Hacker News new | past | comments | ask | show | jobs | submit login
Proton Technologies awarded €2M from the EU (protonmail.com)
187 points by dotcoma 10 days ago | hide | past | web | favorite | 125 comments

Why is the EU investing in closed-source software? The server, mobile apps and ProtonMail Bridge are all proprietary. It's not as bad as investing in Microsoft Office but this decision doesn't make sense when they could just as easily fund fully open-source email solutions like Mail-in-a-box, iRedMail, Mailcow etc. I don't think they researched ProtonMail as thoroughly as they did the other open-source software they've invested in like 7-Zip, Apache Tomcat, Drupal, Filezilla, VLC, KeePass, Notepad++.

The point of this grant is not to help software.

The point is to help a service gain market shares and displace at least a little Gmail, Yahoo and Outlook, and limit the inpact of having only US companies in that field.

Email is a bit overlooked, but it's huge source of information, easy to obtain (with the appropriate laws), and quite good in term of quality. It renders email strategic.

With a grant to an oss project, it's not achieving directly this goal. And the bettering of the oss ecosystem is not likely to help an alternative service hugely.

Lastly, a mail server is probably one of the most annoying common piece of infrastructure to deploy. To the point that even people knowing how don't even bother.

As the article states, this money is to help them become more competitive in a landscape where there are a few large players that everyone goes to. The EU is very interested in fighting monopoly and cartel-like behavior, so this investment or similar ones shouldn't really be compared to investments into open source software, as they are funding what seems to be a SaaS offering and not just a desktop app.

Why? Because these are research grants for companies doing research of any kind or developing new products, regardless of the type of output[1]. Their objective is to help companies grow through this kind of project-oriented funding, their are not investing in a specific product for... I don't know, the common good. But sure, opensource grants would be a nice thing too.

European HNers with an established company, you should look into this, getting a grant is not as hard as it seems and there are companies that can help you prepare your proposal (even for free, check you local government programs)

[1] https://en.wikipedia.org/wiki/Framework_Programmes_for_Resea...

Although I don't know the details, I agree grants should be for open source software. For the record OpenPGP.js is largely developed by ProtonMail. Their frontend is also open source.

Because for non-zealots something being open-source isn't the one single yardstick for decision making. Something can be useful and worthy of investing and be closed-source.

Microsoft Windows is surely useful. It doesn't mean that we want taxpayer money to subsidize it.

I would point out though that this specific grant is made under the SME Instrument, specifically focused at helping SMEs bring new products to market.

If microsoft went bankrupt, we surely would want to support windows in some way.

Well the only way I would support it would be to purchase the code and make it open source :)

If Windows would then become free (as it is paid for by the taxpayer then), and preferably open-source, then absolutely. MS is not going bankrupt any time soon though.

Why not ? Microsoft is a big company and that come with jobs and revenues that can be taxed.

Well, from a European perspective the jobs and taxes are all abroad. I think that some politicians don't like that very much.

Well, under various parts of Horizon 2020 there are grants available for a lot of different projects.

Looks like they've been awarded the funds under the SME instrument phase 2, which is about providing grant funding for a variety of innovative business ideas, and generally intended to help existing businesses bring new products to market. You can see the exact details of the Proton project here: https://sme.easme-web.eu/?b=911075023

The point is, there's nothing specifically wrong about offering grants to companies who develop closed-source software, in the same way there's nothing wrong with offering grants to other companies who don't produce software at all. My company—building a hardware project—has also just been awarded funding under the same programme (I can reassure you that they did indeed research throughly!). Much of the business case for grant investments is the idea that offering funding to SMEs can be an overall economic benefit if it allows them to produce products or services that they wouldn't otherwise be able to offer. Given the rather more cautious private funding environment in Europe, it can be hard to otherwise come by some of these opportunities.

That's not to say that funding for open-source projects isn't a great thing, and I hope more of that continues to be made. The grants you refer to were made as part of FOSSA I think? It's done with different intent, but I reckon both are valuable.

The EU already invests in closed-source software with grants. I don't like it, but there are worse choices than ProtonMail.

I'm not sure it's a good idea, I've seen some other software companies they support and concluded it was a gravy train for those businesses.

If they are worried about the dominance of Google et all then they could look at taxes and regulatory changes to shift the balance.

Microsoft office is far and ahead the best document system- you probably use open source and standards compliant gdocs?

