Proton Now Has a Bitcoin Wallet (www.howtogeek.com)
from corbin@infosec.pub to technology@beehaw.org on 24 Jul 2024 13:50
https://infosec.pub/post/15317571

#technology

threaded - newest

Sneptaur@pawb.social on 24 Jul 2024 14:26 next collapse

I’m upvoting because this is good relevant information, but man I wanted to downvote. How awful.

halm@leminal.space on 24 Jul 2024 22:16 collapse

I’m petty enough to downvote anything remotely endorsing shitcoin, this one’s for you 🤝

herrcaptain@lemmy.ca on 24 Jul 2024 14:26 next collapse

What we’re begging for: A Linux client for Proton Drive

What we get: A fucking Bitcoin wallet

baggins@beehaw.org on 24 Jul 2024 15:17 next collapse

I want to be able to print my calendar!

drdiddlybadger@pawb.social on 24 Jul 2024 15:45 next collapse

Im about to get my pitchforks out over it man.

MalReynolds@slrpnk.net on 25 Jul 2024 07:03 next collapse

does rclone not work?

herrcaptain@lemmy.ca on 25 Jul 2024 21:49 collapse

I’ve actually meant to try that but haven’t yet gotten around to it. I’d still love an official app though, as sometimes 3rd party solutions don’t work great with cloud storage (at least in my experience).

th3raid0r@tucson.social on 25 Jul 2024 19:36 collapse

Even on Windows, Proton drive is hot garbage. It never syncs my files correctly. Has a tendency to leave half encrypted uploads just lying around. Eating up desk space.

Don’t even get me started on how long it takes to upload anything. Got a 1 GB file? Good luck!

And that’s before getting into the fact that it’s proton’s third product. It was announced in 2019. 5 years and they still don’t have proton drive as a working product.

Another gripe I have is that the Linux VPN client still doesn’t support wireguard. Sure, you can download wireguard configuration files. And they work just fine. But changing servers is a pain in the ass because of it.

It’s made me seriously consider dropping my visionary plan and moving to a more competent provider.

That being said, proton mail has been fantastic. And I have a ton of domains on it. So it would be a pain to move. I guess I’m just in a stalemate.

herrcaptain@lemmy.ca on 25 Jul 2024 21:55 collapse

Good to know. I’ve only been using Proton for like 4 months now and have thus far generally liked the experience, but that’s too bad about your experiences with the Drive client. I’ve used several paid business suites over the years through work and they all have their issues though. The only one that was generally solid was Google’s and I’ve gradually taken steps to remove their products from my life so there’s no going back to them for me. It was also almost 10 years ago since I last used Google’s paid email/Drive, so maybe it’s also gone to shit.

kate@lemmy.uhhoh.com on 24 Jul 2024 14:30 next collapse

what? why?? there are so many open source options already???

LunarLoony@lemmy.sdf.org on 24 Jul 2024 14:44 next collapse

This and the new LLM “feature” in ProtonMail suggests that someone higher up has had a sniff of the techbro kool-aid.

catastrophicblues@lemmy.ca on 24 Jul 2024 16:42 collapse

Yeah. Part of what I get for paying is the Bridge app so I can use Thunderbird instead of the website. I don’t want or need the LLM thing.

LunarLoony@lemmy.sdf.org on 24 Jul 2024 18:04 collapse

I pay for it because I thought it was a trustworthy service that had earnt my money. Instead, if they continue with stuff like this then I’ll go back to not trusting subscription services again.

GenderNeutralBro@lemmy.sdf.org on 24 Jul 2024 15:00 collapse

Are there any that are cloud-hosted, secure, and private? My experience is limited, but I’ve never found an easy way in. I can’t imagine anyone who’s not tech-savvy getting started without walking through a minefield of scams.

Every now and then I look at options for how I might actually use crypto, and everything looks either outrageously scammy or way too much trouble. Pretty much every exchange I’ve looked at holds the keys to your account, and several have gone under or outright stolen their users’ funds.

