like sure, there are a zillion incompatible alternative systems out there but email is the only system with worldwide adoption. ... and its federated. ... and it actually works somewhat reliably. ... and it's actually fairly secure these days, using a network of trusted email servers.
Like sure, it would be great if we could make end to end encryption usable for regular people for the email case. It would also be equally great if we could make E2EE usable for regular people for all the other cases.
The vendor lock-in from something like Proton feels way worse as a result.
Can't speak to Proton Pass, but it strikes me as a replacement that seems unnecessary: if Bitwarden is a problem, the server can be selfhosted, something which the OP seems to be familiar with.
Some of the others feel of more... questionable issues to have with US cloud services; it's hard to find problems with Dockerhub and NPM that aren't just general problems with these services/the company behind them (mainly NPM). Maybe that's just because the public/private concern for both of those services is pretty different than the others mentioned here.