Bringing it up in comparison for no reason and just general being hostile to MS is the reason MS doesn't listen to non-enterprise feedback. They have their faults but people like you are the ones who don't let them improve. For you, it's not about technology- its about your personal grudges.

I've been using libreoffice since +10 years exclusively. Despite using protonmail myself if you look at it critically through a FOSS (libre) perspective it's one of the worst email platforms around which mainly benefits from the (incorrect) assumption that hosting in Switzerland is somehow safer than hosting anywhere else. They will happily comply with any court order even (or especially) from the US.

And it's not that the founders chose a Swiss structure because they were themselves Swiss. Even the product were hypothetically bug-free and fully FOSS ... the marketing (with its mountains in the background and "Secure Email Based in Switzerland" tagline) plays to the sentiment that a Swiss jurisdiction makes Protonmail a safer bet than other location is itself "snakeoil" ... if I think about this for too long I might even wonder about their much more relevant claims regarding security & actual code implementation.

I just couldn't agree more with it. It's a trend now, people think that hosting in Switzerland somehow more secure than anywhere else due to their data protection laws. Which is not always true, and what you really get(from experience) pretty awful customer support in comparison to other hosting providers or co-lo services.

Switzerland is NOT a more secure location for data hosting / processing than many other countries.

Switzerland's data protection laws are way behind the GDPR. Switzerland is struggling to adapt its data protection laws to keep its adequacy status with the EU. It has still not signed Convention 108.

Switzerland's surveillance system is growing and growing. The latest revision of the relevant law was targeted at services like ProtonMail and ProtonVPN (Federal Act on the Surveillance of Post and Telecommunications). Switzerland's federal secret service has got almost unlimited power without any meaningful control and is known as a close partner of the US (thanks to Snowden leaks). Every communication in Switzerland is under mass surveillance 24/7, the metadata is stored for at least six months (civil security authorities) or longer (secret services). Switzerland's armed forces work in close cooperation with NATO.

I am actually wondering whether Proton is a honeypot.

Actually, almost everything you wrote is untrue. If you actually read the text of the Federal Act on the Surveillance of Post and Telecommunications (which is publicly available in French and German), you will see that instead of targeting ProtonMail and ProtonVPN, the legislation actually does the opposite, and explicitly exempts all but the largest telcos.

You don't have to take our word for this, it's actually in the text of the law.

Also, if you read the actual text of the US/Switzerland MLAT (mutual lateral assistance treaty), or the text of the Swiss Data Protection Act, you will see that "unlimited power without any meaningful control" is also patently untrue, and there are many layers of control and an explicit need to satisfy the requirements of Swiss privacy laws, even on cases originating from the US.

"They will happily comply with any court order even (or especially) from the US."

Isn't it more true of e.g., German-based companies and less true of Swiss-based ones?

there is no difference afaik. the only difference is in perception which stems from the historical promise of banking secrecy.


I think, there is because Switzerland is not in the NATO and generally can't be that easily convinced to comply with anything.

No, I use LibreOffice which is an open-source solution that has most of the same feature set. I simply don't believe nations should have to use proprietary solutions for something as simple as documents and taxpayers be forced to fund it when there are viable alternatives.

That being said Outlook would have probably been a better comparison and the statement would have lost no impact, Microsoft is just the easiest proprietary software giant to point at.

It's not a personal grudge to be against forcing proprietary formats instead of an open, standardized format for no reason other than keeping a foothold over competitors and monopolizing the market. If Office used standardized formats, compatibility between alternative office software would never have been an issue, and the end-user would be none the wiser.

> Bringing it up in comparison for no reason and just general being hostile to MS is the reason MS doesn't listen to non-enterprise feedback

Are they really so shallow?

If they don't listen to non-enterprise feedback, that can only be because they don't give a fuck due to them having a monopoly.

Or ... nobody listens to a dog that barks constantly? Is it really that hard to comprehend?

Because that's not how companies operate.

Also blaming people on the Internet for Microsoft not listening is extremely rude.

But even if it were true, how is it any of our concern? Personally I couldn't care less about the way Microsoft chooses to conduct its business.

Kopano and Kolab are open source mail+ solutions from the EU. I'd be interested to know if they applied for EU funding and whether they received it.

Because it works and isn't a usability nightmare like most everything else you mentioned.

