[HN Gopher] Clarifications regarding arrest of climate activist
___________________________________________________________________
Clarifications regarding arrest of climate activist
Author : kdunglas
Score : 414 points
Date : 2021-09-06 13:50 UTC (9 hours ago)
(HTM) web link (protonmail.com)
(TXT) w3m dump (protonmail.com)
| melbourne_mat wrote:
| I'm angry and ready to switch. Who's the best alternative?
| moedersmooiste wrote:
| Maybe a bit off topic, but is Mixmaster/Mixminion still a viable
| option? I can still remember playing around with Mixmaster many
| years ago but mail delivery was not 100% reliable.
| MitchellCash wrote:
| > Under Swiss law, it is obligatory for a user to be notified if
| a third party makes a request for their private data and such
| data is to be used in a criminal proceeding.
|
| They're not explicit with regards to the activist, this would
| mean the activist was notified upon ProtonMail receiving the
| request?
|
| I'm not sure there's much you can do but lawyer up if you receive
| such a notice, but potentially the activist could have
| immediately started using Tor (maybe too late though, because to
| read the notice they might have already leaked their IP).
| lossolo wrote:
| If law enforcment can order to log IPs, could they tell Microsoft
| that there is an Windows user with specific e-mail address (which
| that user uses as windows login) and order them to deploy
| Microsoft signed update only to that user devices with embedded
| trojan written by some three letter agency ?
| yololol wrote:
| > Due to Proton's strict privacy, we do not know the identity of
| our users, and at no point were we aware that the targeted users
| were climate activists
|
| I don't understand what this is about. Would they had refused to
| comply, was that the case?
| dngray wrote:
| that they didn't/can't read their email because it was
| encrypted
| istingray wrote:
| Disclaimer: Paying Protonmail customer
|
| This is a weak response. "What we're changing" isn't specific.
| It's a "our shit doesn't stink" kind of reply.
|
| "What we're changing" should be far more specific. Start
| educating users about Tor on your homepage.
|
| Start blogging about Tor more than once in 2017. Have a score for
| how many users log in through Tor. Have a score for how many
| times your privacy policy is loaded.
|
| Stop claiming to be the best simply because you have a Tor site
| with an old version of your app. That's not good enough.
|
| I'm looking for leadership. Protonmail is clearly an "explainer"
| more than a leader. I'll keep my eyes peeled for whoever comes
| along to replace them.
| kodah wrote:
| Does anyone have information on what the climate activist is
| accused of? This is the only thing I've found:
|
| > For the past year, a group of people have taken over a handful
| of commercial premises and apartments near Place Sainte Marthe in
| Paris. They want to fight against gentrification, real estate
| speculation, Airbnb and high-end restaurants. While it started as
| a local conflict, it quickly became a symbolic campaign. They
| attracted newspaper headlines when they started occupying
| premises rented by Le Petit Cambodge -- a restaurant that was
| targeted by the November 13th, 2015 terrorist attacks in Paris.
| snakeboy wrote:
| I found this page [0] (in French). I don't know how reliable
| this website (or my French, for that matter) is, but it seems
| like its a group of activists illegally squatting, damaging the
| property (at least changing the locks) and causing some public
| disturbances in the street, and the police were having a
| difficult time catching them. This email account was linked to
| the organization's Twitter account, and from there they were
| able to put together enough information to arrest.
|
| [0] https://paris-luttes.info/recit-policier-de-sainte-
| marthe-15...
| hocuspocus wrote:
| In short, a judge ordered the eviction, the BAC (French
| police's anticrime unit) proceeded and 50-60 people
| intervened and tried to stop them, at least two officers were
| injured, one had to take 15 days off.
| woko wrote:
| So that activist was the leader and social media coordinator
| of the group.
| dang wrote:
| Recent and related:
|
| _Climate activist arrested after ProtonMail provided his IP
| address_ - https://news.ycombinator.com/item?id=28427259 - Sept
| 2021 (552 comments)
|
| _ProtonMail logged IP address of French activist after order by
| Swiss authorities_ -
| https://news.ycombinator.com/item?id=28433131 - Sept 2021 (139
| comments)
| not1ofU wrote:
| Can the Swiss Government still claim neutrality after this?
| Tomte wrote:
| You mean by executing a warrant they somehow entered into a
| military bloc? Must be strange membership rules.
| not1ofU wrote:
| ha, was tounge in cheek, however, the post by PM CEO said the
| following on Twitter [0]: "In this particular case, the
| suspect unfortunately did break Swiss law, and there was
| simply no possibility to fight the decision made by the Swiss
| Federal Department of Justice."
|
| How does squating in France break swiss law?
|
| [0] - https://twitter.com/andyyen/status/1434665940696846340
| detaro wrote:
| "would the same thing be against the law if it happened
| here" is a somewhat common benchmark in treaties and laws
| about respecting and acting on foreign law enforcement
| requests, presumably that's what's meant. (When it comes to
| extraditions it's often called the "dual criminality"
| requirement, and can involve quite a bit of transfer to
| make things comparable. E.g. since Assange is charged with
| conspiring with Manning to steal US military data, the UK
| extradition ruling was considering if it would have been a
| crime in the UK if he had conspired with a UK service
| member to steal UK data)
| indymike wrote:
| This is the exact kind of clarity that was needed for users to
| have confidence in their understanding of Protonmail. Andy Yen
| (Proton CEO) is a very thoughtful communicator and is making the
| world better.
|
| At some point everything on the internet becomes local, because
| people and businesses eventually must exist at a location in the
| real world. Proton is always going to be subject to local law
| enforcement wherever they are based.
| notjes wrote:
| A service must be paid for. And if a payment is done, it is
| connected to a real person. THE END
|
| No matter what PM promises, without addressing this issue it is
| all bull.
|
| Ladar Levison from Lavabit (Snowden email case) tries to square
| this circle to provide safe services.
| TwinProduction wrote:
| Any company large enough _will_ have to deal with compliance at
| some point, that's why most devs in large software companies have
| to take these silly "exams" every year telling you to not plug a
| USB key you found on the floor in your company laptop, even if it
| should be very obvious to most.
|
| I'm seeing a lot of people here that are surprised by the fact
| that even a company who has privacy as their main marketing point
| has to deal with compliance, but really, unless you host your own
| mail server, you just can't guarantee your own privacy.
|
| I don't generally advise hosting your own mail server due to all
| the troubles that come with it, but this is really one of the
| only ways I can think of where you can achieve a decent enough
| level of control when it comes to exchanging emails.
| system2 wrote:
| Ha ha. For years HN was almost fanatic about ProtonMail. It is
| funny to see how things change 180 in a day. Same thing happened
| to Apple with CSAM.
|
| Seriously I thought I was the uncool kid for not using ProtonMail
| and some other HN favorites. In the end, they are all someone's
| server with unknown connections. Do not trust other companies no
| matter what. Period.
| sabellito wrote:
| You... are happy and find it funny that a service that was
| deemed trustworthy is not as much as previously thought?
| system2 wrote:
| Fanboyism what gets me.
| meowster wrote:
| I think OP found the rate of change funny, not the underlying
| issue.
|
| > It is funny to see how things change 180 in a day.
| un_montagnard wrote:
| The crux of the matter is very simple: do not break Swiss law
| when using ProtonMail.
| bifrost wrote:
| Or protonmail doesn't protect suspected terrorists?
| dane-pgp wrote:
| When the definition of "suspected" is "a foreign government
| claimed", no one is safe.
|
| (I know that's not a fair representation of the facts of this
| case, but neither is calling the suspect a "terrorist").
| e12e wrote:
| > 6. Under current Swiss law, email and VPN are treated
| differently, and ProtonVPN cannot be compelled to log user data.
|
| So, they could offer the service only over Tor and their own vpn
| (possibly adding in mullvad/Firefox and a few others to the
| whitelist) - and the email logs would be less useful?
|
| Ie: build vpn into the email app?
| tlogan wrote:
| I still do not understand what is point of ProtonMail: they are
| same as others. Google, MS or Apple will not sent your data to
| gov without court order. ProtonMail is the same.
|
| And I bet that these big corporations have better security.
|
| Please advise...
| windthrown wrote:
| The "data" in this case was the user's IP address and time they
| logged in.
|
| Other providers might be able to be compelled to provide much
| more explicit data such as email content or the user's
| identity.
| beermonster wrote:
| ProtonMail to ProtonMail emails are e2ee. Emails sent outside
| of ProtonMail ecosystem can still be secured with a password
| with a link to the email hosted at ProtonMail. ProtonMail uses
| zero-access encryption, which means it is technically
| impossible for them to decrypt user messages. When you sign up
| with Google you have to give them a phone number and other
| details which ProtonMail don't require.
|
| In relation to GMail specifically see[1]
|
| [1] https://protonmail.com/blog/protonmail-vs-gmail-security/
| dngray wrote:
| > ProtonMail to ProtonMail emails are e2ee. Emails sent
| outside of ProtonMail ecosystem can still be secured with a
| password with a link to the email hosted at ProtonMail.
|
| You can also encrypt emails with PGP with someone's public
| key from within ProtonMail, in this scenario you don't need
| to send them a password or a link. They do however have to
| have you in their address book with public key attached.
| sbuk wrote:
| Proton to Proton _might_ be E2EE. Proton to any other service
| is almost certainly not. I 'd suggest that their marketing is
| not exactly transparent. Their 'zero-access encryption' only
| applies to mailboxes stored in their environment.
|
| It's nice that they offer hosted secure mail, like those on
| offer from enterprise tools (Proofpoint, Mimecast etc.), but
| it's not really E2EE email. Signing up to Protonmail may not
| require a mobile number, but a recovery email (PII) must
| added and linked the account.
