When it comes to the privacy vs usability debate, I come down hard on the side of privacy. Doesn't matter how pretty it is if it's going to get you rubber hosed.
An example of this in practice is eschewing software & services which use privacy and security in their marketing but whose implementations don't hold up under scrutiny, such as Protonmail and Keybase.
A lot of people will defend such products regardless, resulting in a trend I've been thinking of as "privacy roleplaying". It's harmful and needs to stop.
If you're familiar with privacytools.io, by the way, they have a seriously bad problem with privacy roleplaying. I do not recommend them as a resource.
PrivacyTools provides a baseline considered to be reliable and safe based upon criteria and general consensus. We constantly improve and refine.
We always encourage people within our community to consider their threat model. Not everyone needs "dial up to 11" security which usually comes at the cost of UX, or requires substantial background knowledge.
If the choice is between having something or nothing, we encourage people to think about what they need.
Disclosure, I'm a team member.
@dngray why don't you quit privacy roleplaying and actually investigate and explain claims of privacy and how they hold up to scrutiny? Or just keep shilling ProtonMail because you bought their marketing team's bullshit
@dngray "ProtonMail has zero access encryption at rest for your emails, address book contacts, and calendars. This means the messages and other data stored in your account are only readable by you."
Straight up lying
They're pretty clear about what is encrypted:
https://protonmail.com/support/knowledge-base/what-is-encrypted/
https://protonmail.com/blog/protoncalendar-security-model/
Just because someone disagrees with you, does not make them a shill. Personally I do not use ProtonMail (though I have tested it thoroughly). I have a number of mail accounts, mailbox.org, disroot.org, and one hosted at privacytools.io.
That is not to say I think ProtonMail is a bad product however and have recommended it on numerous occasions to people both IRL and through PrivacyTools.
@dngray ProtonMail's privacy "guarantees" are based on trust. Privacy is NOT based on trust, it's based on math.
You need to advise people that accessing their encrypted emails in the web browser is NOT secure, and that they're only taking ProtonMail's at their word that incoming emails are encrypted and that a plaintext version is not stored later, and that if they were compelled to they could store a plaintext copy of your emails.
Actually, ProtonMail needs to be doing this, and because they aren't, you need to stop recommending them. Same for Tutanota.
@dngray you also need to stop recommending Posteo, no support for custom domains is a HARD dealbreaker and you're leading your readers into vendor lock-in. Disgusting.
It might shock you, but most people who use email do not own their own domain.
We clearly state there that you cannot use your own domain with Posteo.
The idea is a reader would consider which option there is most appropriate to their needs.
@dngray "privacy" by populism is a fucking stupid argument, this is just more privacy roleplaying. Usability is never more important than privacy when the stakes are getting black bagged and rubber hosed by the STATE-LEVEL ACTORS you claim to offer tools against on your HOME PAGE
@dngray it also says a lot about where your interests lie that you don't have any ads or affiliates while plastering sponsor logos and donation requests on five times on your home page
Screw you! Buzz off! Shill!
We don't get paid anything. All the money stuff is dealt with by other people and mostly covers server costs etc.
It's also pretty clear what sponsors get https://www.privacytools.io/sponsors/ (surprise ProtonMail is not a sponsor).
Funds can be tracked through OpenCollective https://opencollective.com/privacytoolsio
I also don't have access to any of those wallets https://www.privacytools.io/donate/
@dngray does anyone with access to the money have any level of influence in the content, criterea, policies, etc?
Recommendations are usually discussed in an issue first. From there it moves to a pull request.
Additions to the site require 2+ team member sign offs. If a team member wrote the PR, then that is 2 other people.
afaik @jonah is the only one with access to money. He has not weighed in on any of those pages other than minor corrections.