This. Even if it was fully open source, the EU should not decide which project live or die.

It's not only about being closed source. They are also not in the EU, and they are a for-profit (an Aktiengesellschaft).

The only reason I don't use them is because to get the full experience (IMAP, especially) I need to pay them... Now I have to pay them, and I don't even get to enjoy the product. Thanks EU! :P

You might not know this, but Switzerland actually pays more money into the EU than it gets from the EU, so not only are EU citizens like yourself not paying for this, you are actually receiving Swiss taxpayer money.

So it's actually the Swiss public footing the bill for your private software company. Doesn't make it any less gross. The EU really dropped the ball here.

As soon as Proton paid a Bitcoin ransom [0] to try and avoid a DDoS attack, I lost all hope for this company.


Well, as if that wasn't enough:

Vid shows how to easily hack 'anti-spy' webmail (sorry, ProtonMail) (2014)


Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back (2017)


And it turns out, that Mozilla had never been to the office where ProtonVPN was actually being developed, before agreeing to integrate it into Firefox:


This seems a bit disingenuous.

The first article is concerning an XSS flaw that was discovered in a pre-release beta version of ProtonMail 5 years ago, prior to public launch.

As for the second one, everybody can agree that criminals are bad, and we do work with law enforcement to bring them to justice, for example here: https://protonmail.com/blog/apophis-squad-arrest/

The third allegation has also been proven false time and time again. Mozilla checked ProtonVPN by meeting with the team in Geneva. The EU also checked Proton Technologies extensively before granting 2 million euros. The state of Geneva also checked before granting tax breaks.

On the other hand, there is ample evidence that there are shady VPN companies engaged in a large scale disinformation campaign against ProtonVPN. Just have a look at the 500 Twitter bots used to spread false info: https://twitter.com/conspirator0/status/1036353291662360577

Who is more likely to be telling the truth? 500 anonymous bots on Twitter, or Mozilla, the EU, and the state of Geneva who have all verified the company?

> The first article is concerning an XSS flaw that was discovered in a pre-release beta version of ProtonMail 5 years ago, prior to public launch.

It's not about the vulnerabilities themselves, but the fact, that the existing users were not informed about them at all when they were discovered:

"The reason I posted the video was because they did not communicate the security problems to their users – and did not even notify me when the bugs were patched," Roth told The Register.

"I believe that for a service that is used for 'secure communication' trust is very important – and if they hide vulnerabilities from their users I can not trust them."

The researcher said he had reported five vulnerabilities including a cross-site request forgery bug that apparently allowed an attacker to change victims' email signatures, further opening them to malicious cross-site scripts.

> As for the second one, everybody can agree that criminals are bad, and we do work with law enforcement to bring them to justice

Your company publicly bragged about engaging in a criminal activity, and then claimed that the journalist's report was based on "unsubstantiated rumors".

> The third allegation has also been proven false time and time again. Mozilla checked ProtonVPN by meeting with the team in Geneva.

As far as I am aware, Mozilla did nothing to visit the office in Vilnius, Lithuania, where ProtonVPN was actually being developed.

> On the other hand, there is ample evidence that there are shady VPN companies engaged in a large scale disinformation campaign against ProtonVPN.

I am not sure if any of it was really "disinformation", but it doesn't surprise me, that some of your competitors might have used it as an opportunity to enrich themselves, given how shady the industry of VPN providers is.

Actually, I wouldn't be surprised if Luminati Networks was behind this attack, since they compete with Tesonet directly as both, a free VPN provider, and as a data mining company.

> Who is more likely to be telling the truth? 500 anonymous bots on Twitter, or Mozilla, the EU, and the state of Geneva who have all verified the company?

I see you again and again trying to attach the "Proton" brand to the entities that people consider of high trust and integrity – such as "Switzerland", "Geneva", "EU", "Mozilla" – when, in fact, the real values of your company seem to be very far away from that.

You clearly have a grudge against us, so this is not going to be a meaningful discussion, but we do want to point out that this is entirely unsubstantiated:

> As far as I am aware, Mozilla did nothing to visit the office in Vilnius, Lithuania, where ProtonVPN was actually being developed.

Check on Linkedin. Proton devs are distributed across all our offices (Geneva, Zurich, Skopje, Prague, Vilnius, remote). Proton management is in Geneva, where we met Mozilla.

