Proton Sheets Launches as Encrypted Alternative to Google Sheets

[MacHeritage]

I appreciate @cjsuk's posts and info. It all depends on what one is dealing with from a security perspective.

Yes, things can change over time but compared to any regular email (that was being read by "other"people and or manipulated), Proton really works for me, thus far. People in "other" places have been shut out (or limited?) thanks to Proton. So for me, it works for now. Google is like open hunting season and "people in the know" can read everything and manipulate it as well.

No digital anything is 100% secure and never will be. That is why countries still use typewriters for serious communications with each of them having their favourite models. It is secure, not digital and is hands on.

If it goes over the Internet, consider it public. But Proton to Proton is the easiest way to keep things as secure as one can via email, for now, that I know of and is better then just Google, WhatApp (and anything Facebook makes), etc. or regular non-encrypted email.

Getting others to even do Proton is a challenge, anything else is just a non-starter aka. talking to oneself in the mirror.

 

[q3anon]

Your complete dumb EU babble aside, you realize, Switzerland is NOT a member of the EU? 🤦‍♂️
I don't know, why I still try to argue with absolutely incompetent people, but here we are...

Resorting to ad hominem attacks is the standard refuge of the intellectually bankrupt when they lack the technical acuity to debate the actual threat model. Since you confuse blind faith with “experience,” let me explain the architecture you clearly don’t understand.
You are ignoring the fundamental distinction between immutable binaries and dynamic web assets. In a browser-based threat model, the service provider controls the delivery channel for the cryptographic primitives every single time you log in. There is no “trust” in a zero-trust architecture; there is only verification.
With a web client, Proton (under legal coercion via the new EU CSAR framework) can perform a targeted attack by serving a modified JavaScript payload specifically to your session. This payload can exfiltrate your private keys or plaintext data before client-side encryption occurs. Because the code is ephemeral and loaded at runtime, you have no mechanism to perform static analysis or verify the hash integrity of the client against a known good state, unlike a signed, open-source desktop binary.
The “Swiss defense” is a myth: it didn’t stop them from logging and surrendering activist IPs in 2021 upon Europol’s request, and it certainly won’t stop a compelled “voluntary” client-side scan.
But please, go ahead and send them your “high, very welcome.” I’m sure your warm feelings will act as a robust shield against state-sponsored side-channel attacks. Enjoy your security theater.

 

[cjsuk]

Getting others to even do Proton is a challenge, anything else is just a non-starter aka. talking to oneself in the mirror.

This is another problem. Same as getting people to use Signal vs WhatsApp.

No one cares.

I use WhatsApp and plain old iCloud+ email. I just don’t assume it’s a secure channel. And I don’t assume the recipient isn’t an idiot.

 

[jkratz.36]

Your complete dumb EU babble aside, you realize, Switzerland is NOT a member of the EU? 🤦‍♂️
I don't know, why I still try to argue with absolutely incompetent people, but here we are...

FWIW Proton has not existed just in Switzerland for years now. They have a data center in Germany IIRC. And if you're wondering what is being discussed look up the Ordinance on the Surveillance of Correspondence by Post and Telecommunications. Here is the short version:

"will introduce new obligations for virtual private networks (VPNs), messaging apps, and social networks. These measures include mandatory user identification and data retention of up to six months for all services with at least 5,000 users. Providers will also be required to decrypt the communication upon the authorities' request should they own encryption keys."

As of yet this has not happened and there has been backlash over it. But, if it does pass Proton has noted they'd likely move out of Switzerland into, you guessed it, the EU.

So by all means, put your full faith in Proton unquestioned but don't try to write off the concerns of others as them being incompetent.

 

[robertosh]

I like Proton, I know also many staff thanks to work and they are nice and smart, but I think that lately they are trying to get too much offerings, and simple things like mail are not working nice. The Mac app is terrible, and same to the iOS app. Please make basic things work well before jumping to new features. I was Ultimate, this year I've downgraded, and I'm preparing to quit next year as I don't need many of the features that you get out of the box. I just want an email service with nice clients that is fast and reliable. I don't think Proton is offering that now

 

[Sphincty]

How do I benefit? This is a serious question. In my mind I actually lose a lot of functionality for any tiny benefit I gain by having emails encrypted with ZKE. Most users are far better off with a provider like Fastmail (and FWIW I have used Fastmail for years as my email provider, not Google) if they want to leave Google than ProtonMail.

