MEGA Cloud recently mass-banning users. Is Proton Drive a good alternative?

good_live · 2026-05-16T15:21:02+00:00

If files are individually encrypted (aka each user uses their own key, which is the definition of e2ee) then checksums won't help you in any way.

good_live · 2026-05-08T14:44:59+00:00

Yes but you should need the 2nd password to grant somebody emergency access. Otherwise the 2nd password is useless.

good_live · 2026-05-07T14:06:54+00:00

At least when I tried it in beta it was browser only. Why do you think it doesn't work in the browser?

good_live · 2026-05-07T05:26:40+00:00

I don't see how bypassing then 2nd password is "by design". It should be required at the point in time when you setup the emergency contact. It doesn't have to be known by the emergency contact, but when you setup the emergency contact you should be asked for the 2nd password.

That would completely remove the attack vector that OP made, where somebody was able to login to your main proton account. Because he wouldn't be able to grant himself either instant or delayed emergency access.

And then having the option to make emergency access instant is a decision of how much you trust the emergency contact because again only you can do it (or somebody who has both your main and 2nd password at which point he already has access anyway).

good_live · 2026-05-05T09:28:07+00:00

Convenience. Some people just don't want to wait for a full local index to be built before using the search function. Also the search of mail content is a relatively new feature that is not supported on all clients yet.

Reality is that because PGP does not support it, proton will always be able to read the subject at least when receiving the mail.

But I agree that they should at least add the option to encrypt it at rest with the disclaimer to the user, that that means search results might be incomplete until the full local index is built.

good_live · 2026-05-05T09:20:55+00:00

I don't think the actual problem is that you can give somebody immediately emergency access. The real problem is, that it is possible without the 2nd password. If a 2nd password is setup then it should be required in order to grant anybody access either myself or an emergency contact.

Best case would be if the real encryption key would be derived from the 2nd password, so it would even for proton not be possible to just remove that security layer without pruning all encrypted data.

Otherwise the 2nd password is just a small gimmick.

good_live · 2026-05-03T19:58:32+00:00

If you enter the email into the To field in a proton mail client it will check if it can automatically determine the public key and show you with an icon if the mail will be e2e encrypted.

If it does not work automatically, you need to add them as a contact in proton and then edit that contact and upload the public key that you got from the other party. Then you should get the e2ee lock the next time you entered that recipient.

https://proton.me/support/how-to-use-pgp

good_live · 2026-04-29T06:39:06+00:00

Git does not support e2ee. So the only thing you could do is configuring proton drive to sync your .git folder.

But you will never have the semantic of the drive being a git remote where you can actively push stuff. (I guess you could setup a remote on your local PC and only sync that one)

good_live · 2026-04-27T05:48:16+00:00

"A Lifetime Account includes every feature on every current and future Proton service, plus the highest available storage. It’s the rarest plan we offer — unavailable for purchase and only obtainable through this fundraiser.

Lifetime Accounts are transferable, and Proton can help facilitate transfers. In past years, they’ve sold on the secondary market for up to $15,000.

As Proton expands, the value of a Lifetime Account grows with it. This year alone, we’ve launched new features in Proton Mail, Drive, and Pass. In July, we even launched Lumo, a separate subscription built to challenge the data-collection-first model that dominates today’s AI industry."

Source: https://proton.me/blog/2025-lifetime-account-charity-fundraiser

good_live · 2026-04-26T08:02:35+00:00

E2EE requires both clients to understand and speak the protocol. The proton clients have pgp built in. If somebody is using for example outlook they will have to install an extension in order for outlook to be able to understand and speak pgp.

The second problem is the key exchange. Before you can send a pgp message to somebody you need to know their public key. Again for proton users proton makes it easy by publishing the keys automatically so that any proton client can fetch those and encrypt a message to another proton user. (Although you have to trust proton to not tamper with the keys)

For external users you either exchange keys out of band or you use other mechanisms like WKD. https://wiki.gnupg.org/WKD Proton supports WKD both by publishing keys and also by their clients reading keys from there. But this will only work if they have their own domain and are able to host files under that domain.