> Proton management is in Geneva, where we met Mozilla.

I have pointed this out, because a picture with Mozilla representatives in Geneva office was used as a proof that ProtonMail didn't outsource its free VPN service to a data mining company in Eastern Europe – and only used that company as "an office space provider" – when, in fact, Mozilla representatives never went there to verify it themselves.

Hi, can you provide some further info on the funding call or even the project page on the EU research portal, if it's up yet? I'm very curious which call this was, especially unusual as you don't mention any consortium partners! Thanks a lot and keep up the good work!

The full story is a bit more complex. ProtonMail was forced to pay by impacted upstream providers in Switzerland who threatened to permanently take the service offline.

Wow, as an EU citizen I can't figure out whether I think it's good or bad that we're now funding foreign companies.

Sure, Switzerland is very much European, but they're not in the EU. Romanian taxpayers are now contributing more to ProtonMail than Swiss taxpayers are.

This would be very much like the US government subsidizing a Canadian software company, on the grounds that 40% of their users are American plus some of their developers live in Vermont and Kentucky.

But, well, at least it goes to the good guys! So yay ProtonMail, I guess!

EDIT: I stand corrected, please do read some of the very insightful replies people posted. Thanks everyone!

Switzerland takes part in a lot of EU programs. The treaties are very complex and include financial contributions, free movement of people (with minor restrictions) and many other rights and obligations.

You can rest assured that Switzerland is not getting anything for free.

Yep, there ain't no such thing as a free lunch.

> The Confederation made compulsory contributions of CHF 724 million to the European Union from the launch of Horizon 2020 to the end of 2017 [...]. According to the most recent official data from the European Commission (as at 6 March 2018), between 2014 and 2017 Swiss institutions received a total of CHF 654 million from the EU (not including Euratom and ITER). This means that Switzerland’s payments to the EU to date are CHF 70 million higher than the amount researchers in Switzerland have received in funding from Europe.


This ignores that the calculation of this is really difficult. It's not 1 contract = 1 country, rather it's often consortia of dozens of institutions. One of these is coordinating and that will usually for various reasons be one based in an EU country. In many of the cases the complexity will be so high that it's difficult to say which institution/country gets the biggest share. But this might pay for conferences, travel cost and service contracts and other things that others benefit from too. In addition part of the funds will also cover the programme overhead. Swiss staff will be seconded to (and paid by) the EU. Etc etc etc.

Finally it's not all about the funds. Participation in this kind of calls bring prestige, partnerships, postdoc positions, etc.

Plain and simple Switzerland benefits significantly from being part, as do all other countries.

Switzerland pays into Horizon 2020. From 2014 to 2017 Swiss projects received over €60M less than those payments.


Romania receives more funds from EU than it provides. Afaik Switzerland pays large sums to be a Schengen member and associate to the EU. Thus, likely, no worries for Romanian taxpayers...

€2M is a drop in the ocean and companies can be and are routinely multi-national.

I'm a Romanian and I would be glad if my taxes actually went to projects such as ProtonMail.

Also Switzerland might not be in the EU, but they have strong treaties with the EU and they might become part of the EU in the future, because right now they basically have many of the obligations of member states without a seat at the table. And such awards only strengthens our relationship with them.

I think the distinction is artificial. I'm glad the EU is starting to fund more privacy related initiatives. For too long the only people putting funding behind tools like Signal, Tor and (our own) Umbrella App were organisations like the Open Tech Fund and other (largely US based) non-profit funders. It's important that this pool of resources has become diversified.

Interestingly enough, the US paid $840 million for a Canadian company, CGI, to develop the Obamacare health insurance website.


I don't know anything about the Obamacare website but from what you say that sounds very different since the US purchased something. It just happened to be from a foreign country. That sounds perfectly reasonable and common, assuming their was some kind of competitive selection process.

This is a grant:

> This grant also does not create any commitments on our part, other than using the funding for the purposes that we have outlined in our proposal

What am I missing?

Mutual openness of public procurement to companies of the partner country are a key ingredient of any trade agreement.

> Romanian taxpayers are now contributing more to ProtonMail than Swiss taxpayers are.

Yeah, but Romanian taxpayers can profit from it by (for example) using ProtonMail. This is only possible IF the project survives.

I find the nation state important, but to "put it back" into the Internet is a huge mistake!

