For context, in my password manager I had tried formatting some of my entrees so that it would contain the usual username and password, but instead of creating whole new entrees for the security questions for the same account, I just added additional fields in the same entree in order to keep things a little more tidy.
I was not expecting that doing so would result in later being shaken down by Proton to pay even more money just to access the same few bytes of fucking text I had trusted them with. This is sleazy as fuck and I am dropping these idiots entirely.
OMG I thought I was the only child of Mr and Mrs Upgrade, of Upgrade street, Upgrade! Maybe we’re related?
??? I use Proton mail and I never saw something like this. Account with nick, other mail, password and go.
It’s in Proton Pass. When you create an account entree, there is an option to create additional fields that you can name and fill out, kind of like multiple notes in one file. Somehow I was able to create those fields on my account just fine, but then to be given access to that data it turned out that I had to upgrade my account. In other words they duped me into entering data at no extra cost, but then charged me to access that same data later on.
I don’t use it. Mail is fine, I don’t need other than this. For all other apps, there are tons of FOSS alternatives out there.
Bitwarden FTW
That’s scummy as fuck.
I guarantee they do that on purpose just like all other scams that make you invest your time before telling you you need to pay.
Download BitWarden and be done with it.
You can even self host it… And easily export your data from their hosted solution to your own.
Keepass is tried and true, I’m going back to Keepass.
Welcome back 👍
If you can, just self-host vault warden (compatible with bit warden and supported). Gets your data out of the cloud entirely.
Why are you suggesting self hosting vaultwarden instead of self hosting bitwarden?
It’s much lighter on the resources while having the exact same functionality.
Bitwarden disables some features if you self host, even if you pay the $15/year.
Self hosting BitWarden still means it’s accessbile for them and/or from them.
You also have no way to audit their security from what I understand. VaultWarden is FOSS, if you want to, you can go check. And it does get checked by people with the competence to check this do every now and then.[Edit: I forgot that BitWarden is actually souce-available as well, while not being FOSS that’s still better than most solutions]. I just prefer full FOSS whenever possible. I prefer it not be a black bos I just happen to run on my own server.If you self host VaultWarden, the instance can just be not accessible from the internet, and only from behing a VPN. Obviously this is inherently much safer. If that’s possible with the self-host option I don’t know, but even just for licensing the local instance will have to be able to reach their servers (possibly be reachable from their servers, too). I did see they got an “offline deployment” option for air-gapped servers, but haven’t looked into what limitations that entails.
Additionally, you’re still within their licensing model. So for certain features you need to have a not-free account (like even just more than 2 people).
And like others said, VaultWarden is much lighter on resources in general and you aren’t limited in what you can and can’t do (users, collecitons, auth-options, …).
I’m with you, but the hosted subscription is miles more secure than I can make my installation, and at $10 per year probably cheaper than the electricity to self host. Plus it supports the devs.
But I do make regular backups in case I need to migrate.
I think their prices have increased, but it’s still a good deal
Apparently the price increase happened yesterday; I hadn’t heard anything about it until just now. Gave me the push I needed to switch to self-hosted vaultwarden in like 15 minutes. Very pleased with how simple the docker compose and export->import were. I’ll note that I’m running it privately on my local network, which I’m assuming should work fine as my devices enter that network semi-frequently and should keep everything synced up(?).
If you want a nice way to elevate the usability of your setup use Tailscale (or self-host Headscale) and run your devices on a VPN.
My devices are never not on my “LAN”, they maintain a VPN connection and access my local services as if they’re wired in. Remote pihole, multimedia streaming, password management etc are all covered by this one solution without needing to deal with reverse proxies and certificates.
Yeah, it’ll work fine. It syncs occasionally but you can also force a sync. Just make sure you backup somewhere (with an encrypted backup you can do it anywhere, even Google drive without privacy issues) incase of fire or wtv. If you’d like online access you could also setup wireguard with a route to it.
Giving money to yanks though
1password if you want to give money to Canucks.
1password is decent nowadays I think, but for a long time it was apple-only nonsense, it’s proprietary and the web interface/app interface used to be confusingly different from one another.
KeepassXC and syncthing, free and easy
What is your backup process like? Still haven’t figured this one out. Not sure if it makes sense to export encrypted where I can only access My vault with the same account, or unencrypted but then leaving it open and exposed somewhere or in multiple places.
