As a (previous) customer of Proton from many years and a user of their drive product, you should be aware that earlier this year the drive API endpoints began to block their own VPN egress quite often for rate limiting. They also block many cloud provider’s egress. They also don’t officially support rclone, and their changing API spec often breaks the compatibility.
I saw the writing on the wall and migrated rapidly earlier this year ahead of crypto product launches ahead of the email fiasco. It was hard to get data back out, even then.
Proton still stands for privacy. But the dark patterns for lock-in I can do without.
Hetzner Storage boxes with rclone and the “crypt” option are a drop-in replacement, at ~$40 for 20TB. That’s where I went instead.
I have, and the technical support representative at Proton confirmed
it, but not without implying that it was my fault for using rclone. I
asked the official recommendation for Linux users to do automated or
scriptable backups onto a Proton drive and the answer was that some
kind of SDK was planned for the future. Proton drive stopped working
completely with rclone shortly after that, which was about two months
ago.
I wonder if it would ever be possible to reach that value-per-dollar in the current economy.
Hetzner works because it was built a long time ago when talent was cheap, which it was because the property Ponzi wasn't at the stage where an average post-tax middle-class salary barely covers rent. Since then they've managed to stay afloat because it's only maintenance and small incremental changes from that point on.
Building such a new operation (and offering competitive prices) from scratch today would be impossible based on labor costs alone. This is presumably the same reason they don't offer their very-good-value dedicated servers in the US either, only "cloud" VPSes which are orders of magnitude more expensive.
I think the situation may not reflect cost of hands and housing. But the sunk cost of Hetzner to be in Germany, compared with the break-ground cost to construct their existing model in the rest of the world: I think that part is true. Selling off services in German hosted racks is at this point, massive profit on low price because the sunk cost has already been covered. They are sweating an asset into people like us, who want cheap disk but not the 100% reliable coverage of a contract which gives us replication, offsite, 3-2-1 class services. If they took that into the US the sunk cost component would not be covered, their sell price would be significantly less profitable.
The cost of hands and housing for hands, yea thats marginal in this.
This theory ignores the entire Midwest rust belt where the property pricing squeeze often barely exists and senior level engineers barely cross $100k for salary.
By your logic AWS should also be cheap since it was also built under similar timing.
Hetzner is cheap because they don’t provide the same level of abstractions. They also have competitors in the same price range. They aren’t wildly unique.
Dutchie here married to someone from the Midwest. Can confirm, those houses look really cheap there. It was one of the reasons why we considered living there. But the Netherlands won out over other things (e.g. healthcare).
Effectively there was a proposed Swiss Law that would force Protonmail to cooperate in sharing customer data with authorities if requested.
The law hasn't passed, and it was even deemed illegal by the EU.
It did raise an interesting issue though, as Protomail was strictly in Switzerland, they realised that they were at the whim of their lawmakers (which was kinda the point in the first place as Switzerland has great privacy laws). However, if those laws did become adversarial, it would greatly affect Protonmail users. This is why they started diversifying some services outside of Switzerland, in case something like this ever did come to pass.
They lost thousands of emails and they treated every customer individually while blocking people from complaining on their subreddit.
Then, it was posted here on HN and they finally decided to stand up and fix their reputation by saying they care and want to do better, after months of silencing the issue as much as possible.
A non technical person would probably Google “Hetzner Storage Box”, click the first link, and read the page that answers all of those questions.
There is many free software suites that Hetzner Storage box supports, up to and including official support for rclone (the free tool used in the post we’re replying to).
Support for proton drive on rclone is still on beta [1], Proton, AFAIK, doesn't provide documented official APIs for accessing their Drive. Much of the work on the rclone plugin was made via reverse engineering and reading Proton's open source projects code
My rclone for proton stopped working this week and I just cannot get it working. It's looking likely the support will be dropped as the dev is no longer working on it and it's not finished.
Hopefully proton will hurry up with their SDK. Through the rclone GUI I can access and mount the folders and files but I cannot get any auto rclone commands to actually transfer any files.
Why do you need cloud, if you don’t need public sharing?
You can connect to a 2-bay NAS with 20 TB of storage at home with a VPN. Fast, private, secure, practically unlimited storage, under your control. That much storage will be very expensive in the cloud. Proton is like 120$/year for 500GB.
You can also run unlimited applications for free on the same nas: photo management, streaming with apps like plex etc. Each of those apps is an additional cost in the cloud.
