Well, this is unfortunate.
-
@Uair All your email on Proton's servers are stored client side encrypted. They don't have the information needed to decrypt it.
Also, being owned by a Swiss non-profit means they can't lie about what they do or don't do since they would be shut down immediately by European - thus functioning - legal system.
-
@Uair All your email on Proton's servers are stored client side encrypted. They don't have the information needed to decrypt it.
Also, being owned by a Swiss non-profit means they can't lie about what they do or don't do since they would be shut down immediately by European - thus functioning - legal system.
-
Well, this is unfortunate.
"Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the [US] government when asked. Proton hid them from their privacy policy."
#proton #protonmail #digitalsovereigty #opensource
https://www.sambent.com/proton-meet-isnt-what-they-told-you/
-
@Brentguernsey a great option, has been around for a while.
I have nothing against Proton, I'll still use it for my email, but I'll hold off on using their videocalling service until they've addressed this blogpost.
-
Tell us more about these "feds" that break the encryption the linked article says is perfectly fine.
@troed@swecyb.com @Gina@fosstodon.org
You don't need to break any encryption when E-mails arrive at your mailserver in perfect plain text lol
You are one swiss court order away from getting all of that stuff intercepted as it arrives. -
@troed@swecyb.com @Gina@fosstodon.org
You don't need to break any encryption when E-mails arrive at your mailserver in perfect plain text lol
You are one swiss court order away from getting all of that stuff intercepted as it arrives.I assume you think that "lol" somehow makes your post true?
Tell me more about how the Swiss privacy laws enable this "fed" honeypot. You know, for them to actually intercept they'll need a whole lot more than "someone wants to".
Or maybe you're simply posting FUD on a subject you have absolutely no knowledge of?
-
I assume you think that "lol" somehow makes your post true?
Tell me more about how the Swiss privacy laws enable this "fed" honeypot. You know, for them to actually intercept they'll need a whole lot more than "someone wants to".
Or maybe you're simply posting FUD on a subject you have absolutely no knowledge of?
@troed@swecyb.com @Gina@fosstodon.org
There is more than enough documentation on Proton sharing extensive metadata with authorities leading to arrests, multiple times. Do one search. At that point it doesn't matter whether you share message content, metadata is just as important. -
@troed@swecyb.com @Gina@fosstodon.org
There is more than enough documentation on Proton sharing extensive metadata with authorities leading to arrests, multiple times. Do one search. At that point it doesn't matter whether you share message content, metadata is just as important.I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.
-
I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.
@troed@swecyb.com @Gina@fosstodon.org Okay bro. I'm sure you believe that.
-
@troed@swecyb.com @Gina@fosstodon.org Okay bro. I'm sure you believe that.
Absolutely everyone who has any knowledge about the Swiss legal system and Proton's ownership knows they by definition cannot be a "massive fed honeypot" - which were your words.
"bro"
-
I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.
@troed@swecyb.com @privateger@plasmatrap.com @Gina@fosstodon.org
https://web.archive.org/web/20210123101755/https://eprint.iacr.org/2018/1121.pdf
https://web.archive.org/web/20210907033657mp_/https://protonmail.com/blog/transparency-report/Upon receiving a judicial order, ProtonMail is obliged to provide any user information readily available that would help identify a user that is subject to a criminal investigation that has been validated by Swiss authorities. In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.
http://web.archive.org/web/20210907022818/https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/?guccounter=1So, in the specific case, it looks likely that ProtonMail was either under legal order to delay notification to the account holder — given what appears to be up to eight months between the logging being instigated and disclosure of it — or it had been provided with information by the Swiss authorities which led it to conclude that delaying notice was essential to avoid a risk of “injury, death, or irreparable damage” to a person or persons (NB: it is unclear what “irreparable damage” means in this context, and whether it could be interpreted figuratively — as ‘damage’ to a person’s/group’s interests, for example, such as to a criminal investigation, not solely bodily harm — which would make the policy considerably more expansive).
