Proton Pass end-to-end encrypted password manager is here and free for everyone
9to5mac.comProton, the company that still in 2023 doesn't allow to cancel the auto renewal without losing access to the services you have already paid, the most anti-consumer thing I have seen in my life.
Here is how it works: 1. You pay for example for 2 years of access. 2. After a few months you decide to remove the auto renew and just use the remaining time of your subscription, your only option is to cancel your current subscription and lost access to any premium service you paid for, they give you credits for the remaining time of your subscription, that you can use if you contract other services.
So you are force to cancel the subscription before the renewal time and hope you don't forget to cancel it.
Run from this company.
Its unfortunate.
I was a happily paying customer for years
One day, i decided to try out the business plan for my naescent startup for organic farming.
When i realized they were missing critical features (autofwd rules one i recall) i tried to go back to the regular paid account.
Not only i couldnt do it, but they forced me to delete emails by hand for years worth of pictures that i had saved in the account to get below the free plan quota. All because i needed to reestablish my personal account so i could move both custom domains to another provider.
then i got below the quota, it would still not allow me to reestablish the account.
To their credit, although their customer service take a while, they did help.
It makes me sad, and have a very bad taste in my mouth because I was really trying to give business to a google competitor.
EDIT: just like OP, I lost access to the existing paid plan when I upgraded. What really made me upset is that I couldnt restore access to my account by downgrading on my own, no matter what I tried. Took custom domains off account, still cannot downgrade...gave up freebie storage space , still cannot downgrade. Meet criteria to buy monthly plan. Cannot downgrade. Reduced feature use to meet free plan tier, still could not downgrade. Reduced storage used below free plan, could not go to free plan, either. All the while I lost access to all my accounts because I couldnt do 2FA challenge sent to my old proton free plan.
Needless to say, proton free plan is not tied to any mission critical access anymore.
This is exactly the reason I only use paypal or virtual cards from Revolut when I sign up to stuff online now. I can cancel the subscription from Paypal settings, or delete the virtual card in Revolut, and that ends up cancelling the service at expiry after they fail once or twice to take payment.
At least here in the UK this works fine. Netflix, Spotify etc all deal with that properly when I've "cancelled" my service this way.
I do the same thing using Privacy.com. Enough companies today use the "fuck you" approach towards their users, hence the users should use the "fuck you" approach right back at them.
What's funny is how people won't use virtual cards because they think bill collectors or the law will come after them. That's extremely unlikely to happen for an unpaid $9.99 bill, especially since it's not like bill collectors work on behalf of companies free of charge. It's in the best interest of companies to ignore the transgression, freeze the account, and wait for the user to come back and reactivate it; much less likely to happen if they actively punish a user because they missed a payment.
Same goes for the "but muh credit score" argument. Somehow my credit score is still excellent despite the numerous times I cancelled virtual cards or didn't feel like paying my utility bills.
So yeah, use virtual cards everywhere.
Privacy.com allows you to use completely made up billing information - transactions won't get rejected if the name/address is a mismatch. You can just feed a fake name and address into each site, even if they wanted to, how would they identify you? Of course, this likely works best if you use an email aliasing service that hides your real email completely, and a VPN to obscure your physical IP address.
I can’t use Privacy.com because they use cellphone numbers. Supposedly, someone had used my number previously to sign up and now I cannot make an account since that number is “tied to an account”. It’s why I hate this standard of 2FA/“identity verification” with something as antiquated as phone numbers. I’d love to use their service, but as of right now I’m simply not allowed.
An admirable tactic, but a lot of services can spot those virtual cards because they "identify" as if they are pre-paid (and maybe they are in the backend, I dunno). Same trick as using Google Voice number for SMS/phone: it identifies as VoIP and more than a few sites give me the "hey, what are you trying to pull giving us a number we can't spam endlessly?!"
When I see those tactics I imagine the company throwing a full screen seizure inducing modal window with a red background and lime text of all their 1 star reviews and search for a new product.