It is also an untrue statement. Romania is a net recipient of EU funds, while Switzerland gives more money into the EU than it receives. So actually, the opposite is true. Swiss taxpayers are contributing to Romania ;-)

Better not spread such nonsense. The numbers shared in other places in this thread just don't show the whole picture. Switzerland benefits in many both financial and other ways from the partnership with the EU countries (from more tourism to a seat at the table to access to many opportunities in research and more that would otherwise be closed).

The EU is a very open body. It allows partner countries such as Switzerland or Norway in a large number of its programmes (actually Switzerland is currently not participating in most due to the Swiss not allowing free travel for Croatians, but as soon as they fix that they'll be back in).

In return those countries participate in the pot and the organisations involved (universities, SMEs, ..) can benefit from wider expertise. Links and exchange are strengthened. All benefit. Why those countries are in the EU programmes is the same why Brexit is idiotic: the collaboration benefits everyone, reduces overall costs and builds trust and strengthens all partners.

Let's be honest: Romanian taxpayers do not contribute any money to the EU or to ProtonMail. Romania is a net recipient state within the EU.

Let's be honest: Romanian (and other country) taxpayers contribute loads of money to the EU. Then some entities in that country, namely:

* those well-connected to politicians, or

* those able to push through the red tape of market-warping subsidies such as Horizon2020 using the right intermediary agencies for a cut (yes, it's a huge business!)

are the net recipients.

The money that arrives from the EU is significantly dissolved in nonsense projects (notorious hyper-expensive bicycle paths from-nowhere to-nowhere) and bureaucratic overhead. Equating the ingress EU money to taxpayers' benefits is too hopeful.

>> The money that arrives from the EU is significantly dissolved in nonsense projects (notorious hyper-expensive bicycle paths from-nowhere to-nowhere)

Why do you think this is nonsense? I was born in one of the poorer regions in Germany. When I was back on holiday I was positively suprised that one of those EU-funded bicycle lanes has been built there. It mostly connects villages (nowhere-to-nowhere so to speak) and the road has been a death-trap for cyclists for as long as I can think of. Since this lane was established the number of car-bicycle accidents has been reduced significantly.

From the outside these kinds of investment can seem like nonsense, but they are usually granted with close cooperation on the municipal level. For the people living in that region, it can be very beneficial...

I don't know about Germany; my understanding is it's quite a specific country in many ways (rich and orderly).

But at least in Romania (this thread), in my home country CZ, and I suspect in the rest of East Europe, "close cooperation on the municipal level" is a big part of the problem.

If you're interested, here are a few articles about the veritable EU money embezzlement business of bicycle paths (use Google translate). It runs deep, deep into politics:


https://www.lidovky.cz/byznys/statni-pokladna/praha-ma-nejdr... (1700 EUR / metre)

https://prahounakole.cz/2011/03/kauza-cyklostezka-sedlec-dus... (2300 EUR / m)

https://www.idnes.cz/jihlava/zpravy/cyklostezka-havlickuv-br... (3000 EUR / m)

https://domaci.ihned.cz/c1-52527290-cyklolavka-vede-odnikud-... (9000 EUR / m)



etc etc

Do you think the taxpayers, given a choice, would willingly contribute their tax money to such projects? Hence "nonsense".

Also note these projects often go against the wishes of local residents, and cost participation is ≫0% (EU/gvt subsidizes part of the cost + local municipality pays the rest). Which means, the local taxpayers get fucked over twice. Local politicians and their connected businesses profit.

I don't get it. Is that EU's fault? It's not like EU is saying "hey, here's €100m, build bicycle paths from nowhere to nowhere". It is your local politicians doing this kind of crap.

Nobody made a claim to the contrary (or even in agreement; no claim in that direction at all). You're going on a tangent, off-topic.

Following the rabbit hole.

Romania is a net recipient, doesn't mean it's not also contributing.

And now you understand brexit..

In terms of EU R&D budgets, the UK is a net receiver by 63%. It contributes 5.410^9€, and receives 8.810^9€, says the Royal Society [0].

To find a stick to beat a dog in the EU budget is easy.