Because what you described is an unbearably complex, and highly unreliable solution. There is no way your home storage is more reliable than a geography-duplicated cloud center with 6 nines (or more) of data reliability.
If you love spending hours a day twiddling with linux configs, knock yourself out, but my time is worth more and the every arrow of opportunity cost points toward an integrated cloud ecosystem.
I prefer to save data in the cloud, and not "on the computer... in my house..." as the hank hill meme goes, because that hardware is painfully fragile.
Did you actually measure that? Because I did and self hosted NAS easily reaches realibility of any cloud in place without common power outages.
I'm not saying it's a good idea, but this myth about cloud reliability is a myth lately - all the corps have started squeezing for profit at the cost of reliability and availability.
No Linux configs, off the shelf NAS boxes come with their own operating systems. You learn a few concepts in initial days. The control plan is simpler than in a windows computer or phone.
You configure an offsite backup in the NAS.
Obviously you don’t have eleven 9 availability. But good enough for home use.
Sure, but you don’t need to pay a premium for end to end encryption like with proton.
You would encrypt (all or part of) your NAS client side with your software of choice (I use restic) and ship it anywhere off site: could be cheapest cloud, or another location you have access to.
I keep a home server for exactly that reason but I still use cloud for some things to have an off site copy as well. There are some things I don't want to risk losing over burst pipes, a fire, burglary, power surges, etc.
I work on a project Blobcache, a content addressed store for exposing and consuming storage over the network.
It supports full end to end encryption, and offers a minimal API to prevent applications from leaking data.
You can persist arbitrary hash-linked data structures in Blobcache volumes.
One such data structure is the Git-Like Filesystem, which supports the usual files and trees.
You might be interested in Peergos [0][1] which is E2EE, fully open source (including the server), and self hostable. We've been audited by Cure53 and Radically Open Security.
Proton’s product changes over the last couple years are the exact opposite of that. I think they’re the only credible game in town for an email/drive service in the cloud that doesn’t have AI data mining risks.
My suggestion, if you can, would be to host the data on your own hardware. The Internet was initially conceived with this kind of decentralization in mind -- most people/organizations hosting their own websites/email/files/etc. And this is what we must go back to if we want to retake control from "cloud" providers.
Technically, this could be as simple as a Samba server behind Wireguard, but you could also, or in addition, look into other projects like Nextcloud especially if you are interested in sharing files with people.
Of course, and I didnt intend to downplay the efforts of those projects. Just pointing out that they don't meet the requirements of most threat models.
Joking of course, but I am playing around with a similar setup, I should try it over the actual internet and see how much it sucks.
Now I am arguing with myself if you would want to run it over an encrypted tunnel. Theoretically no, but drive encryption is not really designed to protect data in transit who knows what sidechannel data would leak, so maybe... and the tunnel probably has better authentication than iscsi
Is it possible to "just sync some files" to Proton Drive in user space without root access? As a paying Proton Mail customer I am annoyed about situation with Proton Drive and non-existing official support for Linux. On the other hand, they will probably drop some kind of electron wrapper of few hundred megabytes, and that won't be useful either.
What about alternatives? Should I just use Filen instead?
You might be interested in Peergos [0][1] (creator here) which has official Linux apps, is E2EE, fully open source (including the server), and self-hostable. It's also recommended by privacy guides: https://www.privacyguides.org/en/cloud/#peergos
156-line emoji-studded readme [0] for a 62-line shell script [1]
yeah, this sets off my vibe-coding-detector as well.
the readme recommends installing fuse3 with Pacman, but then installing rclone by downloading the binary to /usr/local/bin, even though there's an Arch package [2] for it. I don't think that's a recommendation an experienced Arch user would ever make (at least, not without mentioning the alternatives)
I saw the writing on the wall and migrated rapidly earlier this year ahead of crypto product launches ahead of the email fiasco. It was hard to get data back out, even then.
Proton still stands for privacy. But the dark patterns for lock-in I can do without.
Hetzner Storage boxes with rclone and the “crypt” option are a drop-in replacement, at ~$40 for 20TB. That’s where I went instead.
Hetzner works because it was built a long time ago when talent was cheap, which it was because the property Ponzi wasn't at the stage where an average post-tax middle-class salary barely covers rent. Since then they've managed to stay afloat because it's only maintenance and small incremental changes from that point on.
