Golliwog
My feedback
14 results found
-
537 votes
An error occurred while saving the comment Golliwog
supported this idea
·
-
1,040 votesGolliwog
supported this idea
·
-
255 votes
An error occurred while saving the comment Golliwog
commented
On Windows too please!
(It hurts being the Windows guy...)
Golliwog
supported this idea
·
-
4 votesGolliwog
supported this idea
·
An error occurred while saving the comment Golliwog
commented
I would add that Proton should be generating PGP certificates for each alias. This would allow encrypted emails to aliases (currently not possible). Additionally, a temporary feature should added to strip Proton domain PGP certificates from aliases emails to prevent unmasking of the true email address.
-
2,709 votes
An error occurred while saving the comment Golliwog
commented
In Proton's defence, this is a very hard problem to solve. Contacts are deeply integrated into the Android OS where Google Play Services reside with root privileges. It is like trying to keep the chickens safe from a fox who resides IN the hen house.
I would assume it is almost impossible to accomplish this without users switching to an alternate OS like GraphineOS. Even then, it would be very hard to achieve.Golliwog
supported this idea
·
-
97 votesGolliwog
supported this idea
·
-
1,039 votesGolliwog
supported this idea
·
-
123 votes
An error occurred while saving the comment Golliwog
commented
This can be done with a box like pfSense. See https://protonvpn.com/support/pfsense-wireguard/
An issue arises when you have multiple VPNs using the same subnet. According to Proton support, multiple VPN connections from the same device are possible with this workaround:
"Regarding the feature request, you should be able to use 10.3.0.1 for gateway/DNS, and 10.3.0.2 for your IP.
It also works for 10.4.0.x, 10.5.0.x, etc. (the important thing is that the gateway should be .1)"I have tested and confirmed the solution up to 10.8.0.x.
Also note, your Wireguard listening port (normally 51820) must be unique. I increment mine, eg. 51821, 51822, etc. for every additional connection. The peer port does not change.
-
4 votes
An error occurred while saving the comment Golliwog
commented
I spoke to Proton support, the solution has already been implemented!
"Regarding the feature request, you should be able to use 10.3.0.1 for gateway/DNS, and 10.3.0.2 for your IP.
It also works for 10.4.0.x, 10.5.0.x, etc. (the important thing is that the gateway should be .1)"I have tested and confirmed the solution up to 10.8.0.x.
Also note, your Wireguard listening port (normally 51820) must be unique. I increment mine, eg. 51821, 51822, etc. for every additional connection. The peer port does not change.
An error occurred while saving the comment Golliwog
commented
The root of this issue is that all of ProtonVPNs Wireguard tunnels use the same network for clients on all servers - 10.2.0.2/32.
I suggest setting the Wireguard network to a random IP. For example: 10.2.0.{random}/32
Alternately, set the last octet to the server number in that country; eg. AU#66 would use 10.2.0.66/32
-
63 votesGolliwog
supported this idea
·
An error occurred while saving the comment Golliwog
commented
Tailscale is insecure if the coordination server is hosted by a third party. It effectively gives the coordination server access to someone's whole network.
With ProtonVPN, I hate that at home, from my Android phone, I cannot access my local network securely as I have to chose between Always-On VPN and 'LAN Connections'.
I think the above idea about using ProtonVPN with Tailscale exit nodes is based on a similar problem to me. I would suggest Proton looks at my root cause issue and cooks up a better custom solution.
I would love a solution to allow access to my home network (at home and away) with all my traffic routing through a ProtonVPN gateway. (Tailscale tech could be used as a starting point.)
-
8 votesGolliwog
supported this idea
·
-
7 votes
An error occurred while saving the comment Golliwog
commented
This is critical. Proton should be conducting extra checks (eg. like the email missing attachments feature) to check for leaked email addresses.
Golliwog
supported this idea
·
-
10 votesGolliwog
supported this idea
·
-
97 votesGolliwog
supported this idea
·
I want segregated security between my password manager and my other services to:
1. reduce the frequency of use of my password manager password (every use of my password is an increased security threat).
2. decouple access to high-risk services (eg. email/calendar) from extreme-risk services (password manager).
3. allow me to disable 2FA on only my password manager as they are not suited to having 2FA enabled (chicken and egg problem).
For example, a traveling backpacker may want to check his emails at an internet café. He could use his ‘open everything’ Proton password to access his email with no 2FA (as this would require 2FA on his Pass account too) with a high risk of local security threats (eg. keylogger). Or he could open his password manager on his phone with his Proton Pass password and no 2FA, and then log into the café computer with his Proton email only password and 2FA. This second option keeps his Proton Pass password off the café computer and protects his Mail account from keyloggers using 2FA. Additionally, his risk profile is limited to only his email account.
I dislike Proton’s current implementation because:
• using one password across all Proton service is analogous to re-using the same password across multiple websites.
• having multiple passwords to access Proton Pass negates the use of a password manager – a password manager should minimise the number of passwords that need remembering.
I would recommend a tiered password system – Proton Pass password (master) can access all Proton services. Proton Mail/Calendar/Drive Password(s) can only access the services they are registered to (this may be one password for all services or different passwords for each service). I believe this would be possible with Proton’s current architecture (with or without requiring the passwords to be stored in the password manager).
Another feature could be a login via QR code when the user scans a QR code on the computer he wants to login to, and his phone negotiates the authentication (eg. Netflix’s login system on smart TVs). But, I am not sure if this is technically possible, or practical (as a user may not always have network connectivity on their phone).
Best luck with this new feature.