After looking closely at UK financial contributions to the EU, the conclusion of a London School of Economics study[1] summarises things quite more eloquently: "In assessing the UK contributions to the EU’s finances, there are interpretations which are reasonable and those which are ‘spun’ to make political points, even though they are – bluntly – an abuse of statistics. A normative judgement about whether what the UK’s contributes (however measured) to the EU budget could be better spent on other public projects or whether the ‘membership fee’ yields sufficient benefits to be justified is beyond the scope of this paper. But the evidence is clear that, although it is a net contributor to an extent comparable with several other Member States of a similar level of prosperity, the UK does not face an unfair share of the burden of the gross costs of paying for Europe."

[0] https://royalsociety.org/~/media/policy/projects/eu-uk-fundi... (page 12)

[1] https://eprints.lse.ac.uk/67030/1/Begg_EU%20budget.pdf

Analyses of only the R&D budget is surely a biased interpretation of the statistics. To spell it out: If XYZ nation contributes 100bn and receives 10bn back to spend on R&D (because it has loads of high skilled workers / industry perhaps) and 20bn back to spend on everything else - that still makes it a net contributor to the tune of 70bn.

The EU is saving the UK money in many ways. All the costs of standardisation, trade negotiation, etc alone, of Britain needed to do all the processes itself, get the cost difference back. One of the first things UK did after the article 50 notice was to hire 4000 people for trade stuff that it didn't need to manage before - similar in many other fields. Medicines approval, aviation safety, maritime observation, Galileo, border protection, student exchanges, research, climate action, food standards and safety, development aid, election observation missions, ... All this is done through the EU budget.

Of course not the same amount of £££ flows to and fro, but anyone who thinks that should be the case really should start reading on what the EU actually does.

Exactly, you can understand the misguided reasoning that leads to Brexit.

I really want to like ProtonMail. I do like them, in fact.

Unfortunately, their business email offering only has one advantage: the encryption. Every other feature that's important for running a business (IMAP, shared inboxes, automatic forwarding capability, etc.) is severely lacking. My company just switched because we simply couldn't deliver quality customer support inside the confines of Proton's system. After switching, I realized how much I was missing from "normal" email systems. A polished business email offering really does make a major difference.

That being said, I really like their stance on privacy and their determination to make secure email a default, so I'm considering moving my personal email to them (ironically from the same company we just switched the business to).

I hope they can use some of this €2m to address shortcomings in their email platform so we can eventually switch back.

Protonmail employee here. Appreciate the feedback, would you be willing to have a call to discuss? Business feature development is high priority for us and we’d love to hear your problems first hand to ensure they are all addressed in the coming releases.

Absolutely! Feel free to email me directly at my work email: luke@stadiamaps.com.

Thanks, reaching out!

What provider did you switch for?

We transitioned to Fastmail.

I don't like the recent development of Australian privacy (i.e., lack of) laws, but I'm willing to give Fastmail a chance to address the issues—and switching is easy enough to allow us to transition to another provider if that becomes an issue.

> This funding will without a doubt accelerate our ProtonDrive efforts...

Looks like there’s a somewhat working site to learn more: http://protondrive.com

Comical. No-https

The site is incomplete. I wouldn't worry about the lack of HTTPS yet...

It takes very little effort to provide a cert these days. Even a landing page should have a cert. Especially from a company with a reputation for security and privacy like protonmail's.

So someone could phish it and pretend it's complete to get people's data...

It's disappointing they don't specify which funding call this was. This would give us an insight into what really is behind this.

Having been deeply involved in EU funding I am 95% certain they are overstating the "checks". Yes you have to provide financials, but it's not like the EU staff are auditing the company, they do a few basic checks based on the documents provided by the company to check that they are not in debt or going bankrupt soon.

Horizon 2020 has various angles but principally is about research so they must have requested funds for that, not directly for product development.

Even with closed source, still a nice thing to see this kind of company supported.

I can confirm it's from the call SME instruments Phase II

ProtonMail is fantastic. I'd recommend (and do myself) using it for a small start up. Hopefully this funding will allow development of some of the features which make it effectively impossible to use for an enterprise (or group > 20 people IMO). It's currently missing things such as:

Enforcing 2FA on anyone inside your organization.

Setting company-wide signatures.

Using HTML as your signature.

Setting company-wide/user details (ie. Allowing appending "Regards, %%Position%% %%LandLine%%" on an outgoing email).

Mail-flow rules (though admittedly, this is basically the same as the previous point).

Tagging of external emails ("This email was received outside of the organization at the start/end/subject of an email).