The question is, when Proton embraces bitcoin, should it make me trust bitcoin more, or trust Proton less? I don’t know. I’m still skeptical. Their blog post is interesting, but also doesn’t answer a lot of questions. proton.me/blog/proton-wallet-launch

I mean, look at this:

Buy Bitcoin securely in 150+ countries

If you are new to Bitcoin, Proton Wallet also has integrations that make it easy to buy Bitcoin in 150+ countries, and we have also put together a comprehensive Bitcoin guide for newcomers.

That “comprehensive” guide spends three paragraphs talking about the “Blocksize War”, and makes absolutely no mention of how a user can actually buy bitcoin using Proton Wallet. WTF, Proton? Who is your target audience here exactly?

jarfil@beehaw.org on 24 Jul 2024 17:40 collapse

cloud-hosted, secure, and private

Until homeomorphic encryption becomes a thing, cloud can’t be secure or private.

every exchange I’ve looked at holds the keys to your account

Exchanges, are not wallets. You’re supposed to move the coins out of the exchange for safekeeping. If you can’t, then it’s not a crypto exchange, it’s an ETF peddler.

how a user can actually buy bitcoin using Proton Wallet.

Wallets, are not exchanges. They can link to exchanges, like Metamask does, but their core function is to hold your keys.

cadekat@pawb.social on 24 Jul 2024 22:51 collapse

Until homeomorphic encryption becomes a thing, cloud can’t be secure or private.

Why do you need homeomorphic encryption? Isn’t client-side encryption good enough for most use cases?

GenderNeutralBro@lemmy.sdf.org on 24 Jul 2024 23:52 next collapse

Yes. Homomorphic encryption is for data processing, not data storage.

cadekat@pawb.social on 25 Jul 2024 02:32 collapse

I am aware. What processing is only possible in the cloud, and not locally?

Edit: My apologies, I didn’t realize you weren’t the same person I originally replied to. Please disregard!

jarfil@beehaw.org on 25 Jul 2024 04:58 collapse

Client-side is not cloud.

Yes, you can keep client-side reasonably secure. You can’t send the data for cloud processing and seriously expect much security or privacy… for now. Encrypt client-side and use cloud as storage… maybe; encryption algorithms also have a “best by” date.

My point is:

  • “Cloud hosted” can not be fully “secure and private” right now.
  • “With cloud storage”, has a “best by” date.
  • “Not cloud”… well, is not cloud 🙂

Letting anyone with the ability to switch the software without you noticing, anywhere near the keys controlling some Bitcoin funds, is a really bad idea.

unexposedhazard@discuss.tchncs.de on 24 Jul 2024 14:50 next collapse

Proton and all they do was always an obvious attempt at making money off of non tech people that care about their privacy but dont know what to do.Their stuff might be free now but from how much vendor lock-in they are building into their software its quite obvious to me.

Their services are counter to all the best practices of security by design. If they spent all this time on improving existing secure systems and making them more user friendly they would have a much more positive impact.

Myaa@beehaw.org on 25 Jul 2024 17:48 collapse

Do you mind expanding on this? I recently moved away from Gmail to Proton in an attempt to be more privacy conscious and don’t really know of any alternatives. Even at a paid tier I only use Proton for their email services.

I would say I’m generally tech savvy but new to the whole privacy space. What better alternatives are there?

unexposedhazard@discuss.tchncs.de on 25 Jul 2024 18:16 collapse

Just use any other email provider that works for you and use standard OpenPGP to encrypt your emails. This is how email end to end encryption (e2ee) usually works.

As long as the emails are properly e2ee, no email provider is “more private” than others. They can always see who your are emailing and when. Proton is still forced to give out all your metadata to the cops just like any other service.

Also if whoever you are emailing isnt using protonmail, or another PGP compatible client, then your emails arent actually encrypted at all. For work emails the other party usually wont be using any of that so there is no point, for personal stuff i would honestly use standard messengers that have encryption built in like matrix, signal, session.

If you want e2ee email tho, then on desktop Thunderbird has all the OpenPGP stuff built in and for mobile there is the K9-Mail client that can be coupled with the openkeychain plugin to offer encryption.

