Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates: Reddit - Dive into anything”. This is unexpected, as they had around 50k subscribers on Mastodon, and mirroring posts is super easy. I find that concerning that they stopped posting on open and decentralized platform, but keep posting on Meta and X.

Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates”

  • @DreamlandLividityEnglish
    14 hours ago

    Bridge did not exist back then.

    As for it being sophisticated attack, I think it is relative.

    Regardless, if Proton said it did not matter to most people, I would respectfully disagree and move on. They did not. They claimed it is not at all less secure than a native app, which is BS.

    • @[email protected]English
      14 hours ago

      I can see a threat model already from 2014.

      Anyway, I think it’s a tradeoff that it’s hard to assess quantitatively, as risk is always subjective. From where I stand, the average person using native clients and managing their own keys has a much higher chance to be compromised (by far simpler vectors), for example. On the other hand, someone using a clean OS, storing the key on a yubikey and manually vetting the client tool can resist to sophisticated attacks better compared to using web clients.

      I just don’t see this as hill to die on either way. In fact, I also argue in my blog post that for the most part, this technical difference doesn’t impact the security sufficiently to make a difference for the average user.

      I guess you disagree and that’s fine.