|
| Here is an example of a Protonmail to Gmail message
| (potential PII removed): Delivered-To:
| xxxxx@gmail.com Received: by xxxxx with SMTP id {...};
| Mon, 6 Sep 2021 00:00:00 -0000 X-Google-Smtp-Source:
| {...} X-Received: by xxxxx with SMTP id {xxx}.50.{xxx};
| Mon, 6 Sep 2021 00:00:00 -0000 ARC-Seal: i=1; a=rsa-
| sha256; t={...}; cv=none; d=google.com;
| s=arc-20160816; b={...} ARC-Message-
| Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
| d=google.com; s=arc-{...}; h=mime-
| version:message-id:subject:reply-to:from:to:dkim-signature
| :date; {...} ARC-Authentication-Results:
| i=1; mx.google.com; dkim=pass
| header.i=@protonmail.com header.s=protonmail header.b={...};
| spf=pass (google.com: domain of xxxxx@protonmail.com
| designates {...} as permitted sender)
| smtp.mailfrom=xxxxx@protonmail.com; dmarc=pass
| (p=QUARANTINE sp=QUARANTINE dis=NONE)
| header.from=protonmail.com Return-Path:
| <xxxxx@protonmail.com> Received: from
| mail-{...}.protonmail.ch (mail-{...}.protonmail.ch. [{...}])
| by mx.google.com with ESMTPS id {...}.{...} for
| <xxxxx@gmail.com> (version=TLS1_3
| cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
| Mon, 6 Sep 2021 00:00:00 -0000 Received-SPF: pass
| (google.com: domain of xxxxx@protonmail.com designates {...}
| as permitted sender) client-ip={...}; Authentication-
| Results: mx.google.com; dkim=pass
| header.i=@protonmail.com header.s=protonmail
| header.b=WRR3qgpc; spf=pass (google.com: domain
| of xxxxx@protonmail.com designates {...} as permitted
| sender) smtp.mailfrom=xxxxx@protonmail.com;
| dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
| header.from=protonmail.com Date: Mon, 6 Sep 2021
| 00:00:00 -0000 DKIM-Signature: v=1; a=rsa-sha256;
| c=relaxed/relaxed; d=protonmail.com; s=protonmail; t={xxx};
| bh={...}; h=Date:To:From:Reply-To:Subject:From; b={...}
| To: "xxxxx@gmail.com" <xxxxx@gmail.com> From: {...}
| <xxxxx@protonmail.com> Reply-To: {...}
| <xxxxx@protonmail.com> Subject: Testing proton mail
| "encryption". Message-ID: <1234567890@protonmail.com>
| MIME-Version: 1.0 Content-Type: multipart/alternative;
| boundary="THE_BOUNDARY" X-Spam-Status: No, score=-1.2
| required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKI
| M_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE
| shortcircuit=no autolearn=disabled version=3.4.4
| X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
| mailout.protonmail.ch --THE_BOUNDARY
| Content-Type: text/plain; charset=utf-8 Content-
| Transfer-Encoding: base64 --THE_BOUNDARY
| Content-Type: text/html; charset=utf-8 Content-
| Transfer-Encoding: base64 --THE_BOUNDARY--
|
| Nothing special, certainly no E2EE encryption (to be fair,
| the welcome email explains this is Protonmail <-> Protonmail
| only) and STARTTLS, so it may be opportunistic encryption for
| the transmission. Not sure what benefit the Base64 encrypted
| body has as it's more bytes that the unencrypted message. Of
| course, encrypting with PGP and sending over Tor helps with
| anonymity, but it still relies on the recipient keeping
| everything secure their end.
|
| Email, no matter what you do to try and make it secure, is an
| inherently _insecure_ protocol, that has been mangled beyond
| what it was intended for. I 'm not suggesting that we
| shouldn't try to make it better, but that it might just be
| closing the proverbial stable doors.
| [deleted]
| typon wrote:
| ProtonMail messages can be end-to-end encrypted and they aren't
| scanned for serving ads to you. ProtonMail might be the same
| with regards to metadata, but they offer an onion site to
| mitigate that risk to a certain extent.
| nabakin wrote:
| I'm sure Google and MS have a lot more data to give in an
| information request than ProtonMail. According to what
| ProtonMail has posted, they only turned over an IP address.
| Google and MS would probably have your account name, contents
| of your emails, login session times, all recorded IP addresses
| you've logged in from, all recorded devices you've logged in
| from, etc. I'm not sure about Apple though.
| beermonster wrote:
| Google literally log every thing you do[1]
|
| [1] https://www.wired.co.uk/article/how-to-delete-google-
| search-...
| exabrial wrote:
| I'd like to know who the activist is and what the alleged crime
| is. The bar is set very high for Switzerland.
| yjftsjthsd-h wrote:
| I'm not quite following:
|
| > ProtonMail does not give data to foreign governments; that's
| illegal under Article 271 of the Swiss Criminal code. We only
| comply with legally binding orders from Swiss authorities.
|
| But the arrest was by the French police. So the Swiss government
| used a warrant to get info from PM and then passed it to France
| because the charges passed muster under Swiss law ("Swiss
| authorities will only approve requests which meet Swiss legal
| standards (the only law that matters is Swiss law)")?
| kazen44 wrote:
| the difference here being that protonmail gave the data to the
| swiss government. which in term passed it to the French for its
| police investigation.
|
| cross border criminal investigation and police cooperation is
| very common in Europe, and fully within swiss law.
| yjftsjthsd-h wrote:
| Okay, that's what I was wondering; I wasn't giving an option,
| just trying to figure out how a Swiss investigation resulted
| French police arresting someone. So thanks:)
| jacksonkmarley wrote:
| I think it was a request from a French police investigation to
| provide the data, which makes the Swiss government ordering PM
| to reveal user details seem very generous IMO. If I were Swiss
| I would probably want a bit more restriction on potentially
| arbitrary foreign government requests.
| LightG wrote:
| Non-expert here.
|
| What are the best alternatives to ProtonMail?
| aembleton wrote:
| I guess it depends what you mean by best? Best at sending
| emails - gmail.com is good at that. Something that claims great
| security - you could try https://mailfence.com/
| steveharman wrote:
| From their website, regarding Onion:
|
| "...we are one of the only email providers that supports this). "
|
| What now?
| smnrchrds wrote:
| I understand the points about having to comply with laws. But
| what is is unjustifiable is my view is that their marketing does
| not match the reality. They probably did some A/B testing and saw
| that keeping vague promises about not tracking users increases
| conversion rate. You, as an HN reader, being in the top 0.1% of
| the population in terms of tech-savviness, may be able to read
| through the nonsense and understand how little it means when they
| say "by default, we do not keep any IP logs". But the other 99.9%
| of the population won't understand it, and that's why their
| marketing strategy works: they are selling a level of privacy
| that does not exist to customers who do not know better without
| _technically_ lying.
|
| Their threat model and all threat scenarios should be front and
| centre on their front page and sign up page. That is if they care
| about user privacy not just the bottom line. They have a choice
| between better-informed customers or more money, and so far, they
| have chosen the latter.
|
| What this and the new Apple debacle have proven to me is that
| privacy is not a product that can be purchased. If you want real
| privacy, you have spend a lot of time learning how to preserve
| your privacy. No matter what Apple and ProtonMail and similar
| companies tell you, you cannot buy privacy off-the-shelf.
| fsckboy wrote:
| You may not have given it much thought before, but the idea (in
| your head, let's say) that Protonmail keeps no logs and thus
| completely protects you from ip-address discovery by law
| enforcement would imply that one could freely solicit and
| exchange unencrypted child pornography with strangers with no
| fear of detection.
|
| I'm not saying "think of the children", I'm saying "think of
| law enforcement and the judicial system"
|
| thinking about it now in retrospect, do you think that really
| could have been a possibility? I don't.
| AniseAbyss wrote:
| Many countries actually have laws that say you HAVE to log.
| 0-_-0 wrote:
| As far as I can tell, that actually is possible between
| Protonmail users
| legrande wrote:
| PM addresses to PM addresses are encrypted. All it takes is
| a mistakenly made carbon-copy / blind-carbon-copy to a
| Gmail account and all that encryption goes out the window
| smnrchrds wrote:
| > _thinking about it now in retrospect, do you think that
| really could have been a possibility?_
|
| The only thing I am saying is that if real privacy is not a
| possibility (and it may very well not be), they shouldn't
| pretend they are selling real privacy. I am not saying they
| should find a way to do the impossible and legally avoid
| laws. I am saying they should not pretend their service is
| any more private than it actually is.
|
| Think of it this way: imagine someone starts advertising a
| magic potion that stops aging. People buy it, but they
| predictably continue to age and die. If someone starts
| protesting, we shouldn't say _" what are you complaining
| about? what do you want the seller to do? break the laws of
| nature? that's ridiculous."_ We should say, _" we really
| should stop that guy from making baseless promises about his
| potions"_.
| fsckboy wrote:
| if they are making a good faith effort to give all the real
| privacy you can expect, I don't think they have a
| particular duty to water down their marketing messages by
| going into distracting detail that criminals shouldn't have
| the same expectations. They did disclose within their terms
| that they don't by default keep logs, and they do need to
| comply with court orders.
| istingray wrote:
| Assuming people who really use their services are
| criminals is like assuming someone who cares about a
| car's details is an illegal street racer.
|
| I use Protonmail to provide tools for journalists,
| teachers, and whistleblowers, and people who are in
| danger from folks who mark them "criminals".
