this post was submitted on 05 Aug 2025

4 points (55.9% liked)

Proton

7422 readers

94 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 2 years ago

MODERATORS

ProtonPrivacy@lemmy.world

alex_herrero@lemmy.world

Nelizea@lemmy.world

Proton Pass is not safe? (lemmy.world)

submitted 1 day ago* (last edited 23 hours ago) by IronJumbo@lemmy.world to c/protonprivacy@lemmy.world

19 comments fedilink hide all child comments

This community is reportedly official, but I see no activity of the Proton Team here :(

Can the Proton Team comment on this test?

Source article:

https://venaksecurity.com/2025/06/04/keeper-is-the-only-password-manager-that-protects-against-infostealers/

Edit:

I am not associated with any tested company or this blog.

I am an ordinary user of all Proton products since his birth and I love him.

Because the test looks credible, I just want an expert from Proton to dispel my doubts or honestly confirm the problem.

I am aware that the test may be a product promotion, but the question is: can the threat be real for the Proton Pass?

all 20 comments

sorted by: hot top controversial new old

[–] lustrum@sh.itjust.works 54 points 1 day ago* (last edited 1 day ago) (3 children)

This reads just like a paid promotion. Whenever I see a table above where one product is all ticks, it's usually being shilled right?

[–] chickenf622@sh.itjust.works 11 points 1 day ago (2 children)

That was my immediate thought. Especially when the article has a section near the top dedicated to talking just about it.

[–] lustrum@sh.itjust.works 10 points 21 hours ago* (last edited 21 hours ago)

It says Keeper 9 times.

Proton 4, bitwarden 2, Nord 4, 1password 3, Last Pass 2, Dashlane 3.

Keerper with forcefield was the only one with a hyperlink to their website.

Theres not real methodology behind their testing procedure beyond a CMD output for each and "Keeper" shows "access denied"

[–] IronJumbo@lemmy.world 2 points 1 day ago (1 children)

Even if it is an advertisement, can the threats be true?

[–] chickenf622@sh.itjust.works 10 points 23 hours ago

Theoretically, but it also seems the attack vectors require malware to be installed on your computer which already means your security is compromised.

[–] IronJumbo@lemmy.world 1 points 1 day ago (2 children)

I am not associated with any tested company or this blog.

I am an ordinary user of all Proton products since his birth and I love him.

Because the test looks credible, I just want an expert from Proton to dispel my doubts or honestly confirm the problem.

[–] 0_o7@lemmy.dbzer0.com 1 points 12 hours ago

I am not associated with any tested company or this blog.

You didn't think of using the regular support channel from Proton themselves?

Why post it on an online forum that doesn't claim to be official, expecting an expert from Proton to reply to you?

[–] zonnewin@feddit.nl 6 points 18 hours ago

How do you figure it looks credible? It looks like an advertisement from miles away.

[–] irelephant@lemmy.dbzer0.com 41 points 1 day ago

[–] puppinstuff@lemmy.ca 10 points 19 hours ago* (last edited 17 hours ago)

You won’t find official Proton staff in the fediverse. They don’t like getting piled on for their CEOs statements so they pulled up stakes rather than try to fix the mess.

People were outsized dicks and Proton was enormously dismissive. Sometimes both groups can be wrong.

[–] codexarcanum@lemmy.dbzer0.com 22 points 1 day ago (1 children)

Reads a bit like an ad, and doesn't look into self-hosted KeepassXC, which is also memory safe.

I don't trust any online password managers anymore. Too much juicy data collected in one place, too many intermediaries all doing the right thing to rely on. And as the link I posted says, if the attacker has malware on your machine already, memory safety is a final defence but you're likely already compromised.

[–] socialsecurity@piefed.social 5 points 1 day ago

Not even Bitwarden?

[–] tetchey@aussie.zone 9 points 21 hours ago

The table doesn't mention independent security auditing, which in my mind is more important than most of the items on the list.

Our product you've never heard of is safer than the ones from well-established brands. Trust us.

[–] rumba@lemmy.zip 1 points 15 hours ago

The memory protection attempts on keeper versus the rest seem pretty legit.

The online protection is legitimate although if you're required to do an online auth before you unlock a vault that means you have no ability to unlock your vault if you're not online. So if you were having internet problems you might not be able to get into your router. Personally I think 2FA or yuby key is more than enough for that to allow offline authentication.

The claim of browser extension protection is a little nebulous. They specifically call out a single memory related browser feature and say that no one else checks against any browser extension attacks.

The whole document is definitely marketing slop but it's not without some truth. Yeah, you can read unlock vaults through other programs. But you can also keylog from other programs, do 2fa interception attacks.

They're putting a f*** ton of marketing out there to the point it's hard to find articles that aren't biased. Almost nothing out there even talks about the cons of the being significantly more expensive than the rest. What I was able to find with user reviews as their autofill is wanting, trying to put credit cards into web pages is inconsistent at best. And most places that compared them even against bitwarden shows bitwarden handily over usability issues

Honestly, I think using a zero knowledge password manager with built 2FA is sufficient enough right now.

[–] KiwiTB@lemmy.world 7 points 1 day ago

Don't make claims you can't backup with evidence.

[–] shadejinx@lemmy.world 5 points 23 hours ago

Keeper's Browser extension is/was trash. Recently it had a bug where, on some websites, it'll kept pasting my MFA token in every single number field on every page for the website, long after authentication finished.

[–] Ulrich@feddit.org 2 points 23 hours ago* (last edited 23 hours ago)

It's "community-supported", meaning they have nothing to do with it. They don't care about private or free platforms.

[–] cosmicrose@lemmy.blahaj.zone 1 points 23 hours ago

https://soatok.blog/2025/07/07/checklists-are-the-thief-of-joy/

[–] the_q@lemmy.zip 1 points 1 day ago

If you rely on a third party of any kind it's not safe and should be tested that way.