this post was submitted on 30 Oct 2024
8 points (90.0% liked)

Proton

5323 readers
43 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
 

The Google Play Store version of Proton VPN (not the F-Droid or GitHub versions (unless they have been updated the last few weeks)) allows people to use Proton VPN as a 'Guest', i.e. without logging into a Proton account. The average user might think, because they have not provided an email address or any other details whatsoever, that using Proton VPN as a Guest gives them an additional layer of anonymity.

Would they be correct?

Or am I right in thinking that when a person downloads the VPN app from the Play Store, their Gmail address (logged into the Google Play Store) is shared with Proton, and because Proton receives this identifiable information from Google it is why Proton allows 'Guest' usage on the Play Store version and not on the FOSS versions of the app?

If yes, does Proton store these Gmail addresses and are therefore able to provide them to Swiss authorities if demanded?

Proton VPN says they are a "no-logs VPN service", but their definition of what that is leaves me with a few questions. They say "we keep no session usage logs" of which websites people visit, or their actual IP address, but does this mean the data they have is only cleared once the session ends? Do they not need an identifier to know where to send data whilst the VPN is in use? What if the user does not switch off their VPN - can Proton what websites a specific Google 'Guest' user is visiting whilst they are in a session?

Although a user logged in with a Proton account would have peace of mind that some or all their other data (emails, files, etc) is E2EE and therefore safe, if the the user is a 'Guest' and Proton stores their Gmail address, the user is much more likely to be identified and their Google data accessed by authorities.

If on a single device the user is logged into their Proton account in their browser or other Proton apps but use the VPN as a Guest because they think it would make them less identifiable, could Proton, or Swiss or foreign authorities connect the Proton account with the VPN usage (specifically, the Gmail account if nothing else)?

All that is to ask, are 'Guests' any more or less 'anonymous' than Proton VPN users who log in with their Proton account?

top 1 comments
sorted by: hot top controversial new old
[–] birdcat@lemmy.ml 3 points 3 weeks ago

not going into all of that but just install the app with aurora store if it makes you trust proton more.