| saithound wrote:
| You may not have given it much thought before, but the idea
| (in your head, let's say) that Protonmail keeps no logs and
| thus completely protects you from ip-address discovery by law
| enforcement would imply that one could freely solicit and
| exchange infornation about climate activism with strangers
| with no fear of detection.
|
| I'm not saying "think of the climate", I'm saying "think of
| law enforcement and the judicial system"
|
| thhinking about it now in retrospect, do you think that
| really could have been a possibility? I don't.
| tsimionescu wrote:
| While you're probably right that this would not be allowed, I
| fail to understand why so many people thinktthis is normal.
| The postal system can't open your letters to check if there's
| CP in them, so it used to be that you could send CP over the
| mail between PO boxes and feel safe. Yet having untraceable
| communication over the internet is considered unthibkable for
| some reason.
| luckylion wrote:
| > The postal system can't open your letters to check if
| there's CP in them, so it used to be that you could send CP
| over the mail between PO boxes and feel safe.
|
| Wat? You better stop sending anything incriminating via the
| mail, they totally can and will open your letters if
| there's a court order.
| simonh wrote:
| In this case law enforcement know who they were after, in
| that situation they would also have been able to intercept
| physical mail.
| istingray wrote:
| You need to think bigger. How could Protonmail make the world
| a better place in this regard? Promote Tor to users through
| its blog? Report on Tor usage stats? Enable account creation
| through Tor without requiring a cell phone?
|
| All of the above and more.
| wellthisishn wrote:
| This seems like a scapegoat argument
| function_seven wrote:
| I don't read it that way. More like, "keep this extreme
| example in mind, and see if you still expect the guarantees
| to hold up".
|
| If you don't, then they won't either for whatever
| activities _you 're_ doing, that aren't as reprehensible as
| CSAM, but some government may think otherwise.
|
| It's kind of depressing reasoning maybe. But if a privacy-
| preserving system is actually that, then even the most
| technically-savvy terrorists and child abusers should have
| no qualms about using it as well.
| fsckboy wrote:
| on the wall at your dry cleaner is a sign, "we are not
| responsible if your clothing gets ruined" and there's a
| sign at the parking garage, "we are not responsible if your
| car gets damaged".
|
| But, you have the right to expect that the dry cleaner and
| parking garage will take reasonable care with your
| belongings and will not act in ways that are negligent, the
| signs they put up notwithstanding.
|
| There's no scapegoating, it's a question of what should a
| reasonable person expect from a transaction. Protonmail
| said they don't keep logs by default and that they also
| need to respect court orders.
| istingray wrote:
| Would be curious to see a diff of Proton's privacy policy
| over the next few weeks.
| o8r3oFTZPE wrote:
| "No matter what Apple and ProtoMail and similar companies tell
| you, you cannot buy privacy off-the-shelf."
|
| The cost is personal time and effort, not money. The software
| needed is generally free of charge. The goal being not a
| physical product or a service, but a level of knowledge and
| proficiency. To put it another way, "tech-savviness" cannot be
| purchased, it has to be achieved.
|
| The cultural problem we face is that the so-called "0.1%" are
| leveraging their "tech-savviness" against the rest of the
| population, working for so-called "tech" companies, websites
| that make money by exploiting the privacy of the "99.9%" in the
| service of online advertising.
|
| If we take HN comments as true, in some cases, these employees
| do not even believe in the bottom line they are working to
| support.1 They are not adopting the behaviour of the "99.9%",
| i.e., the "expected" behaviour required to sustain their
| employer's bottom line. Not sure about you, but that would not
| give me much confidence they are going to work very hard to
| protect other users' privacy.
|
| The term "dogfooding" is sometimes used amongst tech companies
| to describe the situation where employees themselves partake in
| what they offer to non-employees, i.e., "users".2 To persons
| outside the tech bubble this can be quite amusing. Does this
| suggest they view their relationship to users as more like
| "human-to-dog" than "human-to-human". Are the Sacklers addicted
| to opioids. Strike that. There is nothing inherently wrong with
| someone peddling something she does not believe in, however we
| might consider what is/are the reason(s) for her lack of faith.
|
| To be clear, I am not suggesting the cultural problem can be
| solved. I am attempting to provide further reasons that that
| digital privacy is, like the parent suggested, generally not
| something you can "buy".
|
| 1 Evidence appears periodically in HN comments. For example,
| yesterday: "Disclaimer: I work at Google. In cloud, not on
| Android. I am privacy conscious so I though I would give a try
| at Graphene OS, it was brutal."
|
| 2 The term is alleged to have first appeared one the
| joelonsoftware.com website and to have originated at Microsoft.
| simonh wrote:
| You can't buy immunity from the legal and law enforcement
| system, full stop. That's simply an unreasonable expectation.
|
| What you can buy is various degrees and quality of sensible
| defaults and behaviours that serve your general interest in
| privacy and security. Privacy from casual snooping or
| commercial tracking, security from unsophisticated attacks or
| even sophisticated attacks if you're wiling to also sacrifice
| some convenience.
|
| These are all worth having, and your choices of product and
| service provider can have a significant impact on them. I know
| little to nothing about ProtonMail but maybe they're a better
| bet than many other similar services, even if they're not
| perfect.
| 0134340 wrote:
| Oh, but on the contrary. Money buys better lawyers, more time
| and more research capabilities so in essence you can reliably
| say, at least in the good ol' USA, that money can buy
| immunity. The same can be said in many other countries where
| the corruption of buying justice is more direct.
| stavros wrote:
| Right but they could have said "we can be compelled to log
| IPs, you should use Tor if that's something you care about".
| lima wrote:
| https://protonmail.com/blog/protonmail-threat-model/
|
| > The Internet is generally not anonymous, and if you are
| breaking Swiss law, a law-abiding company such as
| ProtonMail can be legally compelled to log your IP address.
|
| The "Threat Model" blog post is linked from their main
| site.
| [deleted]
| dave1999x wrote:
| in TFA they claim they did in 2014 and hint that it's a
| reason they provide an onion site
| stavros wrote:
| Yes, but expecting a prospective user to read all your
| blog posts back to 2014 to discover a line saying you can
| be compelled to identify them is hardly transparent.
| simonh wrote:
| It's linked from their main site Security page, and it's
| in their Knowledge Base.
| rStar wrote:
| > Right but they could have said "we can be compelled to
| log IPs, you should use Tor if that's something you care
| about".
|
| ding ding ding. pin this comment.
| glennvtx wrote:
| The do tell you this, up front, if you read.
| istingray wrote:
| Can you define what "up front" means to you in this
| example? Homepage, privacy policy, user agreement,
| tweets?
| qudat wrote:
| Hasnt the popularity of Signal been the result of their
| system literally not able to record IPs?
| RobRivera wrote:
| you should read about standard intelligence operations and
| how underground resistance organizations have historically
| operated ie. French resistance in Nazi-Occupied France, etc.
| for a case study in covert comms.
|
| the key you pointed to tho was regarding convenience. simple
| fact is that most of the usability desired in consumer email
| is not compatible with the practical design principles of
| covert communications.
| istingray wrote:
| I wonder if the future of a company like Protonmail is that it
| has to be open source. Almost like simply an API, no privacy
| statement, no marketing, just a smart contract. More like
| UniSwap.
| [deleted]
| atoav wrote:
| Who pays the servers then?
| istingray wrote:
| The users. Who else?
| aembleton wrote:
| An intelligence agency such as the CIA
| ta988 wrote:
| How do you do emails on a blockchain? Is that another of
| those scenarios where "it will work when everybody will
| switch to the chain" ?
| wallacoloo wrote:
| The naive way would just be to send a transaction to the
| recipient's wallet address (or more practically, their ENS
| name) where the transaction payload is an encrypted text
| message.
|
| As you point out, that requires both parties be on the
| blockchain. If you want to send/receive off-chain, you
| would probably just set up a trusted relay. e.g. send an
| ethereum tx to emailrelay.eth and it would forward it over
| the SMTP system. Send an email from a SMTP client to
| recipientaddr.eth@emailrelay.eth.link and it'll do the
| reverse. This implementation would have the relay see all
| your plaintext messages. Not much different from how
| centralized email services like gmail operate, in practice.
|
| There's nothing that makes any of this technically
| infeasible to a knowledgeable dev today -- maybe it even
| already exists (ethmail.cc shows there's at least interest
| in it). Transaction fees kill this from a practicality
| point of view. Probably you want to roll this out on a
| layer 2 network, and those are still pretty new things.
| istingray wrote:
| Oh neat wasn't aware of ethmail.cc will check it out
| plafl wrote:
| > Transaction fees kill this from a practicality point
|
| That depends on the amount. If it's small it could be a
| feature.
| int_19h wrote:
| > No matter what Apple and ProtonMail and similar companies
| tell you, you cannot buy privacy off-the-shelf.
|
| You can. It's just not that cheap, and not quite as convenient.
|
| https://thehelm.com/
| istingray wrote:
| Oh neat, I haven't seen this before. Can you explain more for
| the rest of us? I saw it can be a personal email server - but
| then it started talking about storing everything for me and I
| lost a bit of interest as that sounds like it's trying to do
| everything.
| thpint wrote:
| By default they don't have logging on. Does not mean they can't
| turn it on if asked.
|
| You can't have privacy; you need to be actively participating
| in our society or you're dead. As soon as you try to build it
| you'll realize it's a full time job and you won't be able to
| afford to eat on what it pays.
|
| Only 5% of people in the US still hunt. We are coupled to the
| modern systems we have (unless MIT is right and it falls apart
| soon).
|
| You want privacy, go off grid. Those of us living on grid will
| be sure to leave you be and keep everything we build for
| ourselves.