Unencrypted, and it stays local.
Your first point is debatable. You still have to trust them to be that secure, and you can’t verify that. If they are ever breached, it’s literally the worst case scenario. You can self-host their solution, but only in the enterprise tier (6$ per user per month). Also BitWarden is a target woth attacking, I am not. BitWarden hosts thousands of instances worthy of being attacked individually. A personal VaultWarden instance of “Mike and Molly Peterson” isn’t exactly an attractive target. I do think they are pretty secure, but a single mistake with these stakes can have immense consequences. LastPass was also breached repeatedly, with a similar buiseness model.
The second point about electricity wouldn’t be true in my particular case, as the server for self-hosting it is running anyway. Running VaultWarden or not doesn’t change the power usage noticably. Obviously this is different for someone who doesn’t just have a server at home running anyway.
Side note: I’m not actually running a personal VaultWarden instance, as my personal requirements are being met just fine with KeePass files. We do run an instance at work, but it isn’t world-accessible (internal access only).
Bitwarden doesn’t do any of the stuff that makes proton pass extremely usable. You can’t easily manage logins and create them on the fly with custom emails in bit/vaultwarden. That is by far the most valuable feature of proton pass IMO, the seamless integration with simplelogin is just so damn convenient.
Bitwarden has an integration with simplelogin too. Enter an api key and it can generate random aliases on the fly.
Where? I can’t seem to find that option anywhere in my bitwarden app
Edit: NVM found it, it’s just hidden by several clicks before it’s an option.
You can do that in bitwarden
Howdy. For the clarity of users such as myself, can you please clarify which “Proton” you’re referring to.
Bummer.
Eh. I am very happy with thwir service, but I didn’t opt for the free tier. It has replaced my old VPN service provider, 1Password, google’s 2FA, Google Drive, and the office suite is useful.
Since i was paying for other services that offered no privacy, switching to a single paid service with privacy ended up saving me money, so no complaints.
I too am happy. i migrated from Firefox password manager, google mail, Cisco duo (kill it with fire please for the love of Turing and Tesla), and several other services. the only thing they don’t have that I really want at the moment is collaborative document editing but I’m pretty sure that’s on the docket of “things to add”.
Try 2FAS (Auth and Pass): https://2fas.com/ This is a great service!
Because a bunch of dementia patients started leaving 1 star review as they kept on forgetting their passwords
Dude, jfc calm down. You pay a little money to get premium services, instead of them monetizing user data. This is the way the world works with paid software, except they’re not making money on your data and you, just you.
Maybe some context in what exactly you pay for would help too. I’m assuming you pay for a base tier of mail, bc I use their password manager too but pay for the full suite, and don’t have this issue.
Maybe also a chat with support might find this to be an unexpected bug, but instead you’re coming to Lemmy to the echo chamber of hate on proton which won’t help.
but instead you’re coming to Lemmy to the echo chamber of hate on proton which won’t help
You call it an echo chamber, others call it having some standards on how much your software should be taking advantage of you instead of the other way around.
You have to admit, there are plenty of people either on Reddit (especially) or Lemmy, that seem to crack on/bash on certain companies or views on topics as a heard mentality. I’m guilty of it in the past bc I wanted to trust the heard, but after doing my own research have found whatever it was to not be so bad.
I’ve not been here long, but man, the amount of hate I’ve seen towards proton so far is crazy.
Yeah and all of that hate is deserved, because their products suck, and so do the people who run the company.
What have the people behind Proton done wrong? I only use them for email and will switch to another provider if it is egregious, I value these sorts of things greatly (any alternatives to look into?)
Hahaha, please, do share why their products suck, especially the people running it! I’d love to hear something fresh other than claiming the CEO is some trumpster because of some ruin fill interpretation of a god damn tweet… Petty
Useful idiot detected.
Their data should have been grandfathered in rather than locked out. Premium is a ransom with the lock out model
You sound like the kind of person who, in the 90s, would have defended Microsoft against GNU and Linux and the FOSS movement as a whole, “This is the way the world works.” No. I was using Keepass prior to Proton Pass. Proton proved to be a downgrade in every way. As a company they are in the same bracket as Ubuntu - trojan horse style grifters who wave juuust enough open-source around to lull users into dependency on a service that overall does not support user freedoms. They are grifters. It’s the same playbook as Google.