There are also things like DeltaChat that allow you to use email in an instant messaging style format while using the same encryption keys that you use for standard emails. But tbh thats not what email is intended for, i would just use matrix for that.

Protonmail is a decent attempt at offering “easy to use” encryption but by doing so, makes it overly complex from a software security and compatibility standpoint.

With e2ee you want to have the absolute minimum level of complexity and code to make it easy to audit and understand. PGP has been the standard implementation for email encryption for decades. Any attempt to “expand” on this by implementing fancy web based shenanigans undermines the simplicity and inter compatibility of the preexisting email encryption ecoystem that everyone has been using.

Myaa@beehaw.org on 25 Jul 2024 18:44 next collapse

Thanks so much for sharing! You gave me some good info to start looking into. I appreciate your help! I was getting a little weary of Proton when they announced the AI nonsense and now the crypto wallet really seals the deal. Doesn’t feel good knowing my money is going to develop buzzword features instead of fixing the existing issues in their current products.

unexposedhazard@discuss.tchncs.de on 25 Jul 2024 19:49 collapse

Good luck with your software endeavors!

This stuff is hard to get into, especially so if you don’t already know all the specific terms to find what you are looking for. But having control over your own data and being able to decide where it resides is worth the effort to me.

oktux@beehaw.org on 26 Jul 2024 21:36 collapse

The problem is that almost no one uses PGP, as this vice article points out: vice.com/…/even-the-inventor-of-pgp-doesnt-use-pg…

If your goal is secure communication with other tech-savvy, privacy conscious people, then I agree that PGP is a reliable, time tested solution.

But if your goal is to keep email providers from data mining your inbox, then Proton is an easy way to do that, no matter who you’re communicating with.

unexposedhazard@discuss.tchncs.de on 26 Jul 2024 22:01 collapse

How can proton protect your unencrypted emails? Unless you are writing someone that also uses protonmail or pgp, the emails wont be encrypted. This is barely an advantage at all over the existing system. You are just telling people to depend on this single point of failure, which is proton.

You cant expect everyone to use protonmail, that would be unwise from a decentralization standpoint. The real solution is only using email for people that are unwilling or unable to use something other than email. For everyone else you should simply switch to different communications protocols that were made with e2ee in mind.

oktux@beehaw.org on 28 Jul 2024 16:58 collapse

I think we mostly agree, and I appreciate you advocating for secure alternatives and privacy in general!

How can proton protect your unencrypted emails? Unless you are writing someone that also uses protonmail or pgp, the emails wont be encrypted.

That’s true. Proton can only encrypt your inbox in that case.

This is barely an advantage at all over the existing system.

I disagree. Having my inbox encrypted and using an email provider that doesn’t mine my data is certainly worthwhile for me.

You are just telling people to depend on this single point of failure, which is proton. You cant expect everyone to use protonmail, that would be unwise from a decentralization standpoint.

I’m not advocating Proton over other, more secure and private communication methods. My point is that, if you’re choosing an email provider, Proton is a good choice. They’re a nonprofit whose mission is privacy, and they spend considerable technical effort to ensure it.

I would hate to see someone switch from Proton to Gmail or some other provider that doesn’t offer any privacy because they mistakenly think all providers are the same.

The real solution is only using email for people that are unwilling or unable to use something other than email. For everyone else you should simply switch to different communications protocols that were made with e2ee in mind.

To the extent that’s practical, I strongly agree. As you correctly point out, email is a plaintext protocol, and there’s nothing Proton can do about that.

But if you do use email and not all your contacts have exchanged PGP keys with you, which I’m sure is true for many people, then I think there’s a lot of value in using a provider that offers an encrypted inbox and doesn’t mine your data.

technocrit@lemmy.dbzer0.com on 24 Jul 2024 15:33 next collapse

Smart move for any liberated, international organization. Esp as inflation continues to impoverish people. Move into the future.

