The point is to help a service gain market shares and displace at least a little Gmail, Yahoo and Outlook, and limit the inpact of having only US companies in that field.
Email is a bit overlooked, but it's huge source of information, easy to obtain (with the appropriate laws), and quite good in term of quality. It renders email strategic.
With a grant to an oss project, it's not achieving directly this goal. And the bettering of the oss ecosystem is not likely to help an alternative service hugely.
Lastly, a mail server is probably one of the most annoying common piece of infrastructure to deploy. To the point that even people knowing how don't even bother.
European HNers with an established company, you should look into this, getting a grant is not as hard as it seems and there are companies that can help you prepare your proposal (even for free, check you local government programs)
Looks like they've been awarded the funds under the SME instrument phase 2, which is about providing grant funding for a variety of innovative business ideas, and generally intended to help existing businesses bring new products to market. You can see the exact details of the Proton project here: https://sme.easme-web.eu/?b=911075023
The point is, there's nothing specifically wrong about offering grants to companies who develop closed-source software, in the same way there's nothing wrong with offering grants to other companies who don't produce software at all. My company—building a hardware project—has also just been awarded funding under the same programme (I can reassure you that they did indeed research throughly!). Much of the business case for grant investments is the idea that offering funding to SMEs can be an overall economic benefit if it allows them to produce products or services that they wouldn't otherwise be able to offer. Given the rather more cautious private funding environment in Europe, it can be hard to otherwise come by some of these opportunities.
That's not to say that funding for open-source projects isn't a great thing, and I hope more of that continues to be made. The grants you refer to were made as part of FOSSA I think? It's done with different intent, but I reckon both are valuable.
If they are worried about the dominance of Google et all then they could look at taxes and regulatory changes to shift the balance.
Bringing it up in comparison for no reason and just general being hostile to MS is the reason MS doesn't listen to non-enterprise feedback. They have their faults but people like you are the ones who don't let them improve. For you, it's not about technology- its about your personal grudges.
And it's not that the founders chose a Swiss structure because they were themselves Swiss. Even the product were hypothetically bug-free and fully FOSS ... the marketing (with its mountains in the background and "Secure Email Based in Switzerland" tagline) plays to the sentiment that a Swiss jurisdiction makes Protonmail a safer bet than other location is itself "snakeoil" ... if I think about this for too long I might even wonder about their much more relevant claims regarding security & actual code implementation.
Switzerland's data protection laws are way behind the GDPR. Switzerland is struggling to adapt its data protection laws to keep its adequacy status with the EU. It has still not signed Convention 108.
Switzerland's surveillance system is growing and growing. The latest revision of the relevant law was targeted at services like ProtonMail and ProtonVPN (Federal Act on the Surveillance of Post and Telecommunications). Switzerland's federal secret service has got almost unlimited power without any meaningful control and is known as a close partner of the US (thanks to Snowden leaks). Every communication in Switzerland is under mass surveillance 24/7, the metadata is stored for at least six months (civil security authorities) or longer (secret services). Switzerland's armed forces work in close cooperation with NATO.
I am actually wondering whether Proton is a honeypot.
You don't have to take our word for this, it's actually in the text of the law.
Also, if you read the actual text of the US/Switzerland MLAT (mutual lateral assistance treaty), or the text of the Swiss Data Protection Act, you will see that "unlimited power without any meaningful control" is also patently untrue, and there are many layers of control and an explicit need to satisfy the requirements of Swiss privacy laws, even on cases originating from the US.
Isn't it more true of e.g., German-based companies and less true of Swiss-based ones?
That being said Outlook would have probably been a better comparison and the statement would have lost no impact, Microsoft is just the easiest proprietary software giant to point at.
Are they really so shallow?
If they don't listen to non-enterprise feedback, that can only be because they don't give a fuck due to them having a monopoly.
Also blaming people on the Internet for Microsoft not listening is extremely rude.
But even if it were true, how is it any of our concern? Personally I couldn't care less about the way Microsoft chooses to conduct its business.
The only reason I don't use them is because to get the full experience (IMAP, especially) I need to pay them... Now I have to pay them, and I don't even get to enjoy the product. Thanks EU! :P
Vid shows how to easily hack 'anti-spy' webmail (sorry, ProtonMail) (2014)
Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back (2017)
And it turns out, that Mozilla had never been to the office where ProtonVPN was actually being developed, before agreeing to integrate it into Firefox:
The first article is concerning an XSS flaw that was discovered in a pre-release beta version of ProtonMail 5 years ago, prior to public launch.
