For context, in my password manager I had tried formatting some of my entrees so that it would contain the usual username and password, but instead of creating whole new entrees for the security questions for the same account, I just added additional fields in the same entree in order to keep things a little more tidy.
I was not expecting that doing so would result in later being shaken down by Proton to pay even more money just to access the same few bytes of fucking text I had trusted them with. This is sleazy as fuck and I am dropping these idiots entirely.
Download BitWarden and be done with it.
If you can, just self-host vault warden (compatible with bit warden and supported). Gets your data out of the cloud entirely.
I’m with you, but the hosted subscription is miles more secure than I can make my installation, and at $10 per year probably cheaper than the electricity to self host. Plus it supports the devs.
But I do make regular backups in case I need to migrate.
I think their prices have increased, but it’s still a good deal
Apparently the price increase happened yesterday; I hadn’t heard anything about it until just now. Gave me the push I needed to switch to self-hosted vaultwarden in like 15 minutes. Very pleased with how simple the docker compose and export->import were. I’ll note that I’m running it privately on my local network, which I’m assuming should work fine as my devices enter that network semi-frequently and should keep everything synced up(?).
If you want a nice way to elevate the usability of your setup use Tailscale (or self-host Headscale) and run your devices on a VPN.
My devices are never not on my “LAN”, they maintain a VPN connection and access my local services as if they’re wired in. Remote pihole, multimedia streaming, password management etc are all covered by this one solution without needing to deal with reverse proxies and certificates.
Yeah, it’ll work fine. It syncs occasionally but you can also force a sync. Just make sure you backup somewhere (with an encrypted backup you can do it anywhere, even Google drive without privacy issues) incase of fire or wtv. If you’d like online access you could also setup wireguard with a route to it.
Giving money to yanks though
KeepassXC and syncthing, free and easy
1password if you want to give money to Canucks.
1password is decent nowadays I think, but for a long time it was apple-only nonsense, it’s proprietary and the web interface/app interface used to be confusingly different from one another.
Whats the price for though? Im cancelling my plan as all I ever used was OTP codes. The rest is free.
What is your backup process like? Still haven’t figured this one out. Not sure if it makes sense to export encrypted where I can only access My vault with the same account, or unencrypted but then leaving it open and exposed somewhere or in multiple places.
Unencrypted, and it stays local.
Your first point is debatable. You still have to trust them to be that secure, and you can’t verify that. If they are ever breached, it’s literally the worst case scenario. You can self-host their solution, but only in the enterprise tier (6$ per user per month). Also BitWarden is a target woth attacking, I am not. BitWarden hosts thousands of instances worthy of being attacked individually. A personal VaultWarden instance of “Mike and Molly Peterson” isn’t exactly an attractive target. I do think they are pretty secure, but a single mistake with these stakes can have immense consequences. LastPass was also breached repeatedly, with a similar buiseness model.
The second point about electricity wouldn’t be true in my particular case, as the server for self-hosting it is running anyway. Running VaultWarden or not doesn’t change the power usage noticably. Obviously this is different for someone who doesn’t just have a server at home running anyway.
Side note: I’m not actually running a personal VaultWarden instance, as my personal requirements are being met just fine with KeePass files. We do run an instance at work, but it isn’t world-accessible (internal access only).
Why are you suggesting self hosting vaultwarden instead of self hosting bitwarden?
It’s much lighter on the resources while having the exact same functionality.
Bitwarden disables some features if you self host, even if you pay the $15/year.
Self hosting BitWarden still means it’s accessbile for them and/or from them.
You also have no way to audit their security from what I understand. VaultWarden is FOSS, if you want to, you can go check. And it does get checked by people with the competence to check this do every now and then.[Edit: I forgot that BitWarden is actually souce-available as well, while not being FOSS that’s still better than most solutions]. I just prefer full FOSS whenever possible. I prefer it not be a black bos I just happen to run on my own server.If you self host VaultWarden, the instance can just be not accessible from the internet, and only from behing a VPN. Obviously this is inherently much safer. If that’s possible with the self-host option I don’t know, but even just for licensing the local instance will have to be able to reach their servers (possibly be reachable from their servers, too). I did see they got an “offline deployment” option for air-gapped servers, but haven’t looked into what limitations that entails.
Additionally, you’re still within their licensing model. So for certain features you need to have a not-free account (like even just more than 2 people).
And like others said, VaultWarden is much lighter on resources in general and you aren’t limited in what you can and can’t do (users, collecitons, auth-options, …).
You can even self host it… And easily export your data from their hosted solution to your own.
Keepass is tried and true, I’m going back to Keepass.
Welcome back 👍
I tried protonmail not for the privacy purpose but just to have a normal web email client.
After wasting an hour before finding out you can’t disable the “sent from protonmail” footer without manually deleting it in each draft you make, I said screw it and deployed my own email server with stalwart lol.