But lets talk about Gmail for a second. Part of what makes Gmail so good is being able to index email for stuff as "simple" as good search to the more complicated stuff they've added over the years via machine learning. People complain a lot about "Google is reading my email!". Well, no kidding, of course they are, but not in the sense people are implying when using that word. Google is scanning your email. They have to for something even as simple as search. It just so happens they've added a bunch of convenient functionality on top of that. Nobody at Google is sitting there sifting thru your emails "oh look John just got a $50 bill from Dildos R Us".

And to be frank, if I'm going to trust someone, I'm going to trust Google more than Proton. There are a lot of businesses running on Google Workspace. Google runs on Google Workspace. They've got a good security team and are very motivated to keep things secure given what I just mentioned. For those that don't want to "be the product" then pay for a Google Workspace account. It's not expensive at all.

What! My name is John and how did you know I shop at Dildos R Us! Freaky...

 

[jkratz.36]

What! My name is John and how did you know I shop at Dildos R Us! Freaky...

Nice to meet you John...I work at Google and I'm reading your emails 😂

 

[zenmacx]

I like Proton, I know also many staff thanks to work and they are nice and smart, but I think that lately they are trying to get too much offerings, and simple things like mail are not working nice. The Mac app is terrible, and same to the iOS app. Please make basic things work well before jumping to new features. I was Ultimate, this year I've downgraded, and I'm preparing to quit next year as I don't need many of the features that you get out of the box. I just want an email service with nice clients that is fast and reliable. I don't think Proton is offering that now

While I’m currently using Proton, I too am considering alternatives. Have you found another provider you’re considering?

 

[cjsuk]

While I’m currently using Proton, I too am considering alternatives. Have you found another provider you’re considering?

Recommended not incompetent ones here:

1. Apple - iCloud+ is standard SMTP+IMAP with domain support.
2. Mythic Beasts - UK based IMAP/SMTP run by competent people.
3. Fastmail - AU based with servers in the US. Fairly competent. Used this before iCloud.

Importantly don't look for services that don't talk standard protocols like Proton aka are web apps, or web apps crammed inside app runtimes (electron etc). Just a good native email client is all you need. macOS and iOS ship with a mostly decent one that has had a hell of a long time to reach maturity. And they work flawlessly offline for days at a time, which is something half the web based crap ones don't.

Stay the hell away from:

1. Proton
2. Google Mail
3. Outlook.com
4. Yahoo.
5. Anything you aren't paying for in some way.

 

[zenmacx]

Recommended not incompetent ones here:

1. Apple - iCloud+ is standard SMTP+IMAP with domain support.
2. Mythic Beasts - UK based IMAP/SMTP run by competent people.
3. Fastmail - AU based with servers in the US. Fairly competent. Used this before iCloud.

Importantly don't look for services that don't talk standard protocols like Proton aka are web apps, or web apps crammed inside app runtimes (electron etc). Just a good native email client is all you need. macOS and iOS ship with a mostly decent one that has had a hell of a long time to reach maturity. And they work flawlessly offline for days at a time, which is something half the web based crap ones don't.

Stay the hell away from:

1. Proton
2. Google Mail
3. Outlook.com
4. Yahoo.
5. Anything you aren't paying for in some way.

I'm glad I asked since I was unaware of Mythic Beasts. Fastmail has been on my radar although I haven't done additional research on them yet.

I've always believed that paying for mission critical software is very worthwhile. I don't work for free and I don't expect software developers to give away their work either.

While I'm not completely done with Proton yet, I'm close to that point.

Thank You for the detailed response.

 

[jkratz.36]

While I’m currently using Proton, I too am considering alternatives. Have you found another provider you’re considering?

Don't want to sound like a broken record but Fastmail. Have never regretted paying them. Excellent service.

 

[chmania]

Stay the hell away from:

1.
2. Google Mail
3.
5. Anything you aren't paying for in some way.

Well, I've been using Gmail for 18 years, and all the emails and attachments I've kept since 2007, which I considered important, are still there. It would be nice to take a trip down memory lane, from July 2007.

 

[jkratz.36]

Recommended not incompetent ones here:

1. Apple - iCloud+ is standard SMTP+IMAP with domain support.
2. Mythic Beasts - UK based IMAP/SMTP run by competent people.
3. Fastmail - AU based with servers in the US. Fairly competent. Used this before iCloud.

Importantly don't look for services that don't talk standard protocols like Proton aka are web apps, or web apps crammed inside app runtimes (electron etc). Just a good native email client is all you need. macOS and iOS ship with a mostly decent one that has had a hell of a long time to reach maturity. And they work flawlessly offline for days at a time, which is something half the web based crap ones don't.