I long for a day when customers get to exclusively vote with their wallet/eyeballs and we're not held hostage by the network effect and/or similar gatekeeping tactics
Virtual cards are the way to go. My bank offers free virtual cards for my accounts and they work flawlessly.
The cancellation varies depending on the service. For Proton VPN for example, the cancellation now does not force downgrade you right away. But for Proton Mail, we have kept the legacy method of immediate downgrade because that service involves data storage. Because VPN has no data storage, so we can auto downgrade you at the end of the subscription to the free plan. This doesn’t work for Proton Mail because auto downgrade to free might require randomly deleting emails to fit under the free storage quota. So for that reason we ask users to actually downgrade at the time they decide to downgrade to resolve storage quota issues themselves since we cannot automatically do that later on their behalf.
Why not remind the users to delete their E-Mails near the end of their subscriptions?
We could, there is no guarantee that they would do it, which is the problem.
The way I would like to see this as a customer would be.
I'm able to cancel the auto-renew. Once I do that with email I will get a warning that says: "We will attempt to cancel renewal the last date of your subscription. If your account exceeds the free quota, your account WILL renew."
As the date for the renewal comes closer and the user exceeds the free quota, as a user I will repeatedly get mail that the account will renew unless it meets said free quota.
Some customers would throw a fit if they paid a renewal fee after scheduling cancellation - for good, legal reasons. Some customers would throw a fit if a cancellation scheduled >1 year ago resulted in random emails getting deleted (imagine the last photo taken of a lost family member being in those emails). Between both options, neither is appealing. It seems as though the current option is best, but I do like your suggestion too: the best of both options, with the risk of something lost (subscription money) being replaceable/refundable in the event of an honest error.
Thank you for that feedback, it will be passed on internally.
Thank you for pointing this out! Not a good look the fact that they feel they have to make it that difficult to switch to a different provider. Even Amazon Prime doesn't do that.
> doesn't allow to cancel the auto renewal without losing access to the services you have already paid, the most anti-consumer thing I have seen in my life.
Uh... really? That's the most anti-consumer thing you've ever seen? It may be anti-consumer, but that's nowhere near one of the worst. At least it's actually feasible and straight-forward to cancel with Proton, unlike certain big-name Silicon Valley firms; at least they aren't known for outright stealing your money, canceling your accounts at a whim, or refusing support. I don't like it, but they explicitly warn the user what's going to happen if they downgrade, and there's of course the refund you mentioned.
Having been a happy customer of Proton for many years, I wouldn't say "run" on that basis. It may be a deal breaker to some, but I've been happy enough with what I get that I find it a tradeoff worth tolerating.
As a Protonmail customer, and since they're active in this thread, I think this would be an excellent place for them to reply to your concern here to say that they agree that it's not customer friendly and that they'll fix it.
:)
The cancellation varies depending on the service. For Proton VPN for example, the cancellation now does not force downgrade you right away. But for Proton Mail, we have kept the legacy method of immediate downgrade because that service involves data storage. Because VPN has no data storage, so we can auto downgrade you at the end of the subscription to the free plan. This doesn’t work for Proton Mail because auto downgrade to free might require randomly deleting emails to fit under the free storage quota. So for that reason we ask users to actually downgrade at the time they decide to downgrade to resolve storage quota issues themselves since we cannot automatically do that later on their behalf.
It might have gotten lost, but we replied here with some context: https://news.ycombinator.com/item?id=36512900
> your only option
A calendar reminder to cancel the week before renewal is another option
It’s not “another option”. It’s a tool for dealing with the only option they give you.
And also happen to have the time to switch email providers that same week. No, what they do is just shitty.
I never said what they are doing isn't "shitty".
Thank you, I believe that was obvious to everyone.
Yes this is an option but a very annoying one.
Yeah, I have the exact same issue with them.
Should probably link directly to the announcement here: https://proton.me/blog/proton-pass-launch
I’ve been using since beta. It’s really smooth and pretty comparable to Bitwarden. It’s doesn’t have notes and such yet but it’s going to be a good competitor. I don’t think it’s open source so may not exactly be a good replacement for Bitwarden.