These are a few QOL suggestions i can think of off the top of my head. However, the enforcing 2FA on users, and being able to tag external emails are outright security issues which should genuinely be implemented as ProtonMail is both security and privacy focused. I did raise a ticket with all of this in a few months ago, but hope this gives the devs some visibility so they can use that sweet EU funding to improve on these. These basic features would make a world of difference to all users.

The use of HTML as your signature (last time I checked anyway) is silly, as this actually works absolutely fine. We ended up manually pasting the HTML into the page using right click -> inspect element, and hitting save... this works fine if anyone else is having the same problem.

TL;DR: Highly recommend ProtonMail but only for small orgs at this point.

Protonmail Bridge, required for IMAP, is so buggy as to be unusable. This means you’re effectively left with the bare bones web client. This may be ok for lots of people/businesses, but not for others.

Serious question, unusable on which platform?

Yes, sometime it crashes, but is good enough from my point of view, used to be way worse.

Windows 10. Esp. after latest update, emails keep disappearing and reappearing in the mailbox. And even before that, the bridge was timeouting all the time.

Thank you for the feedback. Bridge is receiving a lot of internal priority right now. If you have time, we’d appreciate your direct feedback: https://protonmail.com/support-form

But shouldn't enterprises be funding the development of enhancing enterprise-centric features? But anyway, the article talks about the money being earmarked for developing ProtonDrive.

The censors that previously flagged an outsourcing comment in https://news.ycombinator.com/item?id=18612296 are active again.

Because it has been proven false time and time again. Mozilla checked ProtonVPN by meeting with the team in Geneva. The EU also checked Proton Technologies extensively before granting 2 million euros.

Proton Technologies does not outsource. It has offices outside of Switzerland in Czechia, Macedonia, and Lithuania, but the bulk of the staff is in Switzerland. There are team photos online (https://www.instagram.com/p/BuWTJlaHPOf/), and if you visit the address on the website, you will see it is indeed that building.

On the other hand, there is ample evidence that there are shady VPN companies engaged in a large scale disinformation campaign against ProtonVPN. Just have a look at the 500 Twitter bots used to spread the rumors: https://twitter.com/conspirator0/status/1036353291662360577

So who do you want to believe? 500 bots on Twitter, or Mozilla, the EU, and the state of Geneva who have all come out and verified the company?

Then the EU probably overlooked this:


If ProtonMail had grown like a typical Swiss company, only hiring candidates from Switzerland, we never would have been able to find enough talent to drive our growth. By hiring globally, and disregarding which country a candidate is from, we increased our potential hiring pool from 8 million to 7 billion. A diverse workplace also helps to attract applicants. More applicants means we can hire more candidates, while simultaneously being more selective.

But I'm glad that EU money is spent for hiring globally.

Along with this and the previous GDPR, Does it mean that EU is more concerned about the Privacy of its citizens than any other Nation ?

Because everywhere else we see a pattern of Privacy invasion but EU has always been the front runner in setting up benchmark of how PII data should be handld.

I think it is more than just Privacy. Privacy concerns are just a byproduct of policies that puts individuals over corporations, people over cars, and so forth.

Yes and no, the EU is more concerned with intrusion into citizen privacy from the private sector than any other large player.

As far as the public sector goes, however, the GDPR is mainly meant to increase security surrounding citizen privacy. You can’t demand to have your criminal record deleted for instance, and there is a range of privacy data like that which serves a purpose within the public sector. The EU is fine with that, and possibly more so than the US, but the EU does want to keep it safer than has previously been the case. Mostly because the European public sector didn’t meet really take these security requirements seriously enough on its own. The GDPR didn’t really change the rules for the public sector, it rather increased the penalty for not following them.

There is an old saying that in the US people trust their corporations and not their governments. It’s the opposite in Europe.

I wouldn't go as far as to say we "trust" our governments. But having privacy tools to ensure both corporations and governments stay off the path to mass data collection on their users/citizens can only be a good thing.

It's a double-sided argument however, on one hand the EU shows some interest in privacy, but member states still allow anti-privacy laws to be introduced in the name of "security" [1].

[1] https://www.laquadrature.net/censureterro/ (French)

It is interesting though, because even at least in theory, you vote for your government but not the corporations.

You buy stuff from corporations everyday, at least in theory.