|
| None of us explicitly cheered on the end of privacy but we did
| cheer on the engineering effort that made it happen. Despite
| numerous voices warning us.
|
| Ciao.
| ithkuil wrote:
| Yeah, this debacle will probably help them find a better
| wording of their guarantees.
|
| They do explain the threat model quite well but the information
| is scattered around (e.g.
| https://protonmail.com/blog/protonmail-threat-model/) and this
| matters in an era where the attention span of people is very
| short.
| motohagiography wrote:
| That threat model post is really good. I have a pet saw that
| is: for security companies, the threat model is the product.
| There might be a few things I would add to that post, but
| really, it's a very sound approach.
| filmgirlcw wrote:
| My problem isn't that ProtonMail followed the law, it's that the
| company's marketing has gone to extreme lengths to hide what
| exactly it will log (when compelled by the courts) and when it
| will fight.
|
| It's also concerning, legal or not, that logging was required in
| this case, which is not about drugs or the murder or corruption.
| But climate activism. By very young people. If the Swiss police
| will demand that data for something so small, that's a a concern
| about trusting their laws and authorities to be "better" than the
| alternative.
| bluelu wrote:
| So in other words, protonmail is only safe if you use it for tax
| evasion, as there the swiss authorities won't help foreign
| governments.
| tonfa wrote:
| They've been doing data sharing for a few years already,
| banking secrecy is only for swiss residents now.
| tyingq wrote:
| It's not a huge leap from a tax evasion charge to something the
| Swiss would help with. Money laundering maybe.
| koreanguy wrote:
| to the idiots who are using protonmail, you silly hipsters
| deserve it.
| beermonster wrote:
| TL;DR They don't log IP addresses. But they can be compelled to
| by Swiss law and they cannot NOT oblige as it's trivial for them
| to do at various levels in their stack without even needing to
| modify their software. So they advise you to use their onion
| address if you need to anonymity.
|
| Don't know why they can't plonk a tcpip->tor->ProtonMail reverse
| proxy in front of their infra offering this facility to every
| connecting client, and transparently. After all, their services
| (including ProtonVPN) already support tor to some extent.
| ocdtrekkie wrote:
| It seems like they could've simplified their explanations about
| only Swiss law applying by simply recommending Swiss users go
| elsewhere.
|
| It seems like the safest way to use email is to use email
| operated outside your own country.
| breakfastduck wrote:
| I think you're misinterpreting. It doesn't matter _where the
| user_ is from at all. They are obligated to disclose certain
| things if they get a request from the Swiss authorities, but it
| certainly does not only apply to people living in Switzerland.
|
| It simply means that if, lets say the US, govt makes a request,
| they are not obligated to comply unless they are specifically
| requested by the Swiss authorities.
| nucleogenesis wrote:
| I think the French asked the Swiss to aid them in the
| investigation. Idk the whole story but I think it was to get
| some squatting climate activists (you know, super serious
| crimes...).
|
| The linked post by Proton suggests VPN and Tor usage for better
| anonymity.
| lucozade wrote:
| I don't believe the person involved was Swiss. My understanding
| is that a request was made to the Swiss authorities by the
| French authorities.
|
| So, to avoid this, a user would need to not be accused of a
| crime in a country that is on speaking terms with Switzerland.
| kazen44 wrote:
| which is basically all of the EU and surrounding countries.
|
| this has been the case for a very long time. (more then 80
| years in the benelux for example).
| potatoeater515 wrote:
| Throwaway.
|
| As the manager of various accounts used by environmental and
| social activists on Protonmail, this is really bad.
|
| I understand they have to follow Swiss law, but surely there are
| higher standard and processes than: police forward foreign
| request. Don't challenge or question, just do task required.
|
| Interpol requests are not as universally recognized as what some
| people here are alluding to. Countries can file these requests
| with interpol but it's up each country to determine if they act
| or recognize the request.
|
| If the Chinese government files 500 requests via interpol and the
| swiss police merely pass them on the proton, will proton mail
| automatically comply and install malware on their client on
| targeted accounts?
|
| I hope this is not the case but I expect this to be clarified. On
| th face of it, organizing an occupy protest hardly seems to pas
| the bar of "serious criminal cases"
| basedrum wrote:
| Why don't you use riseup.net, they have been providing similar
| services _specifically for activists_ for more than 20 years.
| While they are based in the US, the idea that Switzerland =
| privacy is bull. In the US, you are _not_ required to keep
| logs. If you have them, you can be forced to turn them over,
| but if you don 't they cannot force you to enable them.
|
| I have been a riseup user for years. They have received foreign
| legal requests, and they do not simply do the task requested.
| They've also received US-based legal requests, and challenge
| them, but in the end, they do not have the data that is being
| requested, so ultimately they can respond saying exactly that.
|
| (throwaway aswell)
| poetaster wrote:
| 1 I know some staff at a remove of 1 degree. don't believe
| but can't prove the honeypot conjecture.
| keewee7 wrote:
| >riseup.net
|
| They are based in the US and only provide their services to
| radical leftist activists.
|
| That combination seriously smells like FBI honeypot.
| jjcon wrote:
| The great thing about no trust models is that even if they
| were comprimised it wouldnt matter
| poetaster wrote:
| Trees fails to load mobile?
| e12e wrote:
| Hardly. They get your password on login, and decrypt your
| mail. They don't (theoretically) even need a code change,
| just root/kernel level access/tracing to dump the
| password.
|
| Unless of course you were using PGP - but then you would
| be about as well off with Gmail?
|
| I mean, they provide a great service, and the stack is
| open - but I would hesitate to call it "secure" (that
| goes for ProtonMail too BTW).
|
| https://0xacab.org/liberate/trees
| tgsovlerkhgsel wrote:
| Where is the no trust model there though?
|
| If riseup were a trap, they could do all the logging (in
| secret), find the activist, then do parallel construction
| for the actual evidence presented in court.
| poetaster wrote:
| I've never understood decrypting with login credentials.
| My gpg creds are distinct. My client challenges on each
| mail. Can be set to save for key per session, but don't.
| luckylion wrote:
| > They are based in the US and only provide their services
| to radical leftist activists.
|
| They're pretty chill on who to provider their services to.
| Yes, they host radical leftist activists, but they also
| host pretty mainstream leftist activists. And they
| obviously don't care who does what, they don't check your
| accounts.
|
| I'm far from being a radical leftist (or any leftist!) and
| I have an account.
| willis936 wrote:
| In your job as an intermediary would it be reasonable to roll
| your own email servers? If done properly then you wouldn't have
| to trust anyone and could give instructions to your clients on
| how to produce and use their own private keys. Commercial mail
| providers don't offer this option for some (likely legal)
| reason, but if you're willing to share risk with the activists
| then I think it would be worthwhile.
| shapefrog wrote:
| > could give instructions to your clients on how to produce
| and use their own private keys
|
| PGP has been around since 1991, if it was as easy as writing
| a catchy how to, then some people might use it. Now 30 years
| in, basically nobody uses it. Got to wonder why ...
|
| > don't offer this option for some (likely legal) reason
|
| Not at all, they dont do it because it is a terrible customer
| experience. It is confusing, it is hard, if you lose a key,
| your data is garbage. If you make a copy of your key, you are
| not secure. Some people are happy to go that path, most are
| not.
|
| If only it was so simple. Imagine a world where Gmail
| launched, but if you forgot your password, boom, all your
| email is gone as is access to your email address. The next
| company that came along and offered 'password resets' would
| have wiped them out.
| listenallyall wrote:
| > if you forgot your password, boom, all your email is gone
| as is access to your email address
|
| Replace "email" with "Bitcoin"
| willis936 wrote:
| Those are all benefits when your goal is discrete
| communication: which is exactly what we're discussing.
| [deleted]
| tlogan wrote:
| Sadly, it is impossible hide your identity from gov and legal
| enforcement (from US to China) if you use any commercial
| service. As far as I know, FBI knows identity of all
| "ransomware" hackers. But they just cannot get them.
| shadowprofile76 wrote:
| Could you explain or substantiate this claim in a bit more
| detail? How is it absolutely impossible to find anonymity
| using any commercial service? and where did you hear that all
| the ransomware hackers are known?
| pyuser583 wrote:
| Interpol is simply a way for law enforcement to communicate
| across borders.
|
| If the Chinese government files a request by means of Interpol,
| it's very dishonest to say "an Interpol request." It's a
| Chinese request.
| raziel2p wrote:
| Interpol won't tell you it's a Chinese request though. You
| can claim it's dishonest by Interpol, but not by the party
| receiving the request at the end of the line.
| windthrown wrote:
| Your concerns are valid but I think you are downplaying this by
| characterizing it as "swiss police merely pass them to proton".
| Protonmail recieved a legally binding order from the Swiss
| Federal Department of Justice.
|
| I'm not saying Swiss laws are infallible but this request was
| not simply "forwarded": "Swiss authorities will only approve
| requests which meet Swiss legal standards (the only law that
| matters is Swiss law)"
|
| As they mentioned in the blog post, they do challenge many of
| these requests but it was not legally possible in this case.
| OrvalWintermute wrote:
| I think we are long past the point where we can trust _all_
| governments to use interpol notices only when required, _and_
| for the local law enforcement agencies not to take nuclear
| actions based on something that is clearly contrived, or
| political in nature.
|
| Now, I don't support squatting, but launching an interpol
| notice, and attacking privacy _under color of law_ seems like
| a misuse of the law, and abuse of the Swiss legal system.
|
| We may need to attack this problem differently since it
| appears the Swiss do not have the vaunted protections they
| claim.
|
| Also, we need Protonmail to look into offshoring, and
| obtaining independence of a potentially abusive legal system.