Software needs to be free on every level. It’s fine to sell free software, but if any part of it is proprietary, it’s as the FSF says - it’s a tool of unjust power over you.
And I don’t need that. Better alternatives already exist. Proton was straight up a downgrade.
So then, like many people, make the switch without being so vocally negative? Or post a comparison on how KeePass vs Proton- KP wins, etc.
Even more, Proton and other companies like them are a good popular gateway to introduce “the masses” to privacy and what it feels like to reclaim their personal lives. It also gives them a “big” name they can put some faith into that the apps will work/won’t crash, and aren’t invasive. So much other marketing and money is spent telling everyone the little guys are the hackers and data thieves, etc. So don’t trust them. So, the mentality is hard to shake.
I sound like the kind of person who understands how business models work (to an extent). Not every single person is going to setup full homelab environments to run all these locally hosted services, or spend a while researching and testing various FOSS applications to try and get "the very best"one. You sound like the kind of person who has a very stern opinion and gets upset when others don’t agree or your shouting doesn’t get them to understand why an alternative is better.
I work with a lot of users who don’t understand the basics of privacy or how data is sucked up at every corner of the Internet. I slowly plant the seeds to show them big names aren’t always better. Little by little they’re finding these things (popular little guys) on their own, and in that discovery keeps their interests piqued vs being told what to do.
It is a shakedown to accept your data for free then charge you to access it later.
What the fuck else would you call that?
It kind of sounds like OP tried to circumvent limitations in the free tier by formatting the available field in a certain way, but this then got caught by proton and then stored “correctly”, which is in a way that requires the paid tier.
Uh no. First off, I’m not on the free tier. I’m not on the most expensive tier, but I do pay for my account $4.99 monthly. Second, I used the built in features exactly as intended. Every login entree in Proton Pass has the option to add additional fields that you can name. That’s what I did, every security question being the name, and every answer being the data filled in. There was nothing to circumvent, because at least according to their pricing plans, even the free tier claims to allow unlimited logins.
It is literally ransomware. They allowed me to enter data in their program as intended, and then held that data ransom in order to pressure me into upgrading into a higher tier.
It sounds like this is the free service charging to access data you already gave them with the expectation it would always be available later. And which might not exist elsewhere.
That’s not fremium, that’s ransomware.
Yes, that’s exactly how it worked, and it is ransomware.
Lol at you both! First, I think you need help with your dictionaries because you’re using the complete wing terminology… That or you’re super dramatic calling it ransomware LMAO. You’re probably also those types who jump to comment at anything CG just to post AI slop… Like how back in the day it was cool to post “first” on something.
There are free tiers and paid tiers, and sounds like OP was trying to work around those free tiers to get a few extra benefits. If not, and genuinely trying to use a certain way, why not contact support to try and get access to that data even temporarily, or go to community forum to see if it’s by design? Why not look for a proper resolution vs just complaining about it?
BTW I can completely understand the frustrations, but you gotta also understand not every single company or dev is going to use the same exact method, designs, goals, etc. Proton, starting from scientists not business entrepreneurs. They decided to build a suite of apps as alternatives to the popular big brother versions, the paid tiers help support the free ones so everyone could have access. The money also helps fund staff support, devs, qa, etc. Just saying. There’s a lot more polish on those apps than pretty much any actually free and private so out there. And having the support there to answer questions vs rely solely on wordy documentation or community forums is now speaking to the average Joe.
Wow, you are really full of shit. Stop wasting my time.
I won’t say your wrong, but IMHO it’s unacceptable for a password manager to not warn you that information you give will be inaccessible without paying more money. Imagine if someone gave you 30 free entries before requiring a subscription, but let you add any number of accounts. Unless you want to reset all those passwords, your forced to pay them.
Vaultwarden is free. Bitwarden is free. Bitwarden Premium is 10€/year.
For what it offers, Proton is pretty expensive. They are also making inter-operation with other services difficult or impossible.
There’s much worse, but they aren’t that great either.
Ok, thank you. A sensible response.
I think their appeal and approach is to target newbies to the whole privacy thing. They can replace much of the “Gooplesoft” ecosystems (just made that up that word lol) with their own version, offer support for those who’re learning/trucks migrating, etc. Maybe they overheard someone talk about it, are curious, or don’t know all the terminology in the FOSS community, or get overwhelmed easily.