You vote with your money

Or for many of the organizations in question with your privacy

Basically money - it is in place of a monetary payment and is "converted" to money by the corporation. IMO it's interesting to see how low value privacy has for most people, while the value of the data is huge for a corporation.

I think the more nuanced issue here is around consent and understanding, specially the consequences of. I dare say majority of people don't understand or even think about it.

Yes, in capitalism theory, where individuals are rational entities that can comprehend, afford, and consider the consequences of their choices without being swayed by advertisement or their economic situation.

In practice, people buy the best value thing for now without giving much thought or as a general rule being able to comprehend the long term impact of it on their own, let alone the society as whole.

This is why we you need and have anti-trust, consumer protection, and various other laws and systems to protect consumers.

You're arguing as if I was suggesting we should abolish the government. I simply said that in case of corporations, you vote with your money, which is absolutely true (basically the first law of economics - supply/demand) - I said and meant nothing about government or its abolishment nor any change of laws (I'm European). I replied to a comment saying that corporations are not voted for, not to a comment saying that antitrust laws are important.

I understood, my argument is against the very premise of said law, the notion that consumers are rationale entitles that make conscious choices, specially concerning society and long term issues.

Now, if you do agree with my idea that as a general rule, consumers are irrational individuals that don't ponder or simply comprehend the consequences of their choices (not least because they're fools but because of the complexity of markets and supply chains) , specially on a social level, or are forced to make choices as a result of their economic standing; then the idea of consumers voting for companies becomes some kind of a caricature mocking the notion of voting and choice.

It would also mock what you're saying about governments. Why would people working for gvt be better than us at making those kind of choices ?

  consumers are rationale 
You don't need to suppose that for supply and demand

I don't think that consumers are that irrational.

    without being swayed by advertisement or their economic situation
Are you implying that the political world is not advertising and lying all the time, and that our political choices not influenced by our economic situation ?

   In practice, people buy the best value thing for now without giving much thought or as a general rule being able to comprehend the long term impact of it on their own, let alone the society as whole

The same for politics

Except governments don't move to tax heavens or other countries when things tank. It is in the interest of governments to maintain a viable economy and society, not so for private sector. That difference alone is enough to not do this silly "if you don't trust corporations then your government is the same" bs rhetoric. We don't even need to talk about due process and duty of care.

If there wasn't a government (other problems of that aside), the corporation wouldn't have to move. Simply put, it's a clash of two worlds - as we all know.

BTW what is the corporation supposed to do? Take the bullet? Why the hell would they do that? Would you personally do that? Economic migration is absolutely normal, especially today. Are you angry that people are moving away because things tank? I suppose not. Guess what? A corporation is made up of people.

> If there wasn't a government (other problems of that aside), the corporation wouldn't have to move. Simply put, it's a clash of two worlds - as we all know.

Absolute nonsense. When a medical or economical crisis comes, do you really think that the same companies that flee from increased taxes (because of said problems) would voluntarily try to solve the problem? of course not.

   Except governments don't move to tax heavens or other countries when things tank
Yes, by definition ?.. Corporation don't move to tax heaven either, otherwise they wouldn't have people to sell to anymore.

Calling me bullshit doesn't bring anything relevant to the discussion

> Corporation don't move to tax heaven either.

What kind of joke is this? Ireland, Cayman Islands, and many other tax heavens said hello, we do exist! we are absolutely real.


What do you mean by "move" ? By "move" I mean you're not in the place you were before you "move"

> Along with this and the previous GDPR, Does it mean that EU is more concerned about the Privacy of its citizens than any other Nation?

Well, yes.

The EU is not a nation.

There are plenty of people in the EU who actually consider themselves a "EU citizen". Like me, born in Poland, lived in the UK, Belgium and now Germany.

They could be more concerned, doesn't mean what they'll do will be beneficial to our privacy. In this example the money they gave to Proton was taken from others that can't invest it themselves.

Oh boy

Good! And now the EU should invest €50M into Jolla...

I mentioned Jolla here b/c I thought while email/datadrive security is important, the phone ecosystem is much more so. Jolla (and Librem, anything else?) are an alternative to the Android/iPhone duopoly and should be actively supported.

have jolla approached the EU for funding?

Don't know. Rostelecom has invested. Seems wise to try to better protect government employees from leaking data from their phones. E.g. not so nice when my Bundeskanzlers (Merkel) phone get spied upon by friends.

Friends don't spy on friends

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact