I wasn't that familiar with your company before today but I can tell you that I won't be a customer at any time in the future based on your comments.
As Algirdas was formally employed through Tesonet, he put Tesonet into the cert, and nobody noticed it until recently. Unfortunately Google does not permit the cert to EVER be changed, so we are stuck with this cert forever:
Google says it is a "feature", but most likely it is a "bug" especially when considering how many 1024-bit certs are still out there...
So you, a privacy company, outsourced your IT to countless third parties in all sorts of countries? "Sounds secure," said nobody ever.
> I'll take this opportunity to dispute Bart's contention that we compete with Tesonet. I prefer to say that instead of buying IT infrastructure from them, we built our own :)
I want to take this time to let everyone know that the facts I am providing contradict protonmail's statement.
Turns out there was a plan to use Tesonet infra in Switzerland for this before we built our own infra in the Zurich area. What's interesting is that they weren't removed in RIPE when we decided to use our own infra instead, and this definitely needs to be corrected.
> So you, a privacy company, outsourced your IT to countless third parties in all sorts of countries?
You might have misread: "Third party IT companies were used to handle payroll and HR." This is not an uncommon practice for small companies and we still do this in countries where we have just 1 or 2 employees. It's a way to ensure employees get full benefits instead of being contractors with no benefits: https://en.wikipedia.org/wiki/Professional_employer_organiza...
I'll take this opportunity to dispute Bart's contention that we compete with Tesonet. I prefer to say that instead of buying IT infrastructure from them, we built our own :)
- ProtonVPN UAB lists Tesonet's CEO as a director
- ProtonVPN UAB is operated from Tesonet HQ in Vilnius, Lithuania
- ProtonVPN UAB uses previous Tesonet's technical employees
- ProtonVPN uses IP address blocks that belong to Tesonet
- ProtonVPN mobile app is signed by Tesonet
It seems, that ProtonVPN is a free VPN service by a data mining company from Lithuania.
Like ProtonMail, the ProtonVPN team is distributed, split between Geneva, Skopje, Vilnius, and San Francisco. Tesonet (one of the biggest IT firms in Vilnius) was previously used as outsourced HR before we incorporated our own entity in Vilnius. We have similar arrangements for our staff in San Francisco, Prague, and Skopje. The above poster's intentions are a bit suspect, given that he's the co-founder of PIA...
But your entity's business address in Lithuania is still Tesonet's HQ. And Tesonet runs the entire technical infrastructure needed for a VPN service. So, are you partners or competitors?
Tesonet is actually a massive network and connectivity provider with a LOT of IP addresses, and we did in fact consider renting some servers from them. Like most VPN services, most of our servers are rented. In fact, we only completely own the VPN servers within our Secure Core network (we do this for security reasons as part of the rationale behind Secure Core, but that's another topic).
In the end though, Tesonet wasn't selected to provide servers and IPs. Our biggest server and IP provider is actually Leaseweb, which is also a popular choice among many VPN providers. However, we have some concerns about Leaseweb so we are reducing the number of servers we rent from them. Generally speaking, our VPN threat model does not trust ANY servers outside of our own Secure Core network.
It's a bit of a stretch to go from that to Proton == Tesonet. It's not like the group of us that left CERN to create ProtonMail were also able to go to Macedonia, Lithuanian, Czechia, and the US and just employ people. HR is not exactly our expertise, so we had assistance from local partners in each country.
I would like to take this moment to show that, once again, you are trying to sell privacy under false pretenses and have no idea what you are doing both in terms of jurisdictional privacy nor technological privacy.
Switzerland is a BAD place for e-mail.
Any actual cypherpunk knows that . I'm not sure they teach privacy and activism at "CERN,"  so I'm not sure why that's ever relevant yet you keep talking about it. It's like that Fresh Prince episode where the guy kept saying "I'm from Harvard."
 https://home.cern/search/node/privacy%20language%3Aen (lol)
Chemin du Pré-Fleuri, 3
Furthermore, ProtonVPN UAB was created by Tesonet, and has Tesonet’s CEO Darius Bereika listed as director.
Because we are a small startup, we don't have our own dedicated office space in most of the countries we operate in, and instead have office in shared spaces.
Vilnius is no different, and the incorporation of ProtonVPN LT was outsourced to Tesonet due to their experience in handling these types of matters. Of course, now that our Vilnius office (and Proton as a whole) has grown, most things are now done internally.