Standard notes: what about don’t put all your eggs in one basket rule?

posted 10 months ago

gamedeviancy@discuss.tchncs.de

If the owner of the standard notes will now be a proton, doesn’t that contradict this principle? I have a proton email account but I don’t want it linked to my standard notes account. I don’t strongly trust companies that offer packaged services like google or Microsoft. I prefer to have one service from one company. I am afraid that now I will have to change where I save my notes. What do you guys think about this?

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

flatbield@beehaw.org

6 points

10 months ago

All security is porous. So there is every reason to believe that Proton or any other org will have a major breach at some point.

Edit: Just think of the LastPass debacle.

permalink

report

parent

[ - ]

Imprint9816@lemmy.dbzer0.com

4 points

10 months ago

“All security is porous” is pure FUD reasoning and, completely disregards the security audits Proton does to make sure its not anything like LastPass.

Using LastPass as a strawman is not a compelling argument.

OP and You are also assuming if Proton was breached that it means all the user encrypted data would somehow be available to the malicious party which is also extremely unlikely.

permalink

report

parent

[ - ]

flatbield@beehaw.org

4 points

10 months ago

Security audits do not guarantee security. They are just the best we have. Just as code reviews do not guarantee good and trustworthy code. In the end, we do not know what we do not know. In the end, every system has its weaknesses.

Sure I believe Proton is a reasonable supplier. Even with that Proton for example is on the record of giving out user info to governments. I am sure they did not meet the expectations of that activist.

permalink

report

parent

[ - ]

Imprint9816@lemmy.dbzer0.com

1 point

10 months ago

My point is Proton did something every legit business would do.

If your threat model is such that governments are going after you, you should be aware enough to not create an email with an IP that identifies you. That email issue was bad opsec not some specific problem with Proton.

permalink

report

parent

[ - ]

flatbield@beehaw.org

1 point

10 months ago

Well that is the point isn’t it. Companies are not very reliable. The only thing they can be relied on to do is whatever butters their bread and that can change at any time. There is also a PR component and a fact component and they do not always agree.

Proton is really no different. I seem to remember they changed what they said on their website after outing that activist. Presumably to be a little less misleading. Again, I am impressed with Proton but not infinitely impressed.

permalink

report

parent

[ - ]

Imprint9816@lemmy.dbzer0.com

1 point

10 months ago

You seem to be avoiding the fact component, which is they have proven through audits, yearly, their security is what you would want in a service that holds your data and have decided to instead rely on one instance (in 10 years of that service being around), that has nothing to do with the issue and your own feeling of how companies operate (FUD).

permalink

report

parent

Show more comments

Privacy Guides

!privacyguides@lemmy.one

Create post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…

Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

We prefer posting about open-source software whenever possible.
This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

Community stats

1.2K
Monthly active users
660
Posts
10K
Comments

Community stats

Community moderators