LukeZaz@beehaw.org on 24 Jul 2024 15:58 next collapse

I… can’t tell if this is sarcasm?

drwho@beehaw.org on 24 Jul 2024 16:34 collapse

I don’t think it is.

corbin@infosec.pub on 24 Jul 2024 16:02 collapse

Bitcoin’s value is significantly more volatile than the US Dollar.

jarfil@beehaw.org on 24 Jul 2024 16:29 next collapse

Volatile means that in the short term, some may win, and some may lose.

The multi-year trend though, still beats inflation hands down.

corbin@infosec.pub on 24 Jul 2024 17:50 next collapse

If you want to beat inflation, dump the money in a high-yield savings account, or a 401k, or a stock index, or any of the other options that have something resembling banking protection/regulation. There are so many better options than a speculative investment that you lose entirely with a social engineering attack or a SIM swap.

jarfil@beehaw.org on 25 Jul 2024 04:52 collapse

Lower risk, lower reward. Keep in mind that 401k is not 100% guaranteed either.

lose entirely with a social engineering attack or a SIM swap.

SIM swap? You mean like SMS 2FA? (don’t use SMS 2FA, BTW).

Anyway, if your risk scenario includes a “wallet inspector”, you definitely shouldn’t buy Bitcoin, or carry money around.

prole@beehaw.org on 25 Jul 2024 19:55 collapse

Nobody is going to SIM swap you unless you have a shitload of crypto and let everyone know about it. It’s not an easy attack, so it would have to be targeted. Pretty easy to not be a target (not having millions of dollars of crypto on a wallet helps).

jarfil@beehaw.org on 26 Jul 2024 02:39 collapse

I want to have a shitload of crypto and let everyone know about it… where do I post my receiving address…? 😅

Anyway, my point was more about not using a SIM as a security mechanism, ever. It wasn’t designed as one, and still isn’t.

As for being a target… something like 2 years ago, I had a chance to get a glimpse at a C&C panel for some malware. It didn’t bother checking your balance, just vacuumed all and every password from every app on an infected phone, along with all sorts of data about the phone, SIM, SIM2, etc. Cloning a SIM is so easy, they’ll do it just to get your $50 worth of NFTs.

dgriffith@aussie.zone on 25 Jul 2024 02:51 collapse

What if I want to buy a cheese sandwich today with BTC?

A cheese sandwich can remain the same fixed price in dollars for years, with only the relatively slow change in actual value due to inflation.

I’ve seen BTC swing 10% in 24 hours. Does the cheese-sandwich-maker have to look up the rate this instant and calculate a spot price for me?

Will they have more or less dollars at the end of the day, when they need to pay their bills and buy more cheese from their suppliers?

“Just buy cheese from someone who takes BTC”, doesn’t help, it just kicks the can further down the road.

“Just add a bit of a buffer in the price to take fluctuations into account”, means that I go buy a cheese sandwich with dollars from next door because it’s 50 cents cheaper for the same thing.

As an investment vehicle, BTC is doing hot laps of the track (with occasional accidents), but until its volatility issues are sorted and it becomes “boring”, it’s not going anywhere as an actual currency.

jarfil@beehaw.org on 25 Jul 2024 04:47 collapse

Welcome to currency exchanges.

If you want to buy a sandwich in Indian Rupees… you either find someone selling sandwiches for Indian Rupees, or you have to exchange them to whatever the seller will accept (USD? CAD? AUD? EUR?..)

Yes, FOREX has some swings, it’s not for everyone. Bitcoin may swing more or less than other currencies, depending on the day.

Does the cheese-sandwich-maker have to look up the rate this instant and calculate a spot price for me?

If you travel around, you’ll find countries where sellers do exactly that: they pull out a smartphone, check the spot price, add some margin, and tell you the price in USD for whatever you’re trying to buy.

Alternatively, you can swipe a credit card that will do all of that automatically. BTW, there are BTC backed credit cards too.

buy cheese from someone who takes BTC […] just kicks the can further down the road.