|
| Sealand had at least a few good ideas around immunities from
| State power.
| basedrum wrote:
| Switzerland is a grouping of "Cantons" and each has very
| distinct autonomy. Some of them are far more conservative
| than others, and are going to have judges who are going to
| make decisions accordingly.
|
| As much as we might like to believe it, law is not
| universally applied in a fair manner. Swiss authorities will
| approve requests that are total garbage requests. I happen to
| be on the receiving end of one of those, which was
| eventually, after significant time, effort and money thrown
| out for prejudice.
| naranha wrote:
| Replace "Swiss" with "US" and Protonmail with GMail and the
| sentence remains equally true. So I guess the question
| remains, what does Protonmail offer in terms of privacy that
| is better than GMail or Outlook, given that USA and Swiss are
| both adhere to democratic standards.
| elzbardico wrote:
| Comparing the USA to Switzerland is truly naive. The
| Switzerland doesn't have a permanent occupation of another
| sovereign country where Switzerland subjected prisoners to
| "enhanced interrogation techniques", not to mention other
| routine human rights abuse violations. And let's not forget
| that proton doesn't have the same record of customer abuse
| as google.
| woko wrote:
| > what does Protonmail offer in terms of privacy that is
| better than GMail or Outlook
|
| Encryption. That was always the point. Your emails are
| stored encrypted, and nobody can read their content except
| you.
|
| Not sure why some people expected ProtonMail to act as a
| magical VPN, both truly anonymous and not obeying to any
| court order, to an unencrypted email account like Gmail.
| naranha wrote:
| But you can also send encrypted E-mail using GMail with
| Thunderbird...
| e12e wrote:
| Or cut'n'paste ascii armored PGP data in any web mail.
| It's not very convenient, though.
| raziel2p wrote:
| The difference, I guess, is that someone wouldn't start
| protonmail in the US precisely because of this. If Swiss
| laws changed for the worse, they might consider changing
| their country of operations.
| basedrum wrote:
| Because of what? The US has fairly good privacy
| protections. Certainly, they are a five-eyes member, but
| for example it is not required by law that you keep logs.
| In many places in europe, it is required.
| dngray wrote:
| > what does Protonmail offer in terms of privacy that is
| better than GMail or Outlook, given that USA and Swiss are
| both adhere to democratic standards.
|
| Well for a start the privacy policy of Gmail allows them to
| use your data for advertising purposes.
|
| Secondly, emails encrypted at rest, are still encrypted, so
| at least the body is protected.
|
| Unless you were receiving emails that were encrypted prior
| to being sent that wouldn't be the case with Gmail.
|
| The threat model for Protonmail is fairly clearly defined
| under the "ProtonMail recommended use cases".
| https://protonmail.com/blog/protonmail-threat-model/
|
| The fact still remains email was probably not the right
| tool for these people as there is a lot of data stored
| server side.
| jjcon wrote:
| > Well for a start the privacy policy of Gmail allows
| them to use your data for advertising purposes.
|
| This is false - google stopped doing this for personal
| accounts many years ago (and never did for paid
| corporate).
|
| > emails encrypted at rest
|
| Google also encrypts at rest
| neltnerb wrote:
| Can Google decrypt without your permission?
|
| Honest question, because that's the obvious difference
| (if you believe ProtonMail claims).
| tgsovlerkhgsel wrote:
| Can you access your e-mail if you lose your phone, forget
| your password, get a new SIM card, and successfully go
| through account recovery?
|
| There is your answer.
| neltnerb wrote:
| I know that I cannot access my protonmail email under a
| wide variety of circumstances that I make efforts to
| avoid. Two of them involve forgetting complicated
| passwords, either of which would render my entire
| (historical) email vault unreadable. But it could
| absolutely be security theater.
|
| What I have no idea about is Google. Do they even need to
| do anything targeting you in order to decrypt the data or
| not? Obviously they can modify your software with a
| remote update such that they can capture your decryption
| password, but that's a lot more work than querying a
| database and using a master key that Google has on hand
| for this sort of thing.
| jjcon wrote:
| Yes google can, but if Protonmail can be compelled by a
| proxy foreign government to start logging an individuals
| IP, they could easily collect your decryption key with a
| targeted attack as well.
| sneak wrote:
| Alternately, they could just log plaintext emails as they
| come in, before being encrypted.
| neltnerb wrote:
| Right, of course. I'm talking about decrypting the past
| messages.
|
| Obviously they can modify their software to capture your
| decryption password, my question is more out of curiosity
| than it being a serious advantage against a state actor
| targeting you specifically.
|
| I am fairly sure that protonmail cannot do this without
| modifying the software to target me by capturing the
| decryption password.
|
| Of course they can always capture plaintext messages as
| they come in, we can only assume they don't keep records
| of that. If that's true, and we only have their word for
| that, it would make any requests forward focused, like a
| wire tap rather than a search of old bank records. They
| can't necessarily access old emails without explicit
| effort.
|
| It's not some insurmountable barrier, and I don't mean to
| suggest it is. It's trivial to think of at least three
| ways to work around it, assuming you are still logging
| in. But it is a difference in design.
| int_19h wrote:
| Countries override democratic standards for vaguely defined
| "national interests" all the time. It so happens that US,
| with its sprawling global empire, has a lot more "national
| interests" than the generally MYOB Swiss, and so is more
| prone to such abuse.
| malka wrote:
| IMO the problem is that France use anti-terrorists law against
| environmental activist. It is not the first time it happens,
| and I bet that it will happen again.
|
| If I were an environmental activist, I would definitely step up
| my operational security.
| shapefrog wrote:
| > use anti-terrorists law against environmental activist
|
| I have seen this commented a lot by people, that specifically
| anti-terrorist laws were used? But from what I have found,
| they used regular laws. Any chance you can point me in the
| right direction?
| malka wrote:
| I am not sure about this specific case, but France has done
| it multiple times in the past:
|
| https://www.liberation.fr/france/2015/11/27/l-etat-d-
| urgence...
|
| https://www.climatechangenews.com/2019/04/03/french-
| police-t...
| formerly_proven wrote:
| Reminder that France literally bombed and sunk a moored
| Greenpeace ship (killing one person) not that long ago to
| prevent further protests against their nuclear weapon tests.
| kook_throwaway wrote:
| For anyone else wondering: https://en.m.wikipedia.org/wiki/
| Sinking_of_the_Rainbow_Warri...
| brendoelfrendo wrote:
| While this is true, I wouldn't call 36 years ago "not that
| long ago." That is a literal lifetime ago for many users of
| this site.
| nraynaud wrote:
| they could still charge the bombers now, and everyday,
| the government more or less choses not to do it. While
| they still pursue the terrorists of the Red Brigades
| whose crime are even older.
| GekkePrutser wrote:
| They were actually charged and went to prison.
|
| Kinda weird actually considering they were operating on
| their own government's orders.
|
| https://en.wikipedia.org/wiki/Sinking_of_the_Rainbow_Warr
| ior
|
| Can you imagine, the government telling you to do
| something and then dragging you in front of a court after
| you do it :S I don't think they should have gone through
| with it but as they were under orders I don't think the
| responsibility lies with them.
|
| By the way I really miss the way Greenpeace is no longer
| a grassroots environmental organisation. Protesting
| against nuclear testing, whaling etc the way they did was
| risky but effective.
|
| Nowadays they're just another multinational corporation,
| just with some environmental goals. It's no wonder
| they're never really in the news anymore. And the need
| for this activism is actually much greater than ever now.
| avodonosov wrote:
| Why do the climate activists hiding, I can not understand?
|
| Climate is fashionable and respected today, they would got
| medals maybe if not hiding?
|
| I can openly say that I am for good climate and ecology. Greta
| Thunberg is also not hiding.
|
| And about this specific activist, do you know what he is
| accused of? (It must be something other than activism, right?
| Difficult to imagine climate activism is illegal in France).
|
| PS: I understand this topic is mostly about Proton failing the
| privacy expectations, but curious to know what can activist be
| charged with.
| cocoggu wrote:
| It's up to the local authorities as you said. If the Chinese
| government files 500 requests on interpol and the Swiss
| authority recognizes the requests, ProtonMail will just have to
| comply.
|
| But usually interpol rejects many requests from the Chinese
| government (to track uyghurs for example).
|
| The real scandal here is why the French authority is making
| such request on an activist, why Interpol processed it (as far
| as I understand there are no crimes in play here?), and why the
| Swiss authority recognizes the request? Perhaps we don't have
| the full story, but, with only the information we have, it
| sounds like an abuse of the protocol on 3 different entities.
| And double standards from Interpol (not okay to track down
| chinese activists, but ok for french activists?)
| lima wrote:
| > _The real scandal here is why the French authority is
| making such request on an activist, why Interpol processed it
| (as far as I understand there are no crimes in play here?),
| and why the Swiss authority recognizes the request?_
|
| This seems easy to answer - according to French media[1],
| they were activists illegally occupying[2] buildings to
| protest rising real estate prices. This is illegal in
| Switzerland, too. What's the scandal? Authorities using their
| powers?
|
| [1]: https://www.lesnumeriques.com/vie-du-net/protonmail-a-
| fourni...
|
| [2]: https://www.lefigaro.fr/societes/a-paris-un-local-du-
| restaur...
| cybrox wrote:
| > but surely there are higher standard and processes than:
| police forward foreign request. Don't challenge or question,
| just do task required.
|
| There are, which they specifically described.
|
| This also goes for your second described case. The chinese
| government is only one of the two required.
| avodonosov wrote:
| What does the word "activist" mean in this case? What form did
| the activism take, that a criminal case was opened?
