HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cf_

no profile record

comments

cf_
·5 tahun yang lalu·discuss
I got you - I was just replying to kylehotchkiss. Either way, if the data is properly client-side encrypted, it shouldn't really matter much where the data is stored, since they would need access to your device to decrypt the data. So I don't see how this is an issue.

My expectation here would typically be that the company itself is governed by a stable, democratic government. It matters, because different legislations can impose different requirements (see recent changes in Australia for example).

Yes, banking secrecy has nothing to do with this and doesn't really apply, since that is more about someone not spilling your information, while here you already ensure on your device that the data is not visible to anyone.

I think you are right - it's a marketing element, but most companies do that, don't they? See for example Apple with "Designed in California", which is really just trying to not only say "Made in China". People have known associations with certain countries (such as Switzerland), which are used for marketing, yes.
cf_
·5 tahun yang lalu·discuss
What I don‘t understand is how they differentiate this sort of „insult“ from “satire”. There are some protections around artistic freedom and you should be allowed to make fun of someone. There was a well-known [“Böhmermann vs. Erdogan”](https://de.wikipedia.org/wiki/Böhmermann-Affäre) case, where more serious insults than “Pimmel” were used, but the prosecution was terminated - probably due to a huge amount of public pressure - but it’s still strange and feels arbitrary.
cf_
·5 tahun yang lalu·discuss
I assume what they mean is that - they might have to log connections to their service (like with ProtonMail), but they won't have to provide what data that user account has accessed through the service, same as they didn't provide the actual emails of the account in question, but "just" the connecting IP.
cf_
·5 tahun yang lalu·discuss
Well, yes and no. Currently, Swiss law doesn't support this and providing the IP is based on specific requirements for telecommunication providers as far as I know. But yes, the law could be changed. However, keep in mind that Switzerland is a direct democracy and people here frequently actually vote on such issues directly (if one can gather enough support from the public).
cf_
·5 tahun yang lalu·discuss
As far as I know Tresorit has actual offices and staff in Zurich, Switzerland. They also appeared clear to me in the past that they have multiple offices around the world (I listened to a presentation from them recently at a conference).
cf_
·5 tahun yang lalu·discuss
Ok, that‘s cool! But the client get‘s to download the encrypted master key without authentication, right? Doesn’t that enable easy offline attacks or is the decryption too time-consuming?
cf_
·5 tahun yang lalu·discuss
Well, depending on legislation, they could be ordered to change the code to send the user password to them on next login for that account and then decrypt everything…
cf_
·5 tahun yang lalu·discuss
Since it‘s a paid service with user accounts. You would be able to ban users that have been reported to use this service for illegal means. The same question can be asked to WhatsApp / iMessage / Signal / etc.
cf_
·5 tahun yang lalu·discuss
Looks great - congratulations! Could you please add if / how you store a hash of the user password of authentication - it‘s not discussed on the architecture page. Thank you.
cf_
·5 tahun yang lalu·discuss
Well, actually Singapore is listed as #2 in "Top Overworked Cities in the Ranking"