Stay the hell away from:

1. Proton
2. Google Mail
3. Outlook.com
4. Yahoo.
5. Anything you aren't paying for in some way.

I like your list but disagree with you on Gmail. I think it's an excellent service and if one is really concerned it can be paid for.

 

[jkratz.36]

Well, I've been using Gmail for 18 years, and all the emails and attachments I've kept since 2007, which I considered important, are still there. It would be nice to take a trip down memory lane, from July 2007.

Have to agree. I've had an account since 2004 and have never had an issue with it. That said, and as I've noted, I use Fastmail but keep my gmail account around for various things. It's always been rock solid.

 

[cjsuk]

I like your list but disagree with you on Gmail. I think it's an excellent service and if one is really concerned it can be paid for.

I've run enterprise google workspace.

If you like paying for something with no support, or possibly a drunken clown on a good day, knock yourself out.

 

[cjsuk]

Well, I've been using Gmail for 18 years, and all the emails and attachments I've kept since 2007, which I considered important, are still there. It would be nice to take a trip down memory lane, from July 2007.

I know someone who used free Gmail for their business. Then one day Google closed their account. No possibility to appeal. Lost contacts, email, the lot. Took them 6 months to get their business back up again, right down to having to get their vans and office signage re-labelled.

If it's not on disk, on the computer you control, then memory lane might be very short.

Then again same story with iCloud. No backup? Locked account after phone stolen. Say goodbye to the only photos of your deceased daughter which are stuck in iCloud Photos because that is apparently a backup. It broke the poor woman.

I see a lot of horror stories in my time. Enough to know that most people are seriously out of touch with how at risk they are.

Edit:

I use iCloud+ email. I have an app-specific password set up which is used with imap-backup to archive my mailboxes offline in mbox format on my mac. This is run weekly, which is the window I can afford to lose stuff in, then rsynced to two separate disks with everything else (one SSD, one HDD) and time machine. The time machine disk is swapped with another one off site once a month.

My entire house can burn to the ground, I lose all my kit, all my accounts and I can be up with the same email address and 0-4 week old mail archive, all my data, photos, everything. Even if Apple ceased to exist suddenly or I couldn't get a replacement mac, any old ****** PC and a Linux image and I'm back up in an hour of work.

 

[Bungaree.Chubbins]

I am slowly trying to untangle myself from Gmail, but it takes time because I’ve been using it for so long I needed an invitation to create the account.

 

[chmania]

I know someone who used free Gmail for their business. Then one day Google closed their account. No possibility to appeal. Lost contacts, email, the lot. Took them 6 months to get their business back up again, right down to having to get their vans and office signage re-labelled.

A paid account is still a paid account. The business person should manage their schedules effectively.

If it's not on disk, on the computer you control, then memory lane might be very short.

I keep everything important on an external drive, and actually, I have another copy on a different drive. I'm an old-fashioned guy.

Then again same story with iCloud. No backup? Locked account after phone stolen. Say goodbye to the only photos of your deceased daughter which are stuck in iCloud Photos because that is apparently a backup. It broke the poor woman.

I never consider iCloud or any cloud service as a backup. A proper backup is what you have at home. I use iCloud for temporary purposes, so I won't ever need more than the free 5GB. I don't usually trust companies, as they are not human and lack souls.

 

[jkratz.36]

I've run enterprise google workspace.

If you like paying for something with no support, or possibly a drunken clown on a good day, knock yourself out.

Still an excellent service regardless. Don't worry man, we can disagree. It will all be OK.

And I find it dubious that running enterprise-level Google Workspace that you had no support. I literally had to use Workspace support once (back when it was still GSuite) for my own "starter" account for $5/month. I know it exists. Point being: any of the advertising/tracking worries don't exist with paid accounts and you're not stuck in the cold like with a free gmail account if something happens.

 

[jkratz.36]

I know someone who used free Gmail for their business. Then one day Google closed their account. No possibility to appeal. Lost contacts, email, the lot. Took them 6 months to get their business back up again, right down to having to get their vans and office signage re-labelled.

If it's not on disk, on the computer you control, then memory lane might be very short.

Then again same story with iCloud. No backup? Locked account after phone stolen. Say goodbye to the only photos of your deceased daughter which are stuck in iCloud Photos because that is apparently a backup. It broke the poor woman.

I see a lot of horror stories in my time. Enough to know that most people are seriously out of touch with how at risk they are.