| cryptonym wrote:
| That's the small story in the bigger one. In the end, Proton is
| failing to deliver service that claimed to not record PII
| therefore failing protect their users.
|
| One could argue they only protect good users - as defined by
| Swiss law. Then what's the point of Proton?
|
| Next time, a whistleblower from a Swiss bank or agency?
| avodonosov wrote:
| I understand that Proton failing the privacy expectations.
|
| But curious about the other part of the story. The word
| "activist" is abused very often. I can not find the details,
| what exactly they are trying to dress up as "activism" is
| this case.
|
| Also, "activist arrested" makes impression he was arrested
| for activism. But strictly speaking, the charge may be
| totally unrelated.
| jijji wrote:
| if you think your email provider is immune to search warrants,
| thats your first mistake... how about dont use email to conduct
| your illegal business?
| SturgeonsLaw wrote:
| Are we now calling climate activism "illegal business"?
| Avamander wrote:
| Keep in mind that illegal does not mean unethical, and vice
| versa. Parent comment is just stating what it was.
| temp8964 wrote:
| Certain behaviors (such as occupy other people's property) do
| not suddenly become legal/ethical just because you have a
| climate activism agenda in your head.
| jaggs wrote:
| Most social change over the years has happened because of
| activist action which was considered 'illehal' at the time.
| Civil rights, workers rights, voting emancipation etc etc.
| Legal and ethical are not necessarily the same thing.
| dafelst wrote:
| Don't conflate "illegal" with "wrong".
|
| Obviously there is a lot of overlap, but the reality is that
| civil disobedience is often the only way to force changes in
| unjust laws, history (even incredibly recently) has proven that
| time and time again.
| [deleted]
| istingray wrote:
| Journalists, whistleblowers, and teachers in certain countries
| are performing "illegal business".
| janmo wrote:
| Here is what is written in the police report, and it doesn't look
| good for Protonmail:
| https://twitter.com/OnEstLaTech/status/1434576598418796549/p...
|
| It's in french but here is a summary: Law enforcement contacted
| Protonmail directly and the company told them to use the "Europol
| channel", which law enforcement did.
|
| Protonmail then provided the date when the account was created,
| the IP address (Not clear if it is the one when it was created or
| last login) and the "device", I suppose they are talking about
| the user agents.
|
| Please keep in mind that companies can charge processing fees on
| law enforcement requests. I would really like to know if
| ProtonMail is earning money on this.
| rinron wrote:
| No company or organization can sustainably stop a determined
| government request that they continue to operate in financially
| or physically. It doesn't matter what the company says at some
| point they will be forced to either shutdown or give in eg
| lavabit(1). The government can trace and stop the flow of all or
| most of their money threating their primary motivation for the
| business. Or they can physically detain people or equipment
| required to function.
|
| the only way for an entity to never comply with government orders
| and continue to function is to remain anonymous and their servers
| accessible only via temporary addresses or tor since static ip's
| and domains can be taken away. Making it impossible for receiving
| email and more effort than the average person would want to
| access. It then becomes a catch 22 as you cant fully trust an
| anonymous, transient entity since their motivation can never be
| verified(they could be a honey trap), they can rarely be held
| accountable if they betray you, and they could be replaced or
| compelled to comply without anyone knowing(someone part of a
| visible physical social network could have friends put out a
| warning if something suspicious happened to them).
|
| What it comes down to is what we already know. they only way to
| be sure your email provider wont hand over your emails is to run
| your own email server anonymously. For anyone who cant do that
| protonmail is still likely the best choice even if its imperfect.
| plus adding whatever other layers of protection on top you are
| capable of.
|
| 1. https://en.wikipedia.org/wiki/Lavabit
| OrvalWintermute wrote:
| I don't think this clarification is sufficient for the weasel
| words in their advertising/marketing.
| joering2 wrote:
| > We are also deeply concerned about this case and deplore that
| the legal tools for serious crimes are being used in this way.
|
| Good PR job! Instead of saying "okay we remove "by default" from
| our marketing materials because yeah if LE ask us to start
| logging, we gladly do whatever the case against someone is, i.e.
| jaywalking", they simply post a fake outrage in hope to minimize
| people leaving them. Well, I wasn't to, but now after this blog,
| I am moving away my 8 domains on platinum account. I mean
| seriously Google Suite is $6 per month, so why the heck should I
| need this fancy email hosting in the middle of Switzerland
| mountain BS, if at the end of the day they will comply with
| everything LE will throw at them, and then some. Seriously at
| this point it looks like Google legal arm is better at trying to
| fight subpoenas against you and force LE to show serious crimes,
| than Proton is.
| flotzam wrote:
| They claim to have exceptionally good Tor support, when in
| reality people have (rightly) been screaming at them for years
| now to fix their permabroken Tor signup flow.
|
| 1. It's impossible to _create_ a paid account with
| cryptocurrency: You can only use it to pay for an _existing_
| account
|
| 2. It's impossible to anonymously create any account over Tor:
| You have to at least pass SMS / secondary email verification, and
| it better not be an easy to get address ("Email verification
| temporarily disabled for this email domain" etc.)
|
| Lots of marketing and boxticking (.onion: check), but it looks
| curiously hostile to anonymity if you actually try to use it.
| istingray wrote:
| Disclaimer: Paying Protonmail customer
|
| Proton's first and last blog post about Tor was in 2017. [1]
|
| The CEO today claimed to be a leader with Tor simply because
| they have a Tor site up.
|
| This is 2021, not 2017. I expect better.
|
| [1] https://protonmail.com/blog/tor-encrypted-email/
| grappler wrote:
| and, the onion address is for their old service. They haven't
| redirected it to their new updated service, or published
| another onion address for their new service.
|
| Link back to thread about this in the earlier protonmail
| story: https://news.ycombinator.com/item?id=28429582
| zarzavat wrote:
| They are an email provider. Providing true anonymity leads to
| spam abuse. Spam abuse leads to blacklisting. And blacklisting
| leads to bankruptcy. Not sure what people expect.
| LWIRVoltage wrote:
| I don't understand why spammers can't be fully stopped via
| built-in methods that prevent say, mass emails to more than a
| certain number of independent contacts upon account creation,
| for the first month maybe of service.
|
| Why give up on this point? There's nothing that says true
| anonymity has to lead to spam. Spammers have the limit that
| they have to spam to , presumably make money, since they go
| via the 1000 tries and only needing one hit to win. They have
| a weakness. users and activists dont have this weakness
| really.
| Avamander wrote:
| > for the first month maybe of service.
|
| They probably have that, but spammers can wait. They have
| the time and money(!) to figure these limits out.
|
| > There's nothing that says true anonymity has to lead to
| spam.
|
| Lack of burdens against abuse does say that it leads to
| abuse.
| istingray wrote:
| Figure out how to solve it. People need to be able to create
| accounts through Tor.
|
| Otherwise I'll just use Gmail it's free.
| woko wrote:
| > I'll just use Gmail it's free.
|
| So that is your alternative... Not sure what your threat
| model was.
| istingray wrote:
| My threat model is an un-educated population of people
| who don't value privacy or care about surveillance. I'll
| put up with shitty tools in the mean time but can only
| support those who are building a better future.
|
| I would switch to Gmail and donate my $50/year to EFF.
| JadeNB wrote:
| How does using Gmail help to address the threat of people
| who don't value privacy? It seems to be joining them.
| istingray wrote:
| Thought I was pretty clear here. My $$ going to EFF is
| meant to get me more bang for my buck than using
| Protonmail.
| istingray wrote:
| Thought I was pretty clear here. My $$ going to EFF
| (Electronic Frontier Foundation) is meant to get me more
| bang for my buck than using Protonmail.
| flotzam wrote:
| $48/year per address is an expensive way to spam.
| istingray wrote:
| Yes it's time Protonmail got rid of free accounts. Or
| disable free accounts so they can't send more than 10
| emails a day.
|
| This isn't rocket science, Protonmail. You make it look
| hard. I'll take my money elsewhere (open to suggestions
| here).
| woko wrote:
| > I'll take my money elsewhere.
|
| Feel free to report where. Something tells me it ain't
| that easy to find a decent alternative.
| istingray wrote:
| Edited to say I'm open to suggestions here. Given that
| Protonmail dropped the ball for $60/year, apparently
| that's not enough to keep them focused. I'm prepared to
| pay $100/year for email now.
| CyanBird wrote:
| Go check ctemplar, it is not without faults, but it seems
| to be that, or set up your own lavabit/tutanota server
| bserge wrote:
| Any service that won't comply with local authorities
| risks getting shut down at any moment.
|
| That said, I do have a country perfect for this - lax law
| enforcement, outside EU but bordering it, no US, Chinese
| or Russian affiliation, either, very reliable high speed
| Internet and cheap electricity.
|
| Something tells me as soon as most people see the name,
| they will refuse to sign up.
| smnrchrds wrote:
| Turkey?
| istingray wrote:
| What about what I said suggests anything about not
| complying with the law? All my suggestions to Protonmail
| were around transparency and user education. They can
| host it in China if that's the case for all I care. In
| the modern age, every state is an adversary.
| dwild wrote:
| > Not sure what people expect.
|
| Transparency as the bare minimum? We are talking about a
| service that you expect to handle some sensitive information,
| you expect them to be transparent on what they do. If they
| block account creation over TOR because of spam issues, then
| that's should be said clearly on their platform.
|
| OP is not only complaining about free account, they are also
| mentioning paid account, which has a 1k message per day
| limit. No spammer is going to pay 5 euros to send 30k message
| in a month, that just not worth it. So there's no reason to
| block paid account too.