I will forever plug Proton (unless they change) to friends and family as it’s a “big name” doing big tech, better… then they have proton support to rely on, not me lol.
Yeah, I usually approach this stuff from the standpoint of someone who is already actively self-hosting. For people stuck in Google/MS, it is certainly better.
proton is owned by a fascist. avoid shit owned by fascists if you can.
Do you have a source on this? I can’t find anything online.
he’s been caught cozying up to fascists. i think he took down the most damning tweets where he publicly praised trump.
It’s more that he’s comfortable associating with fascists than one outright (I don’t know that we know enough about his own political stances).
Shortly after Trump was elected a second time, he tweeted, “10 years ago, Republicans were the party of big business and Dems stood for the little guys, but today the tables have completely turned,” (https://archive.ph/iKaz3). Which, like…the first time Trump won, I might see; the second time – though –, Trump’s made clear his desire to threaten and harm everyone within reach. The further along we go in his second term, the more he’s followed through on what he’d been promising the entire campaign.
While I, likewise, disagree with the tech. inclinations of certain camps of the Democrats, that by and far wouldn’t convince me to throw my support behind the fascist leader who’s spent 8 years, now, harming and indicating he’ll harm huge swaths of communities and populations.
As far as I know, that’s usually what people are referring to and the precariousness of trusting an individual who’d make decisions like this.
Yeah, I wanted to give them the benefit of the doubt (because sunk cost fallacy), but this is only one of a number of issues I’ve had with them and I need to be more quick to acknowledge grift when I know I see it.
shaken down by Proton to pay even more money
What are you paying for currently?
I had to look into it, because their pricing plans seem to have changed now. Evidently I have something called Proton Plus, $4.99 per month. It looks like that plans benefits do not extend to additional Proton Pass features.
I’m going to be transferring accounts away from Proton and then closing my accounts entirely. Already moved all my passwords back to Keepass. My main email address has been on posteo(.de), which has been great. Super reliable service from a company who appears to actually get the ethos of FOSS. I only pay, I think $12 per year for their service.
Yeah I thought so. If ya don’t pay for it, ya don’t get to complain about it, bud.
I’m sorry, but what? Number one, we’re talking about text. Bytes of data, which costs next to nothing to store. If you think that it is in any way fair for a company to allow a person to enter information into an account, and then unexpectedly charge them to access that same data, you are insane. If you paid for a storage rental, moved your belongings into it, and then found that the company changed the lock and decided you had to pay more to get your stuff - would you continue renting that storage?
Go back to reddit, corposhill.
we’re talking about text. Bytes of data, which costs next to nothing to store.
No but your files are not stored as text files. That’s not what you’re paying for. You’re paying for the development of the software used to create, store and fill them at the appropriate times and places. If you don’t care about that, just keep them stored as text files on your computer. Boom, problem solved.
If you paid for a storage rental, moved your belongings into it, and then found that the company changed the lock and decided you had to pay more to get your stuff
You keep using that phrase. You are not “paying more” because you never paid anything in the first place.
Go back to reddit, corposhill.
If you think Reddit is the only place that’s going to call you out for being a choosy beggar, you’re in for a surprise.
No but your files are not stored as text files. That’s not what you’re paying for. You’re paying for the development of the software used to create, store and fill them at the appropriate times and places. If you don’t care about that, just keep them stored as text files on your computer. Boom, problem solved.
But you say just below this that I never paid for anything in the first place? In any case, whether paid or not, they still have to compete with other options including free ones like Keepass. Why would I pay for Proton over the free Keepass if Proton is basically ransomware?
You keep using that phrase. You are not “paying more” because you never paid anything in the first place.
Untrue. I was paying for it, and they required that I pay even more just to access the data that their system allowed me to enter.
If you think Reddit is the only place that’s going to call you out for being a choosy beggar, you’re in for a surprise.
You rn:
you say just below this that I never paid for anything in the first place?
Excuse me, let me correct myself: That’s what you’re not paying for. Better? Does that make you anymore correct?
Why would I pay for Proton over the free Keepass if Proton is basically ransomware?
KeePass is local storage. It’s not managed. But by all means, If you don’t see the value, use KeePass. Not sure what you’re complaining here for.
I was paying for it
Okay, so you stopped paying for it. That’s why you can no longer access it. You can still export your data and import it into KeePass. So go do it.