Their original plan was to keep it closed source during the beta and make it open source upon release, according to https://proton.me/blog/proton-pass-launch it is now opensource, however I have not been able to find the repository anywhere.
The biggest problem for me now would be the fact it cannot be self hosted, making lock in pretty extreme even though it's open source. The fact I can host my own instance is the main reason I stay with Bitwarden instead of migrating to an offline-first solution.
Here's the repository: https://github.com/protonpass.
Any specific reason not to put it in the ProtonMail GitHub organization? Anyway, thank you for taking the time to answer. :)
Tangentially, I see the application is native (i.e. not using Xamarin like Bitwarden), you should definitely point this out if you ever make some technical post about Proton Pass, I'm sure HN folks will be interested to hear about it.
Another thing, the client is not only open source but also free software, I think you should definitely point this out as well. I believe this is an important distinction for quite a lot of Proton users. I wonder however if this is OK to do for the iOS client, AFAIK GPL code could not be published on the app store without breaking the license [0].
Last but not least, I noticed that the issues tab does not appear on the Android repo but does on the iOS one, surely this is not intened?
[0]: http://www.fsf.org/blogs/licensing/more-about-the-app-store-...
Thank you for those points, we'll pass them on internally.
We have now started to use separate organizations for each product at Proton, e.g. the Proton VPN apps are on https://github.com/ProtonVPN and the Proton Drive apps are on https://github.com/ProtonDriveApps.
However the server source code isnt open. Bitwardens doesnt seem to be fully open either.
Bitwardens is 100% open-source, client and server. There is also an alternative server implementation called Vaultwarden which is lighter weight.
They have their own license for some files, so not fully open. Maybe should've said not fully open source but open source with source available.
Hi! Please note that we do have encrypted notes: https://www.reddit.com/r/ProtonPass/comments/14a113d/encrypt.... And it is open source: https://github.com/protonpass.
It has notes
I feel like it's not true that their services are end-to-end encrypted. I mean, they are, but they have the encryption keys so it's the same as if they are not.
https://news.ycombinator.com/item?id=29103056 https://encryp.ch/blog/disturbing-facts-about-protonmail/ https://news.ycombinator.com/item?id=17775326 https://news.ycombinator.com/item?id=28057433
It's open source so the E2EE can be (and has been) independently verified. The crazy CIA/NSA conspiracy theories are also quite easily debunked, see here: https://www.reddit.com/r/ProtonMail/comments/14demhj/debunki...
The encryption keys are encrypted using your password. Its the same as your phone.
Exactly. Your encryption key is stored encrypted so that we have no access to it. It is decrypted when you enter your password. We don't have access to your password, only an encrypted hash of it, so that our systems can recognize it. We cannot derive your password back from the hash.
Am I correct in believing that they haven't open-sourced Proton Pass yet? It seems like an ok password manager, but with no mention of open-source and an option for self-hosting, this already becomes completely unusable, especially considering so many great alternatives are already available.
edit: Their official announcement post says it's now open source, however I haven't been able to find the repository. I also still see no mentions of self hosting.
Here's the repository: https://github.com/protonpass.
Please put your apps on F-Droid.
PSA: ProtonMail is available through IzzyOnDroid repo. ProtonVPN is available through FDroid repo. Proton Calendar and Proton Pass are missing though.
I don't think there is any good reason to store passwords on a remote machine that you don't own. When most passwords that anyone will ever have can be fit on one cheap thumb drive in a keepass database. For which there are many open source apps available.
Ease of use is the biggest one. While you and I are capable of setting up and keeping up a remote machine with a self-hosted password manager, I'm incredibly confident my barely tech literate parents are. Realistically for people that aren't savvy enough to set up their own thing it's a e2ee password manager using that password manager's remote service or them using the same password for multiple websites and more of a lesser of two evils.
That makes sense. However, it's not that different from using the same password on all sites as an attacker only needs the master key for your online password manager.
