Yeah, not good of them to not share that information.

But for anyone who's wondering, here's a decent article that goes over the shady companies that discretely own most VPNs apps.

Amusingly, and kind of in counterpoint to the guy who you replied to, this article concludes that Proton is actually a solid VPN option that isn't beholden to one of those sketchy VPN-hoarding companies. Though they don't talk about any Israeli influence in Proton TBF. But still, on a general level (excluding the Israel/Palestine thing), Proton seems like one of the better options.

They also recommend Mullvad as a good option. I've never used them, but I've seen mentioned positively in other articles about VPNs.

ETA: Clarity.

You really should not keep your MFA codes in the same place as your passwords, especially if you are syncing those passwords between devices and/or a cloud service.

Yes that's why I said:

If you already use Proton Pass, I think I'd recommend Ente Auth instead

its a shit article xD

i searched for a bit and even found a wiki article. the firm is kape technologies i guess?

"On September 13, 2021, Kape acquired ExpressVPN,[24][29] raising concerns based on Kape Technologies' predecessor Crossrider's history of making tools that were used for adware.[30][31][32][33]"

Teddy Sagi - Wikipedia

(en.m.wikipedia.org)

i try to not use israeli tech or noneuro tech anyway and wasnt affected, but interesting to know nonetheless. data sovernity is important.

I am (was?) one of those. Working on eliminating or changing the passwords and emails of my 550+ accounts. I'm creating a simplelogin email for each of the ones I'm keeping, setting up a randomly generated password for each as well (24+ characters long with every possible character available), trying to delete the accounts of services I don't want/need anymore, and then setting up 2fa on Aegis if they don't accept a hardware tokens.

But it's an intense and long process, though absolutely worth it. With work and personal life, I'm guessing I can be done in a couple of weeks.

Wow an OTP app.

Maybe a QR creation app is next?

This is a more welcome addition than that stupid AI chatbot slop machine.

But I would still like to see them release Proton Drive for Linux already.

I don’t view it as simply compromised or not. How a password is compromised is relevant. The vast majority of issues aren’t somebody gaining access to your logged in machine. Passwords are nearly always compromised from a server mishandling data.

That means in most cases 2FA near a password is not likely to be an issue. I’m not saying I recommend it, but it does change the risk evaluation.

Aha. Sorry, I misunderstood. I saw the first line about Proton Pass already supporting MFA and I wasn’t familiar with Ente Auth. I did just look it up and I can’t believe I’ve never heard of it before. It’s even AGPL-3.0, be still my beating heart! Thank you for pointing it out!

https://ente.io/ for anyone curious.

Yes, the biggest difference is that Proton Auth seems to work without an account.

I saw it, of cource they didnt publish no apk or aab. I dont think a lot of people will compile from the source code, maybe like 0.05% of users

I've been meaning to get rid of Google Authenticator. Think I'm gunna go do that today.

Why? What’s wrong with Authy? I use it, Proton and Bitwarden. I could consolidate everything into Proton, but I’m concerned about having everything with one vendor.

Not op, but for me the main problem with Authy is that it is owned by an American company.

It's not the worst offender, but any American company is subject to the whims of the current administration. As an example, we're currently seeing how American sanctions lock people out of their Microsoft accounts at the International Court.

I've slowly been moving over my 2FA codes to Aegis.

These are great points, but there is something more that phones have going for them.

All modern phones are full-disk encrypted by default, and can be remote wiped. I think this is only the case for Mac laptops, but not for Linux and Windows.

So if your phone is stolen, it's not really a risk of the thief having your password manager and your 2FA at the same time, but rather can they get in to your phone and then password manager and 2FA before you can trigger the remote wipe.

Unless the attacker is sophisticated enough to mirror the whole disk and attack it offline.

Is proton legit? I always see mix comments about them.

It works, has minor quirks, but it has replaced a lot of things for me, switched from Google gmail, drive, and calendar to Protons and it has been good. (Though the whole Lumo AI release move confused me) Oh yeah VPN too, well for other countries, still use my wireguard vpn when traveling.

But personally, I'mma continue sticking to Aegis as my authenticator app. (Can't recommend it enough)

It’s legit. The negative comments are because the CEO supports US Republican politicians which is a red flag, but there haven’t been any operational reasons to not trust them that I’m aware of.

Yeah, I also was disappointed that proton wallet was for crypto and not credit cards. Unless someone can recommend an alternative to Google wallet, preferably from F-Droid

Ehm… you guys know that behind all major VPN companies there’s the isræli government right?

Okay. proceeds to check article

Kape Technologies

This is why you research the VPN provider prior to making your purchase, read their privacy policies, their EULA, their TOS, the companies history.

If it reads like the Bible skip over it.

ProtonVPN, iVPN and Mullvad have no association with this article whatsoever.