Building such a new operation (and offering competitive prices) from scratch today would be impossible based on labor costs alone. This is presumably the same reason they don't offer their very-good-value dedicated servers in the US either, only "cloud" VPSes which are orders of magnitude more expensive.
The cost of hands and housing for hands, yea thats marginal in this.
By your logic AWS should also be cheap since it was also built under similar timing.
Hetzner is cheap because they don’t provide the same level of abstractions. They also have competitors in the same price range. They aren’t wildly unique.
Effectively there was a proposed Swiss Law that would force Protonmail to cooperate in sharing customer data with authorities if requested.
The law hasn't passed, and it was even deemed illegal by the EU.
It did raise an interesting issue though, as Protomail was strictly in Switzerland, they realised that they were at the whim of their lawmakers (which was kinda the point in the first place as Switzerland has great privacy laws). However, if those laws did become adversarial, it would greatly affect Protonmail users. This is why they started diversifying some services outside of Switzerland, in case something like this ever did come to pass.
They lost thousands of emails and they treated every customer individually while blocking people from complaining on their subreddit.
Then, it was posted here on HN and they finally decided to stand up and fix their reputation by saying they care and want to do better, after months of silencing the issue as much as possible.
https://news.ycombinator.com/item?id=33432296
There is many free software suites that Hetzner Storage box supports, up to and including official support for rclone (the free tool used in the post we’re replying to).
https://docs.hetzner.com/storage/storage-box
[1]: https://rclone.org/protondrive/
Hopefully proton will hurry up with their SDK. Through the rclone GUI I can access and mount the folders and files but I cannot get any auto rclone commands to actually transfer any files.
You can connect to a 2-bay NAS with 20 TB of storage at home with a VPN. Fast, private, secure, practically unlimited storage, under your control. That much storage will be very expensive in the cloud. Proton is like 120$/year for 500GB.
You can also run unlimited applications for free on the same nas: photo management, streaming with apps like plex etc. Each of those apps is an additional cost in the cloud.
If you love spending hours a day twiddling with linux configs, knock yourself out, but my time is worth more and the every arrow of opportunity cost points toward an integrated cloud ecosystem.
I prefer to save data in the cloud, and not "on the computer... in my house..." as the hank hill meme goes, because that hardware is painfully fragile.
I'm not saying it's a good idea, but this myth about cloud reliability is a myth lately - all the corps have started squeezing for profit at the cost of reliability and availability.
Setting up a second off-site NAS and connecting it to the primary one over VPN was also easy.
I haven't twiddled with Linux configs since I set up the system in 2018.
You configure an offsite backup in the NAS.
Obviously you don’t have eleven 9 availability. But good enough for home use.
It's also great if you move frequently, or travel a lot.
You would encrypt (all or part of) your NAS client side with your software of choice (I use restic) and ship it anywhere off site: could be cheapest cloud, or another location you have access to.
https://github.com/blobcache/blobcache/blob/master/doc/0.2_W...
You can persist arbitrary hash-linked data structures in Blobcache volumes. One such data structure is the Git-Like Filesystem, which supports the usual files and trees.
https://github.com/blobcache/blobcache/blob/master/doc/8.5_G...
[0] https://peergos.org
[1] https://github.com/peergos/peergos
Technically, this could be as simple as a Samba server behind Wireguard, but you could also, or in addition, look into other projects like Nextcloud especially if you are interested in sharing files with people.
Many leak metadata and/or have serious security concerns.
Joking of course, but I am playing around with a similar setup, I should try it over the actual internet and see how much it sucks.
Now I am arguing with myself if you would want to run it over an encrypted tunnel. Theoretically no, but drive encryption is not really designed to protect data in transit who knows what sidechannel data would leak, so maybe... and the tunnel probably has better authentication than iscsi
[0] https://peergos.org
[1] https://github.com/peergos/peergos
yeah, this sets off my vibe-coding-detector as well.
the readme recommends installing fuse3 with Pacman, but then installing rclone by downloading the binary to /usr/local/bin, even though there's an Arch package [2] for it. I don't think that's a recommendation an experienced Arch user would ever make (at least, not without mentioning the alternatives)
0: https://github.com/dadtronics/protondrive-linux/blob/main/RE...
1: https://github.com/dadtronics/protondrive-linux/blob/main/se...
2: https://archlinux.org/packages/extra/x86_64/rclone/