As for the second one, everybody can agree that criminals are bad, and we do work with law enforcement to bring them to justice, for example here: https://protonmail.com/blog/apophis-squad-arrest/
The third allegation has also been proven false time and time again. Mozilla checked ProtonVPN by meeting with the team in Geneva. The EU also checked Proton Technologies extensively before granting 2 million euros. The state of Geneva also checked before granting tax breaks.
On the other hand, there is ample evidence that there are shady VPN companies engaged in a large scale disinformation campaign against ProtonVPN. Just have a look at the 500 Twitter bots used to spread false info: https://twitter.com/conspirator0/status/1036353291662360577
Who is more likely to be telling the truth? 500 anonymous bots on Twitter, or Mozilla, the EU, and the state of Geneva who have all verified the company?
It's not about the vulnerabilities themselves, but the fact, that the existing users were not informed about them at all when they were discovered:
"The reason I posted the video was because they did not communicate the security problems to their users – and did not even notify me when the bugs were patched," Roth told The Register.
"I believe that for a service that is used for 'secure communication' trust is very important – and if they hide vulnerabilities from their users I can not trust them."
The researcher said he had reported five vulnerabilities including a cross-site request forgery bug that apparently allowed an attacker to change victims' email signatures, further opening them to malicious cross-site scripts.
> As for the second one, everybody can agree that criminals are bad, and we do work with law enforcement to bring them to justice
Your company publicly bragged about engaging in a criminal activity, and then claimed that the journalist's report was based on "unsubstantiated rumors".
> The third allegation has also been proven false time and time again. Mozilla checked ProtonVPN by meeting with the team in Geneva.
As far as I am aware, Mozilla did nothing to visit the office in Vilnius, Lithuania, where ProtonVPN was actually being developed.
> On the other hand, there is ample evidence that there are shady VPN companies engaged in a large scale disinformation campaign against ProtonVPN.
I am not sure if any of it was really "disinformation", but it doesn't surprise me, that some of your competitors might have used it as an opportunity to enrich themselves, given how shady the industry of VPN providers is.
Actually, I wouldn't be surprised if Luminati Networks was behind this attack, since they compete with Tesonet directly as both, a free VPN provider, and as a data mining company.
> Who is more likely to be telling the truth? 500 anonymous bots on Twitter, or Mozilla, the EU, and the state of Geneva who have all verified the company?
I see you again and again trying to attach the "Proton" brand to the entities that people consider of high trust and integrity – such as "Switzerland", "Geneva", "EU", "Mozilla" – when, in fact, the real values of your company seem to be very far away from that.
> As far as I am aware, Mozilla did nothing to visit the office in Vilnius, Lithuania, where ProtonVPN was actually being developed.
Check on Linkedin. Proton devs are distributed across all our offices (Geneva, Zurich, Skopje, Prague, Vilnius, remote). Proton management is in Geneva, where we met Mozilla.
I have pointed this out, because a picture with Mozilla representatives in Geneva office was used as a proof that ProtonMail didn't outsource its free VPN service to a data mining company in Eastern Europe – and only used that company as "an office space provider" – when, in fact, Mozilla representatives never went there to verify it themselves.
Sure, Switzerland is very much European, but they're not in the EU. Romanian taxpayers are now contributing more to ProtonMail than Swiss taxpayers are.
This would be very much like the US government subsidizing a Canadian software company, on the grounds that 40% of their users are American plus some of their developers live in Vermont and Kentucky.
But, well, at least it goes to the good guys! So yay ProtonMail, I guess!
EDIT: I stand corrected, please do read some of the very insightful replies people posted. Thanks everyone!
You can rest assured that Switzerland is not getting anything for free.
> The Confederation made compulsory contributions of CHF 724 million to the European Union from the launch of Horizon 2020 to the end of 2017 [...]. According to the most recent official data from the European Commission (as at 6 March 2018), between 2014 and 2017 Swiss institutions received a total of CHF 654 million from the EU (not including Euratom and ITER). This means that Switzerland’s payments to the EU to date are CHF 70 million higher than the amount researchers in Switzerland have received in funding from Europe.
Finally it's not all about the funds. Participation in this kind of calls bring prestige, partnerships, postdoc positions, etc.
Plain and simple Switzerland benefits significantly from being part, as do all other countries.
I'm a Romanian and I would be glad if my taxes actually went to projects such as ProtonMail.
Also Switzerland might not be in the EU, but they have strong treaties with the EU and they might become part of the EU in the future, because right now they basically have many of the obligations of member states without a seat at the table. And such awards only strengthens our relationship with them.
This is a grant:
> This grant also does not create any commitments on our part, other than using the funding for the purposes that we have outlined in our proposal
What am I missing?