It's very different. Even if I gave you my master password, you wouldn't be able to get into my account. The password manager I use has MFA (and I don't mean 2FA).
I generally agree, but it also depends on who you are. Although I don't have direct experience with this yet, I can imagine it's better for people who are not tech savvy or are prone to devices getting broken or lost.
As a programmer, I've yet to have needed a password manager. My passwords are random word combos that are somewhat memorable and I have 2FA setup for most things. If I forget a password, I rely on the "forgot my password" flow, and just accept that as the occasional tradeoff for not having a password live anywhere specifically. For some sites that don't have 2FA, I rely solely on logging in via the "forgot my password" flow.
Far as I can tell, I haven't been pwned.
I share a password manager with my spouse. There’s no way she would use it if it didn’t have a good mobile app.
Main reason is ease of access in phone. Bitwarden + Vaultwarden is great and syncs everywhere. Can't do that with keepass. I can't even open the keepass db from the usb stick on an iPhone.
Pity it's only available on iOS and Android as apps and as browser extensions elsewhere. I would've been interested to check out a desktop password manager that's free/cheap and is not based on Electron* and follows native OS UX.
[* As far as I know, Bitwarden is an Electron app. It shares the same kind of sluggishness and some weird navigation issues that are common in Electron apps. Though I wouldn't go back to 1Password for various reasons, I recall that it's also an Electron app ever since Agilebits got huge funding for the company.]
I Use KeePassXC[0] on the desktop and is really great. It is open-source; not an Electron app, it is written in C++[1]; there are browser plugins to auto-fill user/password/TOTP codes; it is local-first: not tied to any cloud vendors and you can easily sync the database file via any cloud system if you want; there is an Android app that can use the same database.
[0] https://keepassxc.org/ [1] https://github.com/keepassxreboot/keepassxc
I was hesitant to even bother trying yet another open source password manager, but wow, the comments here are brutal. Thanks for confirming initial gut feeling. I'll stick with Bitwarden.
Correct me if this is no longer true.
The fatal chink in the Proton model is that PGP keys must either be generated on the service or uploaded unencrypted?
To me it seems trivial to make it possible to upload a locally generated appropriately formatted encrypted key.
Glad if that now no longer true.
This is incorrect. Encryption keys are generated client-side, and the private key is encrypted with the user password which the server never sees. This is also verifiable through Proton's open source code.
I don't know if that was ever true. That wouldn't make sense.
... and this is about the password manager ...
Did you not realise the password manager uses PGP for the key storage? Same with Drive and Calender and of course the original Mail.
Rather than just guessing and assuming it'd be useful if you actually knew about the ecosystem before commenting.
There's still nothing about the telemetry in the browser extension? I couldn't find any mention about it in the "Help us improve Proton apps" or from the privacy policy page. The privacy policy mentions "It details the data processing activities specifically related to the creation and activity of your Proton Account when you use Proton Pass." though, but it's a bit unclear.
When looking at the extension's source code, telemetry data is anonymous, but it's always sent to the remote endpoint, and the only way to disable it is from your Proton account, not the extension itself.
The telemetry option is shared between all products and can be accessed from account pages for each product, for https://account.proton.me/u/0/drive/security for Drive, https://account.proton.me/u/0/pass/security for Pass, etc.
> But Proton Pass will also enable you to create a hide-my-email alias. An email alias is a randomly generated email address that sits between a third party (like Amazon, Facebook, or Netflix) and your real email account
Is there some software I can install on my webserver to generate per service emails like Proton Pass here (amazon.44ot65@passmail.com, netflix.56ax12@passmail.com, ...)? And which forwards the mails to my main Gmail and allows replying to them.
You can maybe try SimpleLogin. It's open source and can be self hosted (I have no idea how difficult or not this is). Proton acquired them and integrated the product into their own.
Anonaddy, basically the exact same product made by different people, can also be selfhosted. https://anonaddy.com/
Thank you, looks perfect.
Both Google domains and Cloudflare Email routing have wildcard/catch-all email forwarding. You probably can't reply from those email addresses, but you can receive/have email forwarded to those addresses. I have had this setup with Google domains, I now have it setup with Cloudflare email routing. In both cases it's free, but you need to have the domain on Google domains for 1) or add site to Cloudflare (and use their name servers for 2).
Possibly the worst experience I've had dealing with a software company.
So bad in fact that I couldn't consider using any of their products ever again out of fear.
I also got an email from Proton saying that they're forcing mandatory arbitration and class action waiver on all users.
This is also not true.
-Proton's updated ToS does not change dispute resolution for users outside of the US.
-Proton's legal jurisdiction is Switzerland. Swiss law does not permit class action lawsuits.
-For US users, Proton's updated ToS also does not remove your existing right to bring a claim against Proton in Swiss court (so you are not forced into arbitration).
-Recognizing that some US users might not want to bring a claim in Switzerland, our updated ToS adds the possibility to arbitrate in the US.
-We are wary of US courts having jurisdiction over Proton as it gives the US govt leverage. We suspect many of you are too, which is why people care about Proton being Swiss. Therefore, while Proton agrees to permit arbitration in the US, we don't by default permit proceedings in US court.
And still no native Linux client for Proton Drive.
I guess most find it useful to have all these tools/services supplied by one company. Personally I think it’s awful for privacy.
If there were more companies who went out of their way to handle only the metadata tied to my E2E content, I'd pay those companies, too! Using just one vendor isn't actually all that bad for privacy (anonymity being another matter), but requires lots of trust. As a US citizen, I trust the Swiss more than a US company, and can see that Proton's choices (including arbitration) are in support of my key requirements to have uncompromising privacy. I would like to see more companies competing for my trust, but these guys win so far so they get my money.
You could also see it as reducing the amount of entities you have to trust. If everything is with Proton you only have to worry about their trustworthiness.
Can't use the Firefox extension, FF 102 ESR is apparently too old :/
We need support for manifest v3 for Proton Pass and it requires FF 109 at the minimum.
I am a current user of Proton about to search for a solution to move away from this company, I am quite disappointed in my experience with them in general.
1) Their mail import tool reports wrong email set count and sizes leading to low confidence the tool worked, in the end I mbsync'd from both fastmail and proton and compared the email set because the migration UX was so poor (this is reported by other users also).
2) Their alias address implementation is severely limited, on Fastmail I used *@domain to have infinite emails, on Proton you have to add every alias you want manually one by one, if you do not, you cannot reply from any address. This is not only limited in the UI, but everywhere, protonmail-bridge for example will reject sending any email that is not in your alias list, and as they limit it to 100 addresses you can't work around it programatically either.
3) Their bridge software is buggy, and poorly documented, it's better with the recent release but for a while it made heavy assumptions about your installation and would log you out sporadically, sometimes requiring gpg-agent to be restarted (for no reason I could figure out) before being able to re-auth.
4) Their Proton Drive offering is basically useless, it is not available on Linux so can't use it as a target for backup software like Kopia/restic etc, and desktop apps have been in development for as long as I can remember. The WebUI for it will break if you try and drop too many files at once. It has problems with file name limits which don't appear until you try and access the filesystem again; after uploading several documents with extremely long names I found they were straight up inaccessible on my phone or via the web, so as far as I can tell if I hadn't had a second backup I would have lost these files.
All this would have been rough, but acceptible for me if I felt their client attention / support was good, but the support I received was terrible. Multi-day back and forths with support agents who did not seem to understand my questions, where with fastmail I would have a technical response to almost any question within an hour.
Their uservoice page is full of basic requests that are unanswered after years: https://protonmail.uservoice.com/
I've never regretted migrating to a company as much as I do Proton and I would not recommend switching to their applications, everything feels half baked or limited by poor focus on reaching feature parity with other competing services. The fact I can't do basic catch-all domain with their email service without being forced to reply via a limited alias list (if I can, their support was incapable of telling me how), was my last straw.
It's a shame there's basically no other encrypted mail host that competes.
We are sorry to hear about your experiences.
