Well, this is unfortunate.
-
@troed@swecyb.com @Gina@fosstodon.org
There is more than enough documentation on Proton sharing extensive metadata with authorities leading to arrests, multiple times. Do one search. At that point it doesn't matter whether you share message content, metadata is just as important.I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.
-
I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.
@troed@swecyb.com @Gina@fosstodon.org Okay bro. I'm sure you believe that.
-
@troed@swecyb.com @Gina@fosstodon.org Okay bro. I'm sure you believe that.
Absolutely everyone who has any knowledge about the Swiss legal system and Proton's ownership knows they by definition cannot be a "massive fed honeypot" - which were your words.
"bro"
-
I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.
@troed@swecyb.com @privateger@plasmatrap.com @Gina@fosstodon.org
https://web.archive.org/web/20210123101755/https://eprint.iacr.org/2018/1121.pdf
https://web.archive.org/web/20210907033657mp_/https://protonmail.com/blog/transparency-report/Upon receiving a judicial order, ProtonMail is obliged to provide any user information readily available that would help identify a user that is subject to a criminal investigation that has been validated by Swiss authorities. In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.
http://web.archive.org/web/20210907022818/https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/?guccounter=1So, in the specific case, it looks likely that ProtonMail was either under legal order to delay notification to the account holder — given what appears to be up to eight months between the logging being instigated and disclosure of it — or it had been provided with information by the Swiss authorities which led it to conclude that delaying notice was essential to avoid a risk of “injury, death, or irreparable damage” to a person or persons (NB: it is unclear what “irreparable damage” means in this context, and whether it could be interpreted figuratively — as ‘damage’ to a person’s/group’s interests, for example, such as to a criminal investigation, not solely bodily harm — which would make the policy considerably more expansive).
It’s that IP monitoring component which has caused such alarm among privacy advocates now — and no small criticism of Proton’s marketing claims as a ‘user privacy centric’ company.
It has faced particular criticism for marketing claims of providing “anonymous email” and for the wording of the caveat in its transparency disclosure — where it talks about IP logging only occurring in “extreme criminal cases”.
-
@troed@swecyb.com @privateger@plasmatrap.com @Gina@fosstodon.org
https://web.archive.org/web/20210123101755/https://eprint.iacr.org/2018/1121.pdf
https://web.archive.org/web/20210907033657mp_/https://protonmail.com/blog/transparency-report/Upon receiving a judicial order, ProtonMail is obliged to provide any user information readily available that would help identify a user that is subject to a criminal investigation that has been validated by Swiss authorities. In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.
http://web.archive.org/web/20210907022818/https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/?guccounter=1So, in the specific case, it looks likely that ProtonMail was either under legal order to delay notification to the account holder — given what appears to be up to eight months between the logging being instigated and disclosure of it — or it had been provided with information by the Swiss authorities which led it to conclude that delaying notice was essential to avoid a risk of “injury, death, or irreparable damage” to a person or persons (NB: it is unclear what “irreparable damage” means in this context, and whether it could be interpreted figuratively — as ‘damage’ to a person’s/group’s interests, for example, such as to a criminal investigation, not solely bodily harm — which would make the policy considerably more expansive).
It’s that IP monitoring component which has caused such alarm among privacy advocates now — and no small criticism of Proton’s marketing claims as a ‘user privacy centric’ company.
It has faced particular criticism for marketing claims of providing “anonymous email” and for the wording of the caveat in its transparency disclosure — where it talks about IP logging only occurring in “extreme criminal cases”.
-
Absolutely everyone who has any knowledge about the Swiss legal system and Proton's ownership knows they by definition cannot be a "massive fed honeypot" - which were your words.
"bro"
@troed@swecyb.com @Gina@fosstodon.org Yeah, because no Swiss company has ever turned out to be a front.
Oh wait, Crypto AG. Whoops. How convenient too that Protons entire backend is fully closed source. -
@troed@swecyb.com @privateger@plasmatrap.com @Gina@fosstodon.org i feel like offering an anonymous mail platform and then handing le people's ip addresses is a bit sus.
-
@troed@swecyb.com @Gina@fosstodon.org Yeah, because no Swiss company has ever turned out to be a front.
Oh wait, Crypto AG. Whoops. How convenient too that Protons entire backend is fully closed source. -
If we're just throwing out random accusations I guess you're FBI? I mean. Persons have been, before.
@troed@swecyb.com @Gina@fosstodon.org Last I checked I don't offer an email service offering privacy guarantees you cannot possibly keep while being based in a nation that has an MLAT agreement with the US. But I see this is going nowhere, so I guess we'll disagree forever.
-
@troed@swecyb.com @privateger@plasmatrap.com @Gina@fosstodon.org i feel like offering an anonymous mail platform and then handing le people's ip addresses is a bit sus.
1) They have never claimed anonymity.
https://proton.me/blog/switzerland
2) Tell me more about how you run a company without obeying the laws in the jurisdiction where you are based. Please go into as many details as you wish.
-
@troed@swecyb.com @Gina@fosstodon.org Last I checked I don't offer an email service offering privacy guarantees you cannot possibly keep while being based in a nation that has an MLAT agreement with the US. But I see this is going nowhere, so I guess we'll disagree forever.
-
Nah, this is not disagreement. You're simply wrong on the facts and the "massive fed honeypot" statement was incredibly stupid and you got caught out.
Take it as a lessons learned.
@troed@swecyb.com @Gina@fosstodon.org
Uh-huh.
-
Well, this is unfortunate.
"Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the [US] government when asked. Proton hid them from their privacy policy."
#proton #protonmail #digitalsovereigty #opensource
https://www.sambent.com/proton-meet-isnt-what-they-told-you/
-
Well, this is unfortunate.
"Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the [US] government when asked. Proton hid them from their privacy policy."
#proton #protonmail #digitalsovereigty #opensource
https://www.sambent.com/proton-meet-isnt-what-they-told-you/
-
@Gina @JakeKb where do you host your Jitsi server? Would it maybe be a cloud hosting provider who is also vulnerable to a subpoena? The way I read it is: video relays for P2P by video suck. I know this because I can consider myself lucky if I spin up a Jitsi and have it go without incident. I once tried the FSF Jitsi instance and it was down right broken.
-
M monkee@other.li shared this topic