Edit:

I use iCloud+ email. I have an app-specific password set up which is used with imap-backup to archive my mailboxes offline in mbox format on my mac. This is run weekly, which is the window I can afford to lose stuff in, then rsynced to two separate disks with everything else (one SSD, one HDD) and time machine. The time machine disk is swapped with another one off site once a month.

My entire house can burn to the ground, I lose all my kit, all my accounts and I can be up with the same email address and 0-4 week old mail archive, all my data, photos, everything. Even if Apple ceased to exist suddenly or I couldn't get a replacement mac, any old ****** PC and a Linux image and I'm back up in an hour of work.

Your stories about Gmail and photos in iCloud are bad stories but that says nothing other than someone didn't do a bit of due diligence to make sure their important **** didn't have a second copy elsewhere. Hell, most people aren't even willing to pay for extra iCloud space as a "backup" for photos let alone worrying about **** like 3-2-1.

You are right that most people are out of touch with how at risk they are. There isn't a good solution to that problem other than education which most people will never have. Google and Apple can't solve that problem. Nobody can. It's like the many people I know who store personal photos, etc. on their work machines. Bad idea.

 

[jkratz.36]

A paid account is still a paid account. The business person should manage their schedules effectively.

I keep everything important on an external drive, and actually, I have another copy on a different drive. I'm an old-fashioned guy.

I never consider iCloud or any cloud service as a backup. A proper backup is what you have at home. I use iCloud for temporary purposes, so I won't ever need more than the free 5GB. I don't usually trust companies, as they are not human and lack souls.

Technically even that isn't a proper backup. Is it better than just having files in cloud storage? Sure. But if your house burns down and you're not thinking about grabbing hard drives then you're still screwed.

Cloud storage can be (and i'd argue should be given how easy it is) part of a good backup strategy. Nothing inherently wrong with it.

 

[cjsuk]

Still an excellent service regardless. Don't worry man, we can disagree. It will all be OK.

And I find it dubious that running enterprise-level Google Workspace that you had no support. I literally had to use Workspace support once (back when it was still GSuite) for my own "starter" account for $5/month. I know it exists. Point being: any of the advertising/tracking worries don't exist with paid accounts and you're not stuck in the cold like with a free gmail account if something happens.

Had a serious issue on provisioning an org on it a few years back. Something broke in their back end during whatever provisioning was doing that caused any bounces to other google products to throw a 500 error. That lead to the associated domain being bound to that tenant and you couldn't remove it due to 500 errors so you couldn't create a new tenant with that domain because it was already in use. Support couldn't fix the old tenant or find anyone who could. Someone in support actually suggested we bought another domain name.

The domain was registered 4 years before Google even existed and the company 100 years before that. Due to this they lost 1500 seats on two other tenants to Microsoft.

 

[chmania]

Technically even that isn't a proper backup. Is it better than just having files in cloud storage? Sure. But if your house burns down and you're not thinking about grabbing hard drives then you're still screwed.

The second drive doesn't have to be in the same premises, does it? Two places don't have to be burnt at the same time, do they?

Cloud storage can indeed be part of a good backup strategy? But I don’t trust companies. I know how board meetings go; they rarely discuss clients "benefits," if at all, and focus instead on how much profit a (any) venture might generate.

 

[cjsuk]

Technically even that isn't a proper backup. Is it better than just having files in cloud storage? Sure. But if your house burns down and you're not thinking about grabbing hard drives then you're still screwed.

Cloud storage can be (and i'd argue should be given how easy it is) part of a good backup strategy. Nothing inherently wrong with it.

Not really. It's mutable i.e. a compromised or defective machine and software can actively modify and destroy it. And it's tied to the same security context as your machine which means account issues can shoot both the primary data and the first line backup. It really should be separated carefully in that respect as well.

I would treat it as a convenience only if you choose to use it.

 

[cjsuk]

Your stories about Gmail and photos in iCloud are bad stories but that says nothing other than someone didn't do a bit of due diligence to make sure their important **** didn't have a second copy elsewhere. Hell, most people aren't even willing to pay for extra iCloud space as a "backup" for photos let alone worrying about **** like 3-2-1.

Indeed. The problem comes from people blindly restating vendor claims like "my stuff is backed up in the cloud". They were sold a lie.

You are right that most people are out of touch with how at risk they are. There isn't a good solution to that problem other than education which most people will never have. Google and Apple can't solve that problem. Nobody can. It's like the many people I know who store personal photos, etc. on their work machines. Bad idea.

Google and Apple CAN solve that problem. The problem is they want to sell you their cloud solution so they don't.

Microsoft are the worst at this. They had perfectly good backup software built into windows but now try and ram onedrive down your throat as a "backup solution".