this post was submitted on 08 Mar 2026
500 points (97.0% liked)
Privacy
5372 readers
46 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've been using the one included with my Proton subscription, what do yall think about it? Worth it to also pay for Mullvad?
I have nothing against Proton or any of their products, but I took the opportunity of switching away from big tech to also switch away from the all-services-in-one-provider model. Moving everything from let's say Google to let's say Proton just kicks the problem down the road. If Proton ever goes evil or goes out of business you're now looking for a new home for all your services again.
Its also generally good privacy practice to use a VPN provider that is wholly separate from any other provider you use so that provider can't relate your VPN traffic to all the other data they have on you. This is more true from providers who aren't trustworthy, but it's a rule I follow regardless.
Of course, this all depends on your threat model.
I am in the process of slowly buying up the hardware and learning the needed information to self host, I degoogled my life which was a hard thing and Proton was the easier place to go and it was intended to be a place holder till I feel confident enough to switch everything over to a self hosted setup. Using Proton's VPN is more a frugal choice.
I've setup my first Pi Nas (raspberry 5 pi nas) and that was my first step in my self hosting journey, I do own my domains for my emails so step 2 is to get another raspberry 5 and setup my own self hosted website server and email.
I've always been a tech savvy guy but my field is manufacturing, I'm not a software or web developer like a lot of the people on here so it's a bit of a slower pace and learning curve for me but I'm working on it. Also it doesn't help that it's getting more and more expensive to self host by the day.
I do value the input and information I learn on here and appreciate the explanation.
I felt this in my bones. I do a lot of tech work, but basically none of it is programming or web dev. So lots of the self hosting stuff goes right over my head unless I really take the time to dive in. The worst part about self hosting is realizing how much you don’t know, but also knowing there’s probably a lot more that isn’t even on your radar.
Everyone has heard horror stories about the newbie self hoster just forwarding ports for every single service they run, not realizing that it’s turning their firewall into a sieve. And it’s the “not realizing” part that is scary. Especially when basically every Reddit thread about hosting something like Jellyfin will inevitably have a comment near the top, which is along the lines of “lol I just forward my port and it works.” Misinformation about best security practices is rampant, and filtering it out can be overwhelming for a newbie. Especially since the “not realizing” threat is always present. It’s always possible you made some dumb mistake that just exposed your entire LAN to the internet. And you won’t even know you made the mistake until all of your shit is ransomwared or being used to mine bitcoin.
Proton is a big supporter of Trump regime
Not challenging you, but do you have evidence that's easy for you to get to? I am considering their mail service. Thanks!
I guess they mean the tweet of the Proton CEO, which was blown far out of proportion and without context and caused a sensationalist shitstorm on Reddit.
If you want a detailed write up: https://scribe.rip/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
Dude basically just said that Reps were more responsive than Dems when he tried to lobby. Everyone's translation was that he must love Trump.
Good write up, thank you for the context.
I think I've gotten this info on Lemmy somewhere. Searching got me this https://news.ycombinator.com/item?id=44808694
https://theintercept.com/2025/01/28/proton-mail-andy-yen-trump-republicans/
So it seems like it's not such a clear cut case as i made it out to be. Thanks for "challenging" me, even though that wasn't your goal.
Thanks for the update!
Proton is known to unmask paying customers to agencies like the FBI, just so you know.
No, lol. That would have to go through a Swiss court first. Also, the only info the FBI is going to get is "Yes, this person is a ProtonVPN customer." Your data is end-to-end encrypted, so Proton cannot decrypt it.
Check the news. Proton literally unmasked the identity of a paying customer to the FBI. Delivering someone's identity is as bad if not worse than delivering messages: at that point it matters not if your data is encrypted because now the FBI can target you for $5-wrench torture.
Half true.
This post is about VPN. And Proton VPN is still safe.
Your info/news is on Proton Mail. In this case Proton was legally obliged (Swiss law) to give out identifying data for the owner of a known email address. The owner used a credit card and they had to give up the credit card info. The content and communications inside their email account is still private and was not given out. If they had used cash or crypto for paying, proton might have had no information to give out to the authorities. And again, they were obliged by law.
If the only defense a company has for giving away information about (paying!) customers to an agency of a fascist country known for disappearing people is "I was just obeying orders!", may I remind you of the Nuremberg Trials. But, well, I guess there's nothing better to expect from Proton on that end. The Swiss were, after all, well-known for taking all that Nazi gold without any complaints.
Just follow orders, like a good soldier.
Are you OK? You didn't hurt yourself with that ridiculous stretch, did you?
why, what should have they done? close shop and go to jail for not complying?
you have unrealistic expectations. if you are high risk, you should only access their services over their onion site and only pay in crypto or gift cards. they give all the tools one needs to stay truly anonymous.
In the least, fight it more in court. Isn't that the entire point of the thing, to keep things looping around via lawyers? Maybe notify the user beforehand, as well.
In the most, not have hosted that data in the first place. No need to keep subscription data if you implement one-time lifetime plans, for example.
that can be done in questionable cases, but not all is like that. often the law is very clear about what do they need to comply with, isn't it?
I am not a lawyer but I doubt they are allowed to do that
as I said in my previous comment, they accept payments in crypto. but I think they also accept payments in cash over mail
The reporting doesn’t say Proton “literally unmasked a user to the FBI.” What happened is that Proton was legally compelled by Swiss authorities to provide payment data they already had, and those authorities later shared it with the FBI through a legal assistance treaty.
The email content remained encrypted. What identified the user was the credit-card payment tied to the account, which is inherently traceable.
The uncomfortable reality is that people often deanonymize themselves: they create accounts without Tor, pay with identifiable cards, and link real-world data to the account. At that point the provider doesn’t need to “break” anything — the identifying information already exists.
Slice it how you dice it, Proton aided in the process, and they gave out information that the FBI would have reasonably not have had at that point, or else they'd have acted upon it. Slice it how you dice it, Proton unmasked a customer to the FBI.
You can repeat that framing, but it’s still inaccurate. Proton didn’t “unmask a user for the FBI.” They complied with a legal order from Swiss authorities for data they already had, and that information was later shared through legal channels.
What identified the user was their own payment data tied to the account. If you pay with a credit card and create the account without anonymity tools, your identity is already linked — no provider has to “break” anything.
That’s the uncomfortable reality: people often de-anonymize themselves by using identifiable payments and normal connections instead of Tor and anonymous methods when creating the account.
That’s a misleading way to frame it. Proton doesn’t “unmask customers for the FBI.” They respond to legal requests through Swiss authorities, like any company operating under a jurisdiction.
And in the reported cases what was provided was account or payment metadata, not decrypted email content. If someone ties their real identity to an account through payments, no provider can magically make that anonymous.
A good comparison is Mullvad VPN. When Swedish police searched their offices in 2023, they left empty-handed because Mullvad doesn’t keep user identities and accounts aren’t tied to emails. If a user registers without identifiable payment, there simply isn’t much data to hand over.
The real issue isn’t “betrayal,” it’s what data exists in the first place.