Yeah, but Romanian taxpayers can profit from it by (for example) using ProtonMail. This is only possible IF the project survives.
I find the nation state important, but to "put it back" into the Internet is a huge mistake!
In return those countries participate in the pot and the organisations involved (universities, SMEs, ..) can benefit from wider expertise. Links and exchange are strengthened. All benefit. Why those countries are in the EU programmes is the same why Brexit is idiotic: the collaboration benefits everyone, reduces overall costs and builds trust and strengthens all partners.
* those well-connected to politicians, or
* those able to push through the red tape of market-warping subsidies such as Horizon2020 using the right intermediary agencies for a cut (yes, it's a huge business!)
are the net recipients.
The money that arrives from the EU is significantly dissolved in nonsense projects (notorious hyper-expensive bicycle paths from-nowhere to-nowhere) and bureaucratic overhead. Equating the ingress EU money to taxpayers' benefits is too hopeful.
Why do you think this is nonsense? I was born in one of the poorer regions in Germany. When I was back on holiday I was positively suprised that one of those EU-funded bicycle lanes has been built there. It mostly connects villages (nowhere-to-nowhere so to speak) and the road has been a death-trap for cyclists for as long as I can think of. Since this lane was established the number of car-bicycle accidents has been reduced significantly.
From the outside these kinds of investment can seem like nonsense, but they are usually granted with close cooperation on the municipal level. For the people living in that region, it can be very beneficial...
But at least in Romania (this thread), in my home country CZ, and I suspect in the rest of East Europe, "close cooperation on the municipal level" is a big part of the problem.
If you're interested, here are a few articles about the veritable EU money embezzlement business of bicycle paths (use Google translate). It runs deep, deep into politics:
https://www.lidovky.cz/byznys/statni-pokladna/praha-ma-nejdr... (1700 EUR / metre)
https://prahounakole.cz/2011/03/kauza-cyklostezka-sedlec-dus... (2300 EUR / m)
https://www.idnes.cz/jihlava/zpravy/cyklostezka-havlickuv-br... (3000 EUR / m)
https://domaci.ihned.cz/c1-52527290-cyklolavka-vede-odnikud-... (9000 EUR / m)
Do you think the taxpayers, given a choice, would willingly contribute their tax money to such projects? Hence "nonsense".
Also note these projects often go against the wishes of local residents, and cost participation is ≫0% (EU/gvt subsidizes part of the cost + local municipality pays the rest). Which means, the local taxpayers get fucked over twice. Local politicians and their connected businesses profit.
To find a stick to beat a dog in the EU budget is easy.
After looking closely at UK financial contributions to the EU, the conclusion of a London School of Economics study summarises things quite more eloquently:
"In assessing the UK contributions to the EU’s finances, there are interpretations which are reasonable and those which are ‘spun’ to make political points, even though they are – bluntly – an abuse of statistics. A normative judgement about whether what the UK’s contributes (however
measured) to the EU budget could be better spent on other public projects or whether the ‘membership fee’ yields sufficient benefits to be justified is beyond the scope of this paper. But the evidence is clear that, although it is a net contributor to an extent comparable with several other Member States of a similar level of prosperity, the UK does not face an unfair share of the burden of the gross costs of paying for Europe."
 https://royalsociety.org/~/media/policy/projects/eu-uk-fundi... (page 12)
Of course not the same amount of £££ flows to and fro, but anyone who thinks that should be the case really should start reading on what the EU actually does.
Unfortunately, their business email offering only has one advantage: the encryption. Every other feature that's important for running a business (IMAP, shared inboxes, automatic forwarding capability, etc.) is severely lacking. My company just switched because we simply couldn't deliver quality customer support inside the confines of Proton's system. After switching, I realized how much I was missing from "normal" email systems. A polished business email offering really does make a major difference.
That being said, I really like their stance on privacy and their determination to make secure email a default, so I'm considering moving my personal email to them (ironically from the same company we just switched the business to).
I hope they can use some of this €2m to address shortcomings in their email platform so we can eventually switch back.
I don't like the recent development of Australian privacy (i.e., lack of) laws, but I'm willing to give Fastmail a chance to address the issues—and switching is easy enough to allow us to transition to another provider if that becomes an issue.
Looks like there’s a somewhat working site to learn more: http://protondrive.com
Having been deeply involved in EU funding I am 95% certain they are overstating the "checks". Yes you have to provide financials, but it's not like the EU staff are auditing the company, they do a few basic checks based on the documents provided by the company to check that they are not in debt or going bankrupt soon.