It’s that IP monitoring component which has caused such alarm among privacy advocates now — and no small criticism of Proton’s marketing claims as a ‘user privacy centric’ company.
It has faced particular criticism for marketing claims of providing “anonymous email” and for the wording of the caveat in its transparency disclosure — where it talks about IP logging only occurring in “extreme criminal cases”.
-
@troed@swecyb.com @privateger@plasmatrap.com @Gina@fosstodon.org
https://web.archive.org/web/20210123101755/https://eprint.iacr.org/2018/1121.pdf
https://web.archive.org/web/20210907033657mp_/https://protonmail.com/blog/transparency-report/Upon receiving a judicial order, ProtonMail is obliged to provide any user information readily available that would help identify a user that is subject to a criminal investigation that has been validated by Swiss authorities. In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.
http://web.archive.org/web/20210907022818/https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/?guccounter=1So, in the specific case, it looks likely that ProtonMail was either under legal order to delay notification to the account holder — given what appears to be up to eight months between the logging being instigated and disclosure of it — or it had been provided with information by the Swiss authorities which led it to conclude that delaying notice was essential to avoid a risk of “injury, death, or irreparable damage” to a person or persons (NB: it is unclear what “irreparable damage” means in this context, and whether it could be interpreted figuratively — as ‘damage’ to a person’s/group’s interests, for example, such as to a criminal investigation, not solely bodily harm — which would make the policy considerably more expansive).
It’s that IP monitoring component which has caused such alarm among privacy advocates now — and no small criticism of Proton’s marketing claims as a ‘user privacy centric’ company.
It has faced particular criticism for marketing claims of providing “anonymous email” and for the wording of the caveat in its transparency disclosure — where it talks about IP logging only occurring in “extreme criminal cases”.
-
Absolutely everyone who has any knowledge about the Swiss legal system and Proton's ownership knows they by definition cannot be a "massive fed honeypot" - which were your words.
"bro"
@troed@swecyb.com @Gina@fosstodon.org Yeah, because no Swiss company has ever turned out to be a front.
Oh wait, Crypto AG. Whoops. How convenient too that Protons entire backend is fully closed source. -
@troed@swecyb.com @privateger@plasmatrap.com @Gina@fosstodon.org i feel like offering an anonymous mail platform and then handing le people's ip addresses is a bit sus.
-
@troed@swecyb.com @Gina@fosstodon.org Yeah, because no Swiss company has ever turned out to be a front.
Oh wait, Crypto AG. Whoops. How convenient too that Protons entire backend is fully closed source. -
If we're just throwing out random accusations I guess you're FBI? I mean. Persons have been, before.
@troed@swecyb.com @Gina@fosstodon.org Last I checked I don't offer an email service offering privacy guarantees you cannot possibly keep while being based in a nation that has an MLAT agreement with the US. But I see this is going nowhere, so I guess we'll disagree forever.
-
@troed@swecyb.com @privateger@plasmatrap.com @Gina@fosstodon.org i feel like offering an anonymous mail platform and then handing le people's ip addresses is a bit sus.
1) They have never claimed anonymity.
https://proton.me/blog/switzerland
2) Tell me more about how you run a company without obeying the laws in the jurisdiction where you are based. Please go into as many details as you wish.
-
@troed@swecyb.com @Gina@fosstodon.org Last I checked I don't offer an email service offering privacy guarantees you cannot possibly keep while being based in a nation that has an MLAT agreement with the US. But I see this is going nowhere, so I guess we'll disagree forever.
-
Nah, this is not disagreement. You're simply wrong on the facts and the "massive fed honeypot" statement was incredibly stupid and you got caught out.
Take it as a lessons learned.
@troed@swecyb.com @Gina@fosstodon.org
Uh-huh.
-
Well, this is unfortunate.
"Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the [US] government when asked. Proton hid them from their privacy policy."
#proton #protonmail #digitalsovereigty #opensource
https://www.sambent.com/proton-meet-isnt-what-they-told-you/
