So I’ve been looking up VPN stuff, and in the process, I’ve stumbled on ProtonVPN, from the same people as ProtonMail. They’re now offering private cloud storage, and I’m wondering how private is it. e2e means I have to manage the keys on my device right? I don’t know how else it could realistically work, if they manage keys, they can access my keys etc?
There are a few end to end file storage options out there (including iCloud Drive if you enable “advanced data protection”, though that’s only useful for Apple users).
You might also check out https://cryptomator.org/ — it lets you use any storage provider but encrypt your files before uploading. Plus it’s open source.
I’ve been a long-time Proton Mail customer, though I only briefly tried to use it as a primary email service. Using Proton Mail as my primary email provider just wasn’t practical for me: the privacy benefits weren’t worth the convenience tradeoffs of poor search and limited IMAP client support through its local proxy software.
Anyway, I would put a fair amount of trust in them. They were founded by earnest people (scientists, not necessarily cryptographers) but they’ve had their work audited by full-time cryptographers.
You do not need to manage your own keys with Proton’s products. They actually keep the keys server-side, but that’s okay, because your password (make it a good one) decrypts the keys on the client-side, making it impossible for them to decrypt your data without it. Credentialed experts have given a nod of approval to what they’re doing.
Now of course that does mean that if you lose your password and account recovery data, you lose your data forever. That’s always the tradeoff with end-to-end encryption.
I agree with everything you said about proton mail. It is really good but I decided I don’t care enough about privacy not to use something easy. Also, if you forget your password a reset wipes your data. (If I recall correctly)
You might be able to download other recovery tokens that get you access, but yeah, with any truly end-to-end encrypted product, once you lose the ability to decrypt your data, it’s gone forever.
For me the biggest issue really is search, especially on mobile. All you can do is search the metadata.