| ur-whale wrote:
| > Due to Proton's strict privacy, we do not know the identity of
| our users, and
|
| That is not something I'm ready to believe.
|
| I remember trying to sign for a protonmail account a while back.
|
| At some point in the process, they do ask for a valid cell phone
| number, which, unless you go to the length of getting a burner
| (not easy in many European countries except maybe the UK)
| basically means they know exactly who you are.
|
| When I saw this, I walked away.
|
| > under Swiss law, Proton can be forced to collect information on
| accounts belonging to users under Swiss criminal investigation.
|
| There's complying with the law like a good little sheep, and
| there's acceptable civil disobedience.
|
| In this specific instance, proton should have taken the latter
| approach.
|
| Take the fine, go to court, fight the injunction tooth and nail,
| make sure that even if they lose, the Swiss govt. knows the kind
| of fight and waste of time and money they're in for each time
| they come knocking.
|
| They just bent and complied like good little boys.
|
| Now their business model is compromised, serves them right.
| kdunglas wrote:
| This follows https://news.ycombinator.com/item?id=28427259
| YLYvYkHeB2NRNT wrote:
| Disclaimer: I am a paying customer.
|
| Very classy post. To-the-point. There are limitations with
| digital services.
|
| If you don't like what happened, you need to change things. They
| only way to change things is to change the law. This begins with
| voting.
| sshine wrote:
| ...from prison, where you were put because your email
| provider's guarantees eroded over time.
| DanHulton wrote:
| Did you read the article? Because their guarantees didn't
| "erode over time," this exact attack vector, and how to
| mitigate it, was disclosed in their public report over five
| years ago.
| viktorcode wrote:
| Or, you could change the country of your email provider.
| blueline wrote:
| What do I do when not a single candidate in any election that I
| can vote in has even heard of, much less taken my preferred
| position on, this issue?
| breakfastduck wrote:
| Run yourself
| WJW wrote:
| - Lobby with the existing candidates (and/or incumbents) to
| get them to take a stand on this issue.
|
| - Same point as before but indirectly: gather public support
| by leveraging the (social) media available to you.
|
| - If all else fails: run for office yourself.
| baybal2 wrote:
| > - If all else fails: run for office yourself.
|
| I advise all, especially Americans, to do this first.
| ezluckyfree wrote:
| It's very rare to actually change things in a liberal democracy
| with voting. This is a central contradiction of the system,
| because there is very little incentive for existing governments
| to offer the ability to vote for policies which would change
| the status quo. Probably doubly so with something as subversive
| as what you are suggesting, states don't like it when non-
| states are able to keep secrets.
|
| Modern labor rights, environmental policy, and basic equality
| for marginalized groups (women, POC, LGBT people etc.) under
| the law, are frequently touted as victories of liberal
| democratic systems but almost all of these rights exist because
| of massive civil disobedience, and often violent protests.
|
| In all cases, you need huge support of the voter base for a
| particular issue before voting for a candidate to represent it
| is ever an option. Even then, there is simply no way to hold
| elected officials accountable to implementing their platform,
| and how could there be? No plurality of elected officials would
| ever want to pass that law in the first place.
| ploika wrote:
| It might largely depend on whether you live somewhere with
| proportional representation or not. Full-on revolution at the
| ballot box is rare in liberal democracies, sure, but single-
| issue candidates get elected pretty commonly and often have
| outsized influence if they're needed for a coalition
| government.
| vorpalhex wrote:
| Women's rights actually occurred in defiance of popular
| numbers by a vote. In the US, the same thing happened for
| integration of schools.
|
| You do, typically, need a majority of the voters to agree
| with you. In representative democracy that means you need a
| plurality of representatives.
|
| Candidates can and do lie. That is something you need to
| evaluate as part of voting for them.
| polote wrote:
| The only issue here, is that Proton said on their homepage that
| they don't log IP, but they in fact do it when asked by the
| police. Vote will not impact that.
|
| Anonymity doesn't exists for GAFA or Big governments on
| internet that's all, if you are not happy with that, you can
| vote as you want it will not change. But anonymity in society
| will soon stop existing as well. With all cameras that we have
| everywhere, we just need the Chinese facial recognition system
| and that will be the end. That's how it is.
| YLYvYkHeB2NRNT wrote:
| They have always said that. Years go.
| LWIRVoltage wrote:
| It appears they didn't start logging until ordered to.
|
| So, this might be in line with their policy of not having logs by
| default- but I have to wonder if this applies to phone
| numbers(which the crowd that signs up using VPN/TOR reports that
| they're required to provide).
|
| If they don't keep that info, then Protonmail would be solid as
| long as you access it via VPN well before a order tells them to
| start monitoring the IP.
|
| I'm also curious, I see here they do this for spammers - there is
| no way, a better system can't be created to 'verify' users
| against spammers ,since I see their logic here that spammers are
| why they do it
| https://old.reddit.com/r/ProtonMail/comments/phnyd9/why_is_p...
|
| I'm aware that every other major email provider bans your account
| if you don't provide a phone umber shortly after account
| creation, such as Outlook for example. (Others require phone
| numbers up front, and all of them ban VOIP numbers)
|
| We're nearly at the point that you can't email anyone without
| providing your phone number or other details...I know social
| media is already like that.
|
| One thing i noticed, For things like Discord even, if you make an
| account, give them a non-major email address and they then force
| you to give a email, or else you can't sign in to that formal
| account. for now one can still use a permalink to get to a
| discord server without having to make an account...for now..
|
| Protonmail is a standout if they don't log any of it, and still
| the best option left in the world, but this is still a icky
| situation.
|
| I see also they point out Swiss law means this cannot happen to
| the ProtonVPN service, as email providers are specifically
| legally in the situation they have to allow active monitoring.
| Not for Swiss VPN providers...
|
| And one needs a 'big' email provider address, or else it gets
| rejected by multiple services now that require a email address
| for sign up or usage.
|
| I hope they clarify that payment details /phone numbers of
| TOR/VPN users doesn't get logged, like IP addresses, by default.
| Also, more importantly- that they move forward in fully
| dissuading spammers, and remove the phone requirement of people
| signing up anonymously
| joering2 wrote:
| > Under no circumstances can our encryption be bypassed, meaning
| emails, attachments, calendars, files, etc. cannot be compromised
| by legal orders.
|
| This is false. Just like LE forced them to turn on IP logging on
| someones account, same LE can force them - by law - to install
| some javascript code to AJAX back home the unencrypted content of
| the email once the client opens their email. How stupid do they
| think people are??
|
| > There was no legal possibility to resist or fight this
| particular request.
|
| WTF? So Switzerland is a fascist or authoritarian state now that
| you cannot take your own Government (in this case LE) to court
| and argue in front of a judge? I thought there is a separation of
| power in Switzerland, no? Then why the heck did Protonmail chose
| Switzerland to host their mail if they are being so oppressive?
| macinjosh wrote:
| As always, the root problem is abuse of citizens and the law
| perpetrated by the government. Using terror laws to go after a
| climate activist is peak authoritarian for western democracies so
| far. Our climate is failing and instead of listening to those
| speaking up they jail them.
| noncompliant wrote:
| the capitalist class will do anything to protect its interests.
| if it means sacrificing democracy, so be it. its nothing really
| surprising
| vorpalhex wrote:
| Oh man, if you think the capitalists are bad wait until you
| hear about the fascists, the communists and the monarchs!
| kmonsen wrote:
| That's a pretty weak response, most likely someone being
| negative about capitalists are already upset about all the
| ones you mention.
|
| More transparency and more equality is what many are
| looking for are your response dies not cover that at all.
| sennight wrote:
| > Using terror laws to go after a climate activist is peak
| authoritarian for western democracies so far.
|
| It wasn't too long ago that Eco-terrorism was a thing that
| resulted in people's homes being burned down. I have a family
| member who got injured as a result of somebody digging holes in
| a fairly remote grass air strip. I'm sure somebody would
| describe the guy with a post hole digger as a heroic "climate
| activist". This situation doesn't appear to be that, but that
| might provide a little good faith context for why law
| enforcement would be interested in going after the likes of
| ELF.
| JohnJamesRambo wrote:
| It's hard for me to even find info about what the group did but
| this sure doesn't look like terror.
|
| https://www.flickr.com/photos/dprezat/50386413932
| rogers18445 wrote:
| > Under no circumstances can our encryption be bypassed, meaning
| emails, attachments, calendars, files, etc. cannot be compromised
| by legal orders.
|
| This is false.
|
| Each time you visit protonmail you re-download (cache can be
| invalidated) their client. It would be trivial for them to serve
| a specific user a modified client which uploads their encryption
| keys.
|
| This problem is not specific to protonmail, any service which
| contends to be secure with respect to some server (the protocol
| relies on the client to decrypt stuff the server cannot) can be
| compromised this way because of implicit trust in the client
| software which can be modified at any time with no notice -
| making any auditing entirely meaningless in the case of targeted
| attacks.
|
| This problem should perhaps be addressed by browsers since it
| seems they are becoming pseudo operating systems.
| TacticalCoder wrote:
| They say "cannot be compromised by legal orders" and they say
| they are bound by and only by swiss laws.
|
| Maybe what they mean is that the swiss authorities have no
| legal basis on which to force them to serve a modified,
| backdoored, client like the one you're talking about.
| FootballMuse wrote:
| $5 wrench is pretty effective
| gruez wrote:
| $5 wrench does not fall under "legal orders"
| FootballMuse wrote:
| Yes, probably not. The point is that there are other ways
| to "force them to serve a modified, backdoored, client"
| blitzar wrote:
| My $5 wrench goes a lot further if I skip the backdoor,
| and go 'talk' to the target directly. The end of the
| encryption is always the simplest vulnerability to
| exploit.