That’s how money works: you kick it all the way around the street, over and over, changing from can, to stone, to ball, to… etc. Those who manage to start with a can and end up with a Lambo, win. Those who end up with a single grain of sand, lose.

knokelmaat@beehaw.org on 29 Jul 2024 10:44 collapse

Your last paragraph is not how money should work at all. Money should represent value that ideally doesn’t change, so that the money I receive for selling a can is worth a can, not a Lambo an not a grain of sand. What your describing is closer to speculation and pyramid schemes (NFTs for example).

Either try and explain to me how BTC could be an ideal currency that fixes the problems in existing currency, or try to explain me how it’s really cool as an investment thing to siphon money from others, but don’t try and do both at the same time.

jarfil@beehaw.org on 29 Jul 2024 14:22 collapse

Money should represent value that ideally doesn’t change

Money represents human desire and trust. A can today doesn’t necessarily have the same value as the same can tomorrow; maybe someone came up with 1000 extra cans, maybe someone licked that can (ew!), maybe deliveries have been cut for the week and it’s the last can of soda in a hundred mile radius.

A can is worth “exactly” itself… only in the moment of a single transaction.

A can is worth “about the same” amount of a given currency… only when there is a steady delivery of cans from a steadily working factory producing millions of cans from a steady supply of raw materials with a trust in an expected steady production rate, against a trust in an expected steady demand, with a trust in the given currency’s expected steady exchange rate for other products.

At any other moment, a can’s price can change wildly.

What your describing is closer to speculation

Welcome to money.

and pyramid schemes (NFTs for example).

That is doubly wrong… but let’s focus.

explain to me […]

BTC is not an “ideal currency”, just another currency. It intends to fix only one problem: to bypass banking dependence. For other problems, you’ll need other currencies.

To “siphon money from others” is an inherent quality of all money; if you don’t believe me, try getting some money (with any value) without “siphoning” it from someone else.

knokelmaat@beehaw.org on 29 Jul 2024 15:02 collapse

Thank you for taking the time to respond. With siphoning money, I mean not giving actual value in return. The NFT market was a clear example of this: get some hype going, sell the promise of great gains on your investment, once the ball gets rolling make sure you’re out before they realise it’s actually worth nothing. In the end, some smart and cunning people sucked a lot of money from often poor and misinformed small investors.

I think I have an inherent idea of value, as in: the value it has in a human life and the amount of effort needed to produce it. This has become very detached from economical value, as there you can have speculation, pumping value and all that other crap. I think that’s what frustrates me about the current financial climate: I just want to be able to pay the people who helped produce the product I buy fairly with respect to how much time and work they put it. Currently however, so much money is being transferred to people “just for having money”. The idea that money in and of itself can make more money is such a horrible perversion of the original idea of trade…

jarfil@beehaw.org on 29 Jul 2024 20:25 collapse

I have an inherent idea of value

I get where you’re coming from, I used to think about that too, and reached the conclusion that the only thing that has any “inherent value”, is what in the health insurance industry they call “qualys”: quality years of life. Everything else, derives its value from how it relates to people’s quality of life over a lifespan… but the relationship is not necessarily obvious or easy to quantify. That’s where money comes in, as an approximation… but it’s accuracy depends on everyone’s realization of how many qualys are they putting into, and receiving from, a given good. The perversion starts at the beginning: with some producers not realizing they’ve received too little money for too many of their qualys put into a product, and consumers not realizing that they’re giving too much money for too few qualys they’ll ever get from a product.

Ideally, these transactions would be transparent and for everyone to see, so people could adjust their exchanges accordingly… but IRL they’re a highly guarded secret by most actors, from producers trying to charge more, to consumers trying to pay less, to all sorts of intermediaries trying to insert themselves into the transactions in order to increase and pocket the difference. All of that gets compounded by the delay between production and consumption: the longer the delay, the harder for both parties to communicate, and the higher the opportunity for intermediaries to step in.

The idea that money in and of itself can make more money

It can’t, not by itself. There need to be a series of mechanisms set in place to allow it, and some actors to set them in motion. Presently, it’s the abstraction of money as credit (aka trust), and mints creating an amount of virtual money that has an attached time limit and credit difficulty on its return, with punishments for those who fail to fulfill their trust obligations (…unless they’re “too big to fail”).