Horizon 2020 has various angles but principally is about research so they must have requested funds for that, not directly for product development.
Even with closed source, still a nice thing to see this kind of company supported.
Enforcing 2FA on anyone inside your organization.
Setting company-wide signatures.
Using HTML as your signature.
Setting company-wide/user details (ie. Allowing appending "Regards, %%Position%% %%LandLine%%" on an outgoing email).
Mail-flow rules (though admittedly, this is basically the same as the previous point).
Tagging of external emails ("This email was received outside of the organization at the start/end/subject of an email).
These are a few QOL suggestions i can think of off the top of my head. However, the enforcing 2FA on users, and being able to tag external emails are outright security issues which should genuinely be implemented as ProtonMail is both security and privacy focused. I did raise a ticket with all of this in a few months ago, but hope this gives the devs some visibility so they can use that sweet EU funding to improve on these. These basic features would make a world of difference to all users.
The use of HTML as your signature (last time I checked anyway) is silly, as this actually works absolutely fine. We ended up manually pasting the HTML into the page using right click -> inspect element, and hitting save... this works fine if anyone else is having the same problem.
TL;DR: Highly recommend ProtonMail but only for small orgs at this point.
Yes, sometime it crashes, but is good enough from my point of view, used to be way worse.
Proton Technologies does not outsource. It has offices outside of Switzerland in Czechia, Macedonia, and Lithuania, but the bulk of the staff is in Switzerland. There are team photos online (https://www.instagram.com/p/BuWTJlaHPOf/), and if you visit the address on the website, you will see it is indeed that building.
On the other hand, there is ample evidence that there are shady VPN companies engaged in a large scale disinformation campaign against ProtonVPN. Just have a look at the 500 Twitter bots used to spread the rumors: https://twitter.com/conspirator0/status/1036353291662360577
So who do you want to believe? 500 bots on Twitter, or Mozilla, the EU, and the state of Geneva who have all come out and verified the company?
If ProtonMail had grown like a typical Swiss company, only hiring candidates from Switzerland, we never would have been able to find enough talent to drive our growth. By hiring globally, and disregarding which country a candidate is from, we increased our potential hiring pool from 8 million to 7 billion. A diverse workplace also helps to attract applicants. More applicants means we can hire more candidates, while simultaneously being more selective.
But I'm glad that EU money is spent for hiring globally.
Because everywhere else we see a pattern of Privacy invasion but EU has always been the front runner in setting up benchmark of how PII data should be handld.
As far as the public sector goes, however, the GDPR is mainly meant to increase security surrounding citizen privacy. You can’t demand to have your criminal record deleted for instance, and there is a range of privacy data like that which serves a purpose within the public sector. The EU is fine with that, and possibly more so than the US, but the EU does want to keep it safer than has previously been the case. Mostly because the European public sector didn’t meet really take these security requirements seriously enough on its own. The GDPR didn’t really change the rules for the public sector, it rather increased the penalty for not following them.
There is an old saying that in the US people trust their corporations and not their governments. It’s the opposite in Europe.
It's a double-sided argument however, on one hand the EU shows some interest in privacy, but member states still allow anti-privacy laws to be introduced in the name of "security" .
 https://www.laquadrature.net/censureterro/ (French)
In practice, people buy the best value thing for now without giving much thought or as a general rule being able to comprehend the long term impact of it on their own, let alone the society as whole.
This is why we you need and have anti-trust, consumer protection, and various other laws and systems to protect consumers.
Now, if you do agree with my idea that as a general rule, consumers are irrational individuals that don't ponder or simply comprehend the consequences of their choices (not least because they're fools but because of the complexity of markets and supply chains) , specially on a social level, or are forced to make choices as a result of their economic standing; then the idea of consumers voting for companies becomes some kind of a caricature mocking the notion of voting and choice.
consumers are rationale
without being swayed by advertisement or their economic situation
In practice, people buy the best value thing for now without giving much thought or as a general rule being able to comprehend the long term impact of it on their own, let alone the society as whole
BTW what is the corporation supposed to do? Take the bullet? Why the hell would they do that? Would you personally do that? Economic migration is absolutely normal, especially today. Are you angry that people are moving away because things tank? I suppose not. Guess what? A corporation is made up of people.
Absolute nonsense. When a medical or economical crisis comes, do you really think that the same companies that flee from increased taxes (because of said problems) would voluntarily try to solve the problem? of course not.
Except governments don't move to tax heavens or other countries when things tank
Calling me bullshit doesn't bring anything relevant to the discussion
What kind of joke is this? Ireland, Cayman Islands, and many other tax heavens said hello, we do exist! we are absolutely real.