“So @ProtonMail received a legal request from Europol through Swiss authorities to provide information about Youth for Climate action in Paris, they provided the IP address and information on the type of device used to the police https://t.co/KtKF4wn3wv”
I think there is a common misread here, I never said the issue could not happen, I mean that for helping or supporting this kind of company which runs services over propietary software during and without these issues, it is preferable to support Disroot on it.
Not centric on that part of the news but the simply fact that is just Protonmail.
@Echedenyan@lemmy.ml yes, but there are few caveats with disroot. What is special about companies like Protonmail and the like is that they store encrypted emails on their servers. According to disroot’s privacy policy: “All emails, unless encrypted by the user (with GnuPG/PGP, for example) are stored unencrypted on our servers.”, so in theory there is more data that can be forced to handover. Another concern about disroot is that they don’t have the budget for expensive security audits, their mail server is NextCloud, and their web-mail client is Rainloop web-mail, the later doesn’t seem to be very actively maintained, so how secure is it? I don’t know.
Nextcloud is not a mail-server, don’t confuse it. Nextcloud has an Email app which can be connected to your account. They use LDAP for most services with few exceptions (f.e. Gitea).
If you have questions about the Email server and the webmail use you can ask them directly about it. The email stack I tell you that is one very known and is actively maintained.
The case with Rainloop is quite different because have been subject of controversy in the past regarding to its security, you can always ask about it.
About the security audit: most tasks at Disroot are SysAdmin/DevOps tasks can be checked in different repositories as they are deployed with different DevOps tools like Ansible ( https://git.disroot.org ). If there is something non-Standard/custom that should be audited (as this is the source of audits, not configurations that have been already audited commonly or are recommended already by security teams) you can always ask to the maintainers by email to support[AT]disroot[DOT]org. Sometimes they work close with maintainers of different software for bugfixes, etc (Nextcloud and different apps of it as example).
If you think there is something to be doubt, just start reporting to it to improve it instead of putting this as a supermarket of products which should be chosen exclusively and to which you cannot do anything. Protonmail is by source something that is not going to change in the same way that Disroot could by the base of it.
It is just propietary software in the server side and some parts of the client side.
It is also a company.
Just use something like Disroot.org
You can also use Briar.
Disroot.org is not an activist organization, they will do the same thing.
Also, if you need more information about Disroot:
I think there is a common misread here, I never said the issue could not happen, I mean that for helping or supporting this kind of company which runs services over propietary software during and without these issues, it is preferable to support Disroot on it.
Not centric on that part of the news but the simply fact that is just Protonmail.
@Echedenyan@lemmy.ml yes, but there are few caveats with disroot. What is special about companies like Protonmail and the like is that they store encrypted emails on their servers. According to disroot’s privacy policy: “All emails, unless encrypted by the user (with GnuPG/PGP, for example) are stored unencrypted on our servers.”, so in theory there is more data that can be forced to handover. Another concern about disroot is that they don’t have the budget for expensive security audits, their mail server is NextCloud, and their web-mail client is Rainloop web-mail, the later doesn’t seem to be very actively maintained, so how secure is it? I don’t know.
deleted by creator
Nextcloud is not a mail-server, don’t confuse it. Nextcloud has an Email app which can be connected to your account. They use LDAP for most services with few exceptions (f.e. Gitea).
If you have questions about the Email server and the webmail use you can ask them directly about it. The email stack I tell you that is one very known and is actively maintained.
The case with Rainloop is quite different because have been subject of controversy in the past regarding to its security, you can always ask about it.
About the security audit: most tasks at Disroot are SysAdmin/DevOps tasks can be checked in different repositories as they are deployed with different DevOps tools like Ansible ( https://git.disroot.org ). If there is something non-Standard/custom that should be audited (as this is the source of audits, not configurations that have been already audited commonly or are recommended already by security teams) you can always ask to the maintainers by email to support[AT]disroot[DOT]org. Sometimes they work close with maintainers of different software for bugfixes, etc (Nextcloud and different apps of it as example).
If you think there is something to be doubt, just start reporting to it to improve it instead of putting this as a supermarket of products which should be chosen exclusively and to which you cannot do anything. Protonmail is by source something that is not going to change in the same way that Disroot could by the base of it.
Disroot isn’t security oriented.