Money as an abstraction is not that bad of an idea out by itself; it’s definitely better than the gold standard, which was limited by the amount of gold extracted, while the reality of a world with an exponential population growth, is closer to a mechanism capable of generating enough money to represent everyone’s qualys. Just need to find the right mechanism, and a way to set it in motion.

Currently however, so much money is being transferred to people “just for having money”.

Influencers, con men, and other swindlers, are a consequence of secrecy. With total transparency and full information, most of those would not be possible.


The NFT market

This one… has much more going on than what meets the eye; GIF NFTs are just the tip of the iceberg, both for the good and for the bad. Bare NFTs are just a tool with multiple applications, “NFTs as digital art” are a DeBeers type scam with a twist (not a pyramid scam; with NFTs the scammer doesn’t need to exit the market, ever), NFTs over ETH are a funnel to get people to invest in ETH, and so on.

LukeZaz@beehaw.org on 24 Jul 2024 17:38 collapse

Not to mention the obscene fees with using it. Crypto is rife with issues.

Templa@beehaw.org on 24 Jul 2024 16:03 next collapse

It seems everyone here think an organization can’t have multiple teams working in more than one thing at the same time

drwho@beehaw.org on 24 Jul 2024 16:33 next collapse

That would make too much sense, something in short supply in companies these days.

wholookshere@lemmy.blahaj.zone on 24 Jul 2024 22:49 collapse

That assumes dev resources are limitless. And for a company the size of proton that’s certainly not true.

They can only have X amount of devs. So how they allocate them says a lot.

Also given that most complaints I’ve seen at the top are about specific missing features for ages, I think it’s safe they’re putting their eggs into too many baskets.

sleepybisexual@beehaw.org on 24 Jul 2024 17:22 next collapse

Enshittification hitting hard

coffeetest@beehaw.org on 24 Jul 2024 19:26 next collapse

I like Proton and I guess this kind of makes sense for them, sort of, but its weird.

foreverunsure@pawb.social on 24 Jul 2024 22:19 next collapse

Funny how the free plan is not receiving any of the recently announced trash, making it more attractive than the paid options.

Ilandar@aussie.zone on 25 Jul 2024 03:48 next collapse

Why build Proton Wallet?

Early in our journey, we experienced first-hand what it’s like being cut off from the financial system and at the mercy of large banks and institutions — an ordeal that affects millions of people across the globe. In the summer of 2014, as the original Proton Mail crowdfunding campaign was in progress, Proton had a near-death experience when PayPal froze our funds(new window), questioned whether encryption was legal, and whether Proton had government approval to encrypt emails.

Fortunately, in that instance PayPal returned the blocked funds, and Proton was able to start the journey that we’ve been on for the past decade. However, that dangerous moment has always stayed in our minds, and we still keep a proportion of Proton’s financial reserves in Bitcoin.

Having experienced firsthand the unreliability of the traditional financial sector, building Proton Wallet is an important strategic move to make Proton more resilient and independent in the future. By enabling us and the entire Proton community to more easily adopt means of payment that deliver on the promise of financial freedom for all, we better insulate Proton from the risks posed by traditional finance.

mindyabeesnes@beehaw.org on 25 Jul 2024 17:14 collapse

Having experienced firsthand the unreliability of the traditional financial sector

*Under very specific circumstances that no user could possibly come across on their own

Incredible the lengths people go to to justify their shit.

emerald@beehaw.org on 25 Jul 2024 21:55 next collapse

Ah, timely as ever, really riding that crypto hype

At least they’re not launching their own token yet

Gamers_mate@beehaw.org on 26 Jul 2024 10:36 next collapse

It starts with a Bitcoin wallet. Cryptofication is just another flavour of Enshitification. They could of at least used a crypto that is more energy efficient than Bitcoin not that there is really any green cryptos in the first place.

AVincentInSpace@pawb.social on 26 Jul 2024 17:28 collapse

Bit by bit Proton is slowly becoming Brave