1. Currently, the EasySwitch doesn't support import from Fastmail, which may be why you experienced the issue. We would be interested to hear more details about tose issues, so please report them to us here: https://proton.me/support/contact.
2. We are not sure if you are aware but now Proton includes SimpleLogin too, which allows you to create an unlimited number of aliases and also user reverse aliases: https://simplelogin.io/. Here's how you can set up a SimpleLogin account with an existing Proton Mail account: https://proton.me/support/create-simplelogin-account-proton-....
3. We'll pass this feedback along to the Proton Mail Bridge team.
4. We can confirm that the Proton Drive Windows app is coming quite soon. Please report the issues you experienced with the web app to us: https://proton.me/support/contact.
Regarding support, note that the usual response times are 24 hours, but longer during the weekends when we work with a reduced capacity. We've been constantly hiring and training our agents in order to improve this. Additionally, if you have a particular example of a misunderstanding with the support team, we'd like to look into it and investigate.
While we may not been actively moderating our Uservoice channel, we do use it to inform our development decisions. Many of the recently shipped additions to the Proton Mail web and iOS apps have been decided on thanks to the feedback on Uservoice.
We understand the frustration with how the catch-all works right now. The team is aware of it and looking into ways to improve it in the future.
I do not have proton so i am curious: - why do someone need a "windows" app if there is a web app, it could be a pwa that works everywhere (like teams, outlook) is it true it does not work on linux? if you have a web app it hould work everywhere - why do I have to give an email adress to create an account? - will you support passkeys? - can I add phone number or something that my proton account is backed up with my real identity? I mean if it is my pass manager account, I want to be able to provide my real identity in emergency and get everything back
Hi! 1. We are currently working on the Proton Pass web app. Some users prefer to have native desktop apps, which is why we're looking into developing those too. 2. Proton Pass allows you to generate email aliases (it's one of its core functions), therefore, it needs to be connected to an email account. You however don't need to use this function - you can create a separate Proton account just for Proton Pass, so your main email account wouldn't be connected to your Proton Pass account. 3. We plan to support Passkey in the future. 4. You can set up an account recovery method on your Proton account(s), of course: https://proton.me/support/set-account-recovery-methods.
thanks sounds cool
if you implement passkeys, who generates the key pair? browser, os, pass manager? if the pass manager stores and manages private keys, it should create the keys
> It's a shame there's basically no other encrypted mail host that competes.
What about Tutanota?
At least last I checked they didn't have a protonmail-bridge equivalent for IMAP support, so you're locked into the web UI unfortunately. It might be that if you value privacy the best choice at the moment is actually to pick a non-encrypted provider with a strong GDPR/deletion policy and IMAP pull everything and simply keep your account clean by purging the remote at all times.
you sound like an angry fastmail employee :) you seem to have very special needs, why didnt you check out / test if what you want works before "migrating"? it takes a lot of work to create services it is cool if you are critical but your comments do not sound like proactive to me
So you are unsatisfied, but, there’s not 1 company in the world that can do the same thing, better….
I rest my case.
Sure. I'm not sure what case you're trying to make. Lack of competition does not mean there is no place for criticism, if the service works for you by all means you should use them if that's the best decision for yourself. These are just my reasons for avoiding a product like Proton Pass from this particular company and why I will migrate away and would not recommend them for users who might be similar to myself.
Fair enough;
By the way, regarding #2, are you aware you can use aliases with SimpleLogin if you have a Proton subscription? (Unlimited aliases, also with your own domain.)
I hadn't! I just gave it a shot and it seems sadly it suffers from the same problem. If I try and reply to an email received via SimpleLogin, it leaks my real email address (no option to reply as the receiving address), protonmail-bridge rejects it as a sender as well same as a catch all reply. Unfortunate.
Edit: Seems there is a reverse alias option, and seems to work well, will give it an honest go before migrating, thanks for the tip.
Simplelogin address aren't normal aliases.
Time to ditch 1Password.
Bitwarden was released years ago though?
I don't know them.