I think you are referring to GNU Taler.

It recently started operating in a kind of open beta in Switzerland https://news.itsfoss.com/gnu-taler-swiss-operations/

I wish there was a good alternative to YouTube. I've been meaning to host a Peertube instance but that process is really not as straightforward as it should be if they want the platform to gain widespread adoption

Google Maps has pretty decent alternatives though:

• For simply browsing the map I use OpenStreetMaps on desktop, and Organic Maps on mobile.
• For navigation (by car) I used to use Waze (which is also owned by Google), but I've switched back to good ol' TomTom

As for iPhone.. personally I have a Google Pixel which I'm going to keep using till I can't anymore. After that I'm probably switching to Fairphone. They're a European company and their phones are right up my alley

For the same reason you usually shouldnt store 2FA in the passwordmanager.
Besides that Aegis has some features like automated (encrypted) backups when accounts are removed/added.
Also can use multiple different 2FA protocols (even Steam when your phone has root).

There are no very clear reasons to distrust proton, but is it just me that finds them releasing a 2FA app kinda disturbing? Like, why waste the resources? What could they do better than Aegis, which is already FOSS and privacy preserving? If there is no reason, than I have to wonder if the hidden reason is to get more data into their ecosystem. Which a privacy focused company shouldn't care about.

I am probably just paranoid but I don't trust Proton.

Not the first time for the very neutral state

According to a Swiss parliamentary investigation, "Swiss intelligence service were aware of and benefited from the Zug-based firm Crypto AG’s involvement in the US-led spying".

If your concern is that the CIA owns Crypto AG you should take into consideration what their focus is on, are they focused on child predators and gangs or people torrenting movies and music?

Crypto AG and Proton have clashed in the past resulting in this article from Proton;

Is Proton Mail trustworthy? Our thoughts on email trust - Proton Mail Blog | Proton

It’s important to trust your email provider because they safeguard some of your most sensitive data. Should you trust Proton Mail?

Proton (proton.me)

Transparency: You know who runs the company, where they run it from, how they run it, what data they have, how they interact with law enforcement, and much more.

Business model: Their business model (how they make money) is simply having paid users that pay for the service. If they were to breach that trust, then they would no longer be able to sustain themselves.

Competence: They have a team of highly competent people. Most people in their management level have Ph. Ds and they are trusted by many users with heightened security needs. These users include

, Bellingcat etc.

Verified By Third Parties: Proton is still in the process of getting all their apps audited and open sourced. Currently, the ProtonMail iOS app, OpenPGP.js, GoOpenPGP and all the ProtonVPN apps have been audited by Cure53 or SEC Consult and the reports publically available with the source code on github with android and bridge on the way. Furthermore, they have been checked over by the EU and given a 2 million euros of funding that can be used on anything to further their mission with no other obligations.

Legal guarantees: Proton is based in Switzerland, a country with strong privacy protections, and outside the 14 eyes surveillance network. Under Swiss law, they are only permitted to reveal user data if served with a binding legal order from the Swiss government. Sharing data without a legal order is a criminal offense under Article 271 of the Swiss Criminal Code.

Track record: ProtonMail’s creation by scientists who met at CERN (the European Organization for Nuclear Research) is well documented, including on the CERN website. The scientific background of their leadership team can be easily verified by looking at their academic careers and scientific publications.

More info

On a related note, we have also had people ask us about Proton Mail’s official position regarding the ongoing Palestinian-Israeli conflict and whether working with an Israeli company means we are taking sides in this conflict. The answer is NO. As a Swiss company, we adhere to a policy of strict neutrality

In the header of this article you seemed to have glossed over:

UPDATE April 3, 2020: The information in this article is outdated. As of last year, we no longer have any contract with Radware.

Why release this? Because they're building their own ecosystem. They're trying to build an alternative to the big players, which means they need to have an alternative to all their major products. Maps and YouTube are probably off the table for now, just because of the sheer scale needed for those, but something like this is achievable.

Is Aegis better? Maybe, but that's not really the point, it's part of a family of apps.

Yes it’s just you. They released a 2FA app because it complements their existing password manager and because Google has one. Since Proton is positioned as a privacy-first alternative to Google, it makes sense they’d launch competing versions of any given app or program Google does. A 2FA app also wouldn’t capture any kind of personal data.

What could they do better than Aegis, which is already FOSS and privacy preserving?

Have an iOS app for one.

But also like what could they do better than Tutanota mail, Which is already privacy preserving? By your logic Proton shouldn’t exist at all. Is it your opinion that non-privacy respecting software should have lots of competition and options but privacy respecting ones should not? Can’t say I agree with that.

As far as I know, passwords and TOTP keys were never leaked by LastPass. Regardless, I did say almost always.

If your concern is that the CIA owns Crypto AG you should take into consideration what their focus is on, are they focused on child predators and gangs or people torrenting movies and music?

If I present my legitimate concerns about companies being tampered by CIA with the complicity of a “”neutral”” country (since it already happened) and your reply is “Chillax bro, even if they are what do you have to hide? They are not looking for you!”

you either:

• are terribly naive
• work for Proton.

I’m just saying, I don’t trust companies, nobody should, especially when everything seems too good. I think we should always challenge them and replace them at their first mistake. Don’t they follow the glorious free and competitive market? Let em fight.

Aegis is my go-to. But I also have two phones - my personal Pixel and a work-issued iPhone. I need 2FA on my work phone, but Aegis doesn't support iOS. Proton came through here. It's open-source, too.

That's just scratching the surface. Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. So that 'almost always' ain't right regardless.

The goal of 2FA is to be 'something you have' like an authenticator device or auth app on your phone, working as a secondary verifier that you are who you say you are to the 'something you know' being your password. So if you store 2FA codes with your password then you just have two sets of 'something you know' which is far less secure - and leaves you more vulnerable.

Of course, it doesn't matter much with stuff like a low value forum account that has 2FA, but I certainly wouldn't put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It defeats the purpose.

Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. It's not just services mishandling their data that people should consider as likely vectors.

I do agree about evaluation - it doesn't matter much with stuff like a forum account that has 2FA, but I certainly wouldn't put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It weakens your protection if something does go wrong.

Ente Auth is cross platform.

This is what I did.