You rn:
- Proton is most certainly not a multi-billion dollar corporation, moron.
- Your argument suggest that corporations aren’t possibly able to hold a valid argument. I’m not siding with the corporations, I’m siding with basic logic and reason. It’s not complicated. You are not entitled to anything they offer if you don’t pay for it.
Not sure what this has to do with privacy.
Extra features require a subscription, big fucking surprise.
You can self-host, but that could be an actual privacy nightmare.
being shaken down by Proton to pay even more money
Obviously you’re free to do as you please and its not an airport, you don’t have to announce your departure. But there’s no such thing as free service. Posting angry tirades seems counter productive.
I’d recommend self-hosting. Then you don’t have to worry about privacy, getting data hijacked or getting ripped off by sudden cost increases.
There’s no “there’s no such thing as free service”, and there’s “we are going to hold your data hostage until you pay”. This is the second, and unless they give you a way to export the fields, it’s a violation of GDPR article 20.
If they are holding data hostage yes that is a problem but if you use the export option I would bet it gives all the info.
Nothing is free, but there are proper ways to sell open-source and still respect user freedom. Proton’s model is no different than Ubuntu’s or Google’s model. It’s a grift.
Pretty sure the warning signs were apparent when the CEO submitted to Trump. it just his “personal beliefs” and not representative of the company. Right.
The CEO was lobbying for online privacy by publicly shaming the Democrats. He was doing his job.
Why is it that just doing their job excuse or just following orders tends to be associated with questionable actions as opposed to positive ones? It’s starting to seem like a red flag if those two phrases get used for an action.
He made a mean tweet about the Democrats, it’s not like he loaded bullets into ICE guns.
Am I the only one that read the situation as he could only get GOP folks to be receptive that day? Like if it would have been dems it would have been the other way around. My wife went to DC to lobby for an issue and tried both parties. It’s a thing they do. He never specifically said he actually preferred one over the other, just that he got the response. I’m more interested in what the specific lobbying effort was. I am suspicious of them only because they are lobbying in US in the first place and because I’m suspicious of everything at this point. There was no damning info in the reporting on this issue.
Complimentary remarks to Republicans depicting them as a party open to being privacy respecting and respect for the rule of law. Took the Joe Rogan hand book of trying to sane wash the Republicans and downplay concerns regarding them while trying to come off as moderate.
And it aged terribly. Someone who went to Harvard and spent significant time in the US wasn’t blind to what those way less educated than him saw when it came to the direction the US was headed towards before Trump officially took office.
He was rightfully criticized because Trump never hid his intentions during the election, so people were not impressed by the pandering like all the current tech bros part of the Trump inner circle.
Wait the Democrats respond to public shaming? At this point I thought they got off on it. He was doing his job but, he was kissing fascist ass just like Google, Microsoft, and Apple have not lobbying for privacy.
Yeah, I tried to be charitable and assume they were just ignorant of how bad Trump is. I should have known better.
Answer for all
“yourmom”
I don’t think that’s where entrees go.
Hypothetically it should have. Those were additional fields that I added to the main account login entree, in order to keep all the relevant data in one place.
Strange, I keep my entrees covered in the fridge and take them out about one hour before guests show up.
I know someone that signed up for an account with them, they froze it immediately for suspicious activity. He does nothing with that IP address, reads, social media, that’s it. No way to get off the shit list without giving up personal information like a phone number and or alternate email and no guarentee that would fix it.
Their IP was on a blacklist from some shady company for some strange reason. But other companies let you write the company and plead your case, proton does not.
They further suspended a bunch of accounts based on some half baked unproven accusations by the government(s) if I recall.
They aren’t trustworthy, they will give you up at the first sign of friction it appears.
That happened to me. I wasn’t even on a VPN when I created my first and only Proton account, and within minutes they restricted it so I couldn’t send any mail. They said I would have to upgrade to a paid account if I wanted to send mail.
I would never trust Proton after that. I’m just glad they immediately restricted my account instead of waiting until I’d switched everything over.
Check your ip against the lists of blacklists, there are sites that do it directly from the search page, there are a few dozen blacklists supposedly for spam and the like.
I suspect israel critics get dropped on them. A brazillian firm did the one we found.
Interesting theory and I’ve definitely made posts and comments critical of Israel. I’ve switched ISPs since creating that Proton account and I wonder if they’d restrict me again (not going to try though).