It’s receive only because outgoing SMTP is a pain to make reliable these days and my ISP blocks outgoing SMTP anyway, but for everything else I now use Thunderbird.
What do you mean? It’s a slider setting you can turn on or off individually for each address (if you want to keep it one one but not others). It’s under identity and addresses.
IIRC free users don’t have that option.
Ah, that makes sense. Always blows my mind when people complain about free tier limitations, especially from companies that don’t make money from selling your data.
Yeah I wanted to complain about it, but when the service is free I don’t have any right to. I will say that I upgraded to paid and still ran into a limitation. On Gmail, I use the Snooze and Schedule Send options a lot. In Gmail I have scheduled financial reminders for literally years in the future. Proton only lets you schedule 90 days into the future, that’s it. I gotta wonder about the logic of that. At the very least, let me schedule messages until the end of my subscription.
Yeah I’m on free tier(evaluating proton as a whole) and I don’t see this option in my mobile app. I’ll have to look at the web to see if it’s there…but I doubt it
*Edit, checked the web client. Found the option, but it’s a mail plus feature, so I can’t disable it as a free user.
I’m not sure what all the limitations are for the free tier. I’m on the Unlimited plan, if you’re wondering if an option is available on the paid plans feel free to ask me and I’ll check for you.
It might have changed but there is a setting for it now.
Pretty annoying that I’m just learning setting no signature did nothing since they added a second signature option for when sending from mobile and enabled it by default.
I have always hated this, the signature settings need to be unified. Why would I ever want a different signature to alert people that I am on my phome. Gmail allows ios to match their web signature but not android.
Sent from my fucking phone.
shaken down by Proton to pay even more money
What are you paying for currently?
I had to look into it, because their pricing plans seem to have changed now. Evidently I have something called Proton Plus, $4.99 per month. It looks like that plans benefits do not extend to additional Proton Pass features.
I’m going to be transferring accounts away from Proton and then closing my accounts entirely. Already moved all my passwords back to Keepass. My main email address has been on posteo(.de), which has been great. Super reliable service from a company who appears to actually get the ethos of FOSS. I only pay, I think $12 per year for their service.
Yeah I thought so. If ya don’t pay for it, ya don’t get to complain about it, bud.
I’m sorry, but what? Number one, we’re talking about text. Bytes of data, which costs next to nothing to store. If you think that it is in any way fair for a company to allow a person to enter information into an account, and then unexpectedly charge them to access that same data, you are insane. If you paid for a storage rental, moved your belongings into it, and then found that the company changed the lock and decided you had to pay more to get your stuff - would you continue renting that storage?
Go back to reddit, corposhill.
we’re talking about text. Bytes of data, which costs next to nothing to store.
No but your files are not stored as text files. That’s not what you’re paying for. You’re paying for the development of the software used to create, store and fill them at the appropriate times and places. If you don’t care about that, just keep them stored as text files on your computer. Boom, problem solved.
If you paid for a storage rental, moved your belongings into it, and then found that the company changed the lock and decided you had to pay more to get your stuff
You keep using that phrase. You are not “paying more” because you never paid anything in the first place.
Go back to reddit, corposhill.
If you think Reddit is the only place that’s going to call you out for being a choosy beggar, you’re in for a surprise.
No but your files are not stored as text files. That’s not what you’re paying for. You’re paying for the development of the software used to create, store and fill them at the appropriate times and places. If you don’t care about that, just keep them stored as text files on your computer. Boom, problem solved.
But you say just below this that I never paid for anything in the first place? In any case, whether paid or not, they still have to compete with other options including free ones like Keepass. Why would I pay for Proton over the free Keepass if Proton is basically ransomware?
You keep using that phrase. You are not “paying more” because you never paid anything in the first place.
Untrue. I was paying for it, and they required that I pay even more just to access the data that their system allowed me to enter.
If you think Reddit is the only place that’s going to call you out for being a choosy beggar, you’re in for a surprise.
You rn:
you say just below this that I never paid for anything in the first place?
Excuse me, let me correct myself: That’s what you’re not paying for. Better? Does that make you anymore correct?
Why would I pay for Proton over the free Keepass if Proton is basically ransomware?
KeePass is local storage. It’s not managed. But by all means, If you don’t see the value, use KeePass. Not sure what you’re complaining here for.
I was paying for it
Okay, so you stopped paying for it. That’s why you can no longer access it. You can still export your data and import it into KeePass. So go do it.
You rn:
- Proton is most certainly not a multi-billion dollar corporation, moron.
- Your argument suggest that corporations aren’t possibly able to hold a valid argument. I’m not siding with the corporations, I’m siding with basic logic and reason. It’s not complicated. You are not entitled to anything they offer if you don’t pay for it.
