I got you - I was just replying to kylehotchkiss. Either way, if the data is properly client-side encrypted, it shouldn't really matter much where the data is stored, since they would need access to your device to decrypt the data. So I don't see how this is an issue.
My expectation here would typically be that the company itself is governed by a stable, democratic government. It matters, because different legislations can impose different requirements (see recent changes in Australia for example).
Yes, banking secrecy has nothing to do with this and doesn't really apply, since that is more about someone not spilling your information, while here you already ensure on your device that the data is not visible to anyone.
I think you are right - it's a marketing element, but most companies do that, don't they? See for example Apple with "Designed in California", which is really just trying to not only say "Made in China". People have known associations with certain countries (such as Switzerland), which are used for marketing, yes.
What I don‘t understand is how they differentiate this sort of „insult“ from “satire”. There are some protections around artistic freedom and you should be allowed to make fun of someone. There was a well-known [“Böhmermann vs. Erdogan”](https://de.wikipedia.org/wiki/Böhmermann-Affäre) case, where more serious insults than “Pimmel” were used, but the prosecution was terminated - probably due to a huge amount of public pressure - but it’s still strange and feels arbitrary.
I assume what they mean is that - they might have to log connections to their service (like with ProtonMail), but they won't have to provide what data that user account has accessed through the service, same as they didn't provide the actual emails of the account in question, but "just" the connecting IP.
Well, yes and no. Currently, Swiss law doesn't support this and providing the IP is based on specific requirements for telecommunication providers as far as I know. But yes, the law could be changed. However, keep in mind that Switzerland is a direct democracy and people here frequently actually vote on such issues directly (if one can gather enough support from the public).
As far as I know Tresorit has actual offices and staff in Zurich, Switzerland. They also appeared clear to me in the past that they have multiple offices around the world (I listened to a presentation from them recently at a conference).
Ok, that‘s cool! But the client get‘s to download the encrypted master key without authentication, right? Doesn’t that enable easy offline attacks or is the decryption too time-consuming?
Well, depending on legislation, they could be ordered to change the code to send the user password to them on next login for that account and then decrypt everything…
Since it‘s a paid service with user accounts. You would be able to ban users that have been reported to use this service for illegal means. The same question can be asked to WhatsApp / iMessage / Signal / etc.
Looks great - congratulations! Could you please add if / how you store a hash of the user password of authentication - it‘s not discussed on the architecture page. Thank you.
Yes, but I assume the rationale here is that they will only have to refund that month and can reset the clock for the next month. So if they have serious downtime it won't cost them for the full year - just for that one month.
Yes, the same could and has been said about YouTube-dl. It depends what you do with the tool. If you are using it to download videos that specifically allow this, then there is nothing illegal about it. It's the same thing with a hammer. You can use it for legal or illegal actions, but that doesn't make the hammer an illegal tool...
I really wish there was a third party - the customer - actually represented in this trial. Apple and Epic arguing over what is best for the customer, while clearly they are having their own interests in mind, screams for the actual customers to be represented.
The whole argument about them promoting an app „for free“ is a bit ridiculous. They clearly knew the amount of commission they were going to earn from pushing that app through their App Store - so please admit that you clearly didn‘t do this out of the good of your hearts.
The same goes for the portrayal of „look how much money they made through us“ - yes - and look at how much money they made you along the way. I mean if Epic made 600 million, than you made about 260 million - from the very same people that paid you for the hardware.
I think if the App Store is such a tremendous value, why don‘t you ask users to pay for access to that App Store directly. Let‘s see how valuable everybody thinks the App Store is when they actually have to pay an access fee directly to Apple.
True, you could stop using their products, but you could also argue that when you buy a product (and not a software license), you should be able to do what you like with that product. It should certainly be within the customers rights to use a physical product the best way they see fit and not the best way the manufacturer sees fit. I mean: I paid for it outright, I received what essentially is a computer by all means and now the manufacturer would like to continue having a say in how I can use it.
I‘ll admit that having the Apple iOS ecosystem is of certain value, but Apple doesn‘t even allow you to install your own OS. My point is that if I buy a hammer, should I be forced to use it only for hammering nails or could I use it for other things as well?
Can fully agree with this. Caprover has been a joy and makes it easy to run a small scale setup where you can deploy those service dependencies easily yourself without paying for a cloud provider for the hosted alternative.
My expectation here would typically be that the company itself is governed by a stable, democratic government. It matters, because different legislations can impose different requirements (see recent changes in Australia for example).
Yes, banking secrecy has nothing to do with this and doesn't really apply, since that is more about someone not spilling your information, while here you already ensure on your device that the data is not visible to anyone.
I think you are right - it's a marketing element, but most companies do that, don't they? See for example Apple with "Designed in California", which is really just trying to not only say "Made in China". People have known associations with certain countries (such as Switzerland), which are used for marketing, yes.