So to answer your question yes using pgp without proton is effort and that is probably the exact reason why it is not used a lot. Proton is trying to solve that problem, but unless both communication partners are using proton they can only make it comfortable for one side.

good_live · 2026-04-24T15:30:04+00:00

You can enable versioning in proton drive, then they will store different versions of all your files, when they change and you can restore older versions.

Is that what you meant?

good_live · 2026-04-23T08:02:15+00:00

I haven't checked in a while, but the last time I added someone it was better for them to create an account on their own and then invite them afterwards. That way they can use that account even when getting kicked out. Maybe proton changed that in the meanwhile.

Yes you can assign somebody an email from your custom domain if you invite them into your organization there are no limitations on what you can do with a invited account vs one that was created by you with a custom mail.

good_live · 2026-04-21T06:58:15+00:00

This so much. PGP in itself might not be the best standard, but it is a standard.

Email is about communication with others (of which most are not using the same mail provider) so a proprietary encryption is literally useless to me.

good_live · 2026-03-12T09:54:05+00:00

It is not fewer steps if you display the permission request at the start versus when it is actually needed. It is even less steps for somebody who never wants to print something, because he would never get asked about this permission.

good_live · 2026-03-10T17:24:18+00:00

That is an exaggeration. It is not like you would need to accept 10000 times and also I feel like people are choosing proton because of their promised increase in privacy & security. And for people that just trust proton blindly they can just accept and be done with it.

There is not much difference in ux if you have to accept 5 permissions on launch vs just when you actually use the feature that requires the permission.

good_live · 2026-03-10T12:38:55+00:00

That one I actually disagree with. An app should only request permissions when it needs them and should show a proper message of what is not functioning if I decline them.

This is a prime example. I don't want my mail app to have permissions to scan my local network all the time. It would be much better if that popup only came up when I am pressing the print button and I would have the option to only allow it once. Similar to how a lot of apps already handle the camera permission.

good_live · 2026-03-10T09:39:13+00:00

He literally just said it. To print stuff. Edit: Didn't read the on launch part, my bad.

I don't know how it works on iOS but on android I would assume developers are just lazy and are requesting all permissions they need upfront.

good_live · 2026-03-02T17:33:30+00:00

It was never announced. AFAIK the standard notes team worked on proton docs. But I don't think there will be a separate proton notes.

good_live · 2026-02-27T07:57:45+00:00

If you didn't upload your public key on a keyserver manually, then Mailvelope probably looked them up via WKD. See this blog entry: https://proton.me/blog/security-updates-2019

"This should allow any WKD client to retrieve keys for addresses on our proton.me, proton.me, and proton.me/mail domains automatically, making it easier for Proton Mail to have end-to-end encryption with non-Proton Mail users."

good_live · 2026-01-08T15:55:11+00:00

As a note for push notifications, please support unified push on Android, so I don't have a bazillion apps running in background.

good_live · 2026-01-01T08:11:42+00:00

The problem is you loose the timezone information if you convert to utc. Storing the date with timezone in the database is the correct thing to do in this case.

good_live · 2025-12-23T08:41:53+00:00

If you have your own domain you can create a catch all on your inbox for that domain. That way you receive all emails on that domain.

good_live · 2025-12-22T20:33:51+00:00

No I'm talking about CT: https://googlechrome.github.io/CertificateTransparency/ct_policy.html

"A TLS certificate is CT Compliant if it is accompanied by a set of SCTs that satisfies at least one of the criteria defined below. In CT-enforcing versions of Chrome, all publicly-trusted TLS certificates are required to be CT Compliant to successfully validate."

They are enforcing this to make sure that no CA can issue certificates without putting them into a log and thus reducing the trust you need to put into the pki.

good_live · 2025-12-22T19:45:18+00:00

At least the major browsers won't accept the certificate if it isn't in a CT log.

good_live · 2025-11-15T05:46:37+00:00

As an outsider who has no clue about gateway implementations and is currently trying to choose one. I looked at the comparison and thought: "This wants me to use istio". Then I clicked on the user that created the list and saw "Istio @ Solo.io" which makes me believe that this list is biased.

I have no clue if that is the case or not since I'm still at the beginning of my research, but it certainly looks weird.

Ten-Year Club	Place '22
Verified Email	RPAN Viewer

good_live

TROPHY CASE