| cto_of_antifa wrote:
| I suppose in that case your threat actor is... The mafia?
| Is lucky Luciano trying to take your ethereum?
| panarky wrote:
| Their marketing copy still says "Anonymous. Opt out of
| tracking or logging of personally identifiable information".
|
| And "Unlike competing email services, we do not track you."
|
| Nowhere does it say "Unless your government asks the Swiss
| government then we'll capture, log and report every IP
| address you use".
|
| Source: https://protonmail.com/security-details
|
| Screenshot: https://imgur.com/a/gfUcYme
|
| And this marketing copy was rewritten after this incident.
|
| Before this incident it didn't say "opt out of tracking". How
| does one "opt out", by using Tor?
|
| It used to say, in bold print, "No tracking or logging of
| personally identifiable information".
|
| No weasel words about requiring the user to take some
| unspecified action to "opt out". No asterisks or caveats or
| warnings of any kind.
|
| It also used to explicitly promise: "we do not record
| metadata such as the IP addresses used to log into accounts".
|
| Now that part is mysteriously gone.
|
| Pretty shitty to quietly flush this down the memory hole,
| then pretend nothing's changed, blaming and gaslighting users
| for not understanding.
|
| Source: https://web.archive.org/web/20210607023937/https://pr
| otonmai...
|
| Screenshot: https://imgur.com/a/R1muChN
| luckylion wrote:
| This point is weird. No reasonable person would understand
| that sentence to include "and we won't even comply with
| court orders".
| panarky wrote:
| Seems reasonable to understand "no tracking or logging"
| to mean that in the event of a government demand to
| produce records, they could honestly reply that no
| records exist.
|
| Other email providers keep logs that they provide to
| governments when there's a legal order.
|
| What's the point of bragging about "no tracking or
| logging" if you're just going to track and log like every
| other email provider if the government asks for it?
| luckylion wrote:
| > Seems reasonable to understand "no tracking or logging"
| to mean that in the event of a government demand to
| produce records, they could honestly reply that no
| records exist.
|
| And they would. They don't keep those records. However,
| when a government agency shows up with a court order that
| states they have to cooperate and provide those records
| _going forward_ they must comply.
|
| > What's the point of bragging about "no tracking or
| logging" if you're just going to track and log like every
| other email provider if the government asks for it?
|
| Again: a reasonable person would not assume that their
| email provider is a criminal enterprise that does not
| comply with the law.
| OrvalWintermute wrote:
| Appreciate the analysis!
|
| I think PM's approach is more lipstick on a pig. It may be
| a good looking pig compared to the other pigs (gmail), but
| it is still a pig. Blue ribbon pigs are still a pig.
|
| Am expecting some real change if PM wants my $.
| AniseAbyss wrote:
| I would not be surprised if Swiss intelligence agency does
| have the legal power to hack whomever they want.
|
| The idea that someone can just pay EUR60 per year and expect
| to be safe from State prosecution seems so naive.
| [deleted]
| 3np wrote:
| Not only that, but it's very unfortunately worded. There's a
| missing " _contents of_ emails, attachments, calendars, files,
| etc. cannot be compromised by legal orders ", since I assume
| there is vital metadata that still can be compromised.
| aero-glide2 wrote:
| Good idea for a browser addon to check for that.
| wizzwizz4 wrote:
| There's no design of browser add-on that _could_ check for
| that. They update it every so often as it is, and they could
| serve the modified version to _everybody_ , but it only does
| the modified behaviour for some people.
| dane-pgp wrote:
| The browser add-on that comes closest is Signed Page[0],
| and in theory it could provide TOFU level security by
| requiring the user to opt in to new versions. For unclear
| reasons, though, the devs seem to be against implementing
| that.[1]
|
| Any system for protecting against backdoors assumes that
| someone is auditing the code to check for user-specific
| code paths, so the only extra layer of security to add is
| some sort of Binary Transparency. A good example of that is
| Sigstore, which is being experimentally integrated with the
| Arch Linux package ecosystem.[2]
|
| [0] https://github.com/tasn/webext-signed-pages
|
| [1] https://github.com/tasn/webext-signed-pages/issues/13
|
| [2] https://github.com/kpcyrd/pacman-bintrans
| [deleted]
| [deleted]
| 0kto wrote:
| There is actually one: https://www.mailvelope.com/en/ (works
| on gpg encrypted mails, and handles decryption / encryption
| entirely on the client side)
| vmoore wrote:
| > Each time you visit protonmail you re-download (cache can be
| invalidated) their client
|
| What about their app? They'd have to push a malicious update
| through the Play Store or Apple's Store to target someone,
| which is very unlikely.
| kijin wrote:
| You can use ProtonMail Bridge with your own mail client to
| remove the dependency on the ever-changing webapp. I'm not sure
| if it's possible to build Bridge from source instead of blindly
| trusting the binaries they offer, though.
| sneak wrote:
| You also can't use your own mailbox keys loaded into bridge -
| the only mailbox keys that can be used seem to be generated
| inside their app (which from a security standpoint is the
| same as generated on their server).
| DocTomoe wrote:
| when you do, be aware that locally encrypting mail and
| sending it over the bridge will not work.
| neltnerb wrote:
| And that the bridge exposes your IP address if you aren't
| using Tor.
|
| This isn't a complaint, it should be pretty obvious. Though
| it'd be neat if they integrated Tor into the Bridge such
| that they cannot tell where the connection is coming from,
| that would be cool.
|
| Not that this is really part of my threat model anyway, I
| don't expect protonmail to be anonymous, merely more
| private in certain situations.
|
| I posted this as an idea if anyone wants to vote it up,
| they seem to be pretty responsive to end users compared to
| other services (at least the paying ones).
|
| https://protonmail.uservoice.com/forums/284483-protonmail/s
| u...
| ignoramous wrote:
| One possible mitigation to this would be to let customers
| deploy ProtonMail's open-source client [0] themselves to
| wherever (as one example, this is something that TermPair
| implements [1]).
|
| [0] https://github.com/ProtonMail/WebClients
|
| [1] https://github.com/cs01/termpair/#static-hosting
| dane-pgp wrote:
| Another possible mitigation is SecureBookmarks[0] which uses
| SRI integrity hashes and Data URLs to ensure that you always
| get the same web app.
|
| At worst, this means the security level fits the TOFU model
| (Trust On First Use), which is better than the default BEEF
| model, which stands for "Beware Each and Every Fetch".
|
| [0] https://coins.github.io/secure-bookmark/
| upofadown wrote:
| Mailvelope is basically Protonmail's OpenPGP javascript
| client done as a browser plugin.
| ncphil wrote:
| Mailvelope (https://github.com/mailvelope/mailvelope) is an
| open source extension for Chrome and Firefox that allows
| users to use openpgp encryption with any webmail provider.
| Unfortunately, I have only one contact who has corresponded
| with me using pgp. But two others (both activists) use
| ProtonMail (my only reason for having an account on the
| service) -- but not Tor (their ProtonMail use predates the
| latest "explainer").
|
| As several others here have written, the vast majority of
| people don't care about their (or your) privacy: so most of
| our contacts are just more holes in a very leaky boat.
|
| When it comes to email, I'm going to go out on a limb and
| say people should _never_ trust it for sensitive
| communications. Message content itself can be protected by
| pgp encryption (if people would bother to use it), but
| there's no watertight way to consistently avoid the kind of
| relationship mapping that nation states and transnational
| corporations have been doing for the last two decades. That
| game is already over, and Big Brother won -- no matter who
| you use for email.
| blitzar wrote:
| > Message content itself can be protected by pgp
| encryption (if people would bother to use it)
|
| The message might be encrypted, but if they get to the
| other guy and offer him a sweet enough deal, there is no
| protection. There are two copies of the content out
| there, if it is that serious, why leave the papertrail.
|
| People like to believe they are subverting the CIA
| snooping on all their very important 'activism', but in
| reality the most they are doing is opting out of google
| using their emails to market them shit they were never
| going to buy in the first place.
| upofadown wrote:
| Email isn't much worse at leaking metadata than most of
| the things people use for messaging and is better than
| many:
|
| * https://articles.59.ca/doku.php?id=em:anonemail
|
| Ultimately, for the strongest privacy protection you need
| to go to something offline, like email:
|
| * https://articles.59.ca/doku.php?id=em:emailvsim
|
| Obviously not everyone needs the highest level of
| protection, but the fact still needs to be acknowledged.
| wizzwizz4 wrote:
| They could just _not encrypt_ future emails. Wouldn 't help
| where they've already discarded the plaintext, but newer emails
| are usually more useful anyway.
| [deleted]
| djoldman wrote:
| I imagine protonmail users would like to know exactly what types
| of data are provided to authorities if they are compelled to
| provide it.
|
| Is it a list of access time, IP tuples? Is that it or more?
| COGlory wrote:
| I don't understand why it is so hard for people on HN to
| understand that "no logs by default" is perfectly compatible with
| "if the government orders us to turn on logs, we must".
| poetaster wrote:
| Maybe posteo as alternative? But, really, self~host. I know I'm a
| perv, but, since rspamd came along, I like doing my own mail. PS.
| Maintain qmail/courier and postfix systems available as hidden
| services. Have crypto lists with schleuder.
| bjowen wrote:
| > 5. _Under Swiss law, it is obligatory for a user to be notified
| if a third party makes a request for their private data and such
| data is to be used in a criminal proceeding. More information can
| be found here._
|
| This is subject to carve-outs of course, but it would be
| interesting to see how PM seeks to achieve this.
___________________________________________________________________
(page generated 2021-09-06 23:01 UTC)