I know someone that signed up for an account with them, they froze it immediately for suspicious activity. He does nothing with that IP address, reads, social media, that’s it. No way to get off the shit list without giving up personal information like a phone number and or alternate email and no guarentee that would fix it.
Their IP was on a blacklist from some shady company for some strange reason. But other companies let you write the company and plead your case, proton does not.
They further suspended a bunch of accounts based on some half baked unproven accusations by the government(s) if I recall.
They aren’t trustworthy, they will give you up at the first sign of friction it appears.
deleted by creator
Check your ip against the lists of blacklists, there are sites that do it directly from the search page, there are a few dozen blacklists supposedly for spam and the like.
I suspect israel critics get dropped on them. A brazillian firm did the one we found.
deleted by creator
Bitwarden offers this feature for free using custom fields, although 2FA is paid unless you self-host IIRC
Vaultwarden is a great self hosted bitwarden clone
I haven’t personally hosted it myself but I’ve heard it’s pretty good, also worth vouching for KeePass based on my time with it
OMG I thought I was the only child of Mr and Mrs Upgrade, of Upgrade street, Upgrade! Maybe we’re related?
Howdy. For the clarity of users such as myself, can you please clarify which “Proton” you’re referring to.
Bummer.
Eh. I am very happy with thwir service, but I didn’t opt for the free tier. It has replaced my old VPN service provider, 1Password, google’s 2FA, Google Drive, and the office suite is useful.
Since i was paying for other services that offered no privacy, switching to a single paid service with privacy ended up saving me money, so no complaints.
Pretty sure the warning signs were apparent when the CEO submitted to Trump. it just his “personal beliefs” and not representative of the company. Right.
The CEO was lobbying for online privacy by publicly shaming the Democrats. He was doing his job.
Why is it that just doing their job excuse or just following orders tends to be associated with questionable actions as opposed to positive ones? It’s starting to seem like a red flag if those two phrases get used for an action.
He made a mean tweet about the Democrats, it’s not like he loaded bullets into ICE guns.
Complimentary remarks to Republicans depicting them as a party open to being privacy respecting and respect for the rule of law. Took the Joe Rogan hand book of trying to sane wash the Republicans and downplay concerns regarding them while trying to come off as moderate.
And it aged terribly. Someone who went to Harvard and spent significant time in the US wasn’t blind to what those way less educated than him saw when it came to the direction the US was headed towards before Trump officially took office.
He was rightfully criticized because Trump never hid his intentions during the election, so people were not impressed by the pandering like all the current tech bros part of the Trump inner circle.
Yeah, I tried to be charitable and assume they were just ignorant of how bad Trump is. I should have known better.
??? I use Proton mail and I never saw something like this. Account with nick, other mail, password and go.
It’s in Proton Pass. When you create an account entree, there is an option to create additional fields that you can name and fill out, kind of like multiple notes in one file. Somehow I was able to create those fields on my account just fine, but then to be given access to that data it turned out that I had to upgrade my account. In other words they duped me into entering data at no extra cost, but then charged me to access that same data later on.
I don’t use it. Mail is fine, I don’t need other than this. For all other apps, there are tons of FOSS alternatives out there.
Bitwarden FTW
That’s scummy as fuck.
I guarantee they do that on purpose just like all other scams that make you invest your time before telling you you need to pay.
Bitwarden ! Host it yourself.
Can you still access the info by hitting edit? It was possible last time I checked. Even so, yeah, I’m thinking a transition to bitwarden is not a bad idea.
According to other comments in this thread, Bitwarden does similar crap. I went back to Keepass.
As for the data, luckily it was for an account I don’t need or use anymore, so I just deleted everything and moved on.
Because a bunch of dementia patients started leaving 1 star review as they kept on forgetting their passwords
What tier do you pay for now? Did you ever downgrade your tier?
I am on Proton Plus, $4.99 per month, which I now see does not appear to extend to Pass benefits. I’ve switched password managers already, and am going to be moving everything else over to other apps and services and cancelling my Proton accounts entirely.
That’s fair, if something doesn’t work for you move on. I’m pretty happy with proton for now. Eventually I’ll try self hosting.
I don’t think that’s where entrees go.
Hypothetically it should have. Those were additional fields that I added to the main account login entree, in order to keep all the relevant data in one place.
Strange, I keep my entrees covered in the fridge and take them out about one hour before guests show up.
But I don’t understand, were you already a premium member when you were prompted to pay more?
I had to look into it again because their pricing models are weird and confusing. My current plan is something called Proton Plus, $4.99 per month, and evidently the benefits do not extend to Pass.
Oh yeah, this is a very annoying pricing model. Proportionally very expensive for each individual part/product, but then a proportionally lower price for the whole thing. But in absolute amounts, more money was payed.
The closest example I can think of is fast food cup sizes.
What they want is for you to think “Hmm I need a VPN and an email, but it’s cheaper to just buy the whole unlimited package”
