HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cf_

no profile record

comments

cf_
·5 jaar geleden·discuss
I got you - I was just replying to kylehotchkiss. Either way, if the data is properly client-side encrypted, it shouldn't really matter much where the data is stored, since they would need access to your device to decrypt the data. So I don't see how this is an issue.

My expectation here would typically be that the company itself is governed by a stable, democratic government. It matters, because different legislations can impose different requirements (see recent changes in Australia for example).

Yes, banking secrecy has nothing to do with this and doesn't really apply, since that is more about someone not spilling your information, while here you already ensure on your device that the data is not visible to anyone.

I think you are right - it's a marketing element, but most companies do that, don't they? See for example Apple with "Designed in California", which is really just trying to not only say "Made in China". People have known associations with certain countries (such as Switzerland), which are used for marketing, yes.
cf_
·5 jaar geleden·discuss
What I don‘t understand is how they differentiate this sort of „insult“ from “satire”. There are some protections around artistic freedom and you should be allowed to make fun of someone. There was a well-known [“Böhmermann vs. Erdogan”](https://de.wikipedia.org/wiki/Böhmermann-Affäre) case, where more serious insults than “Pimmel” were used, but the prosecution was terminated - probably due to a huge amount of public pressure - but it’s still strange and feels arbitrary.
cf_
·5 jaar geleden·discuss
I assume what they mean is that - they might have to log connections to their service (like with ProtonMail), but they won't have to provide what data that user account has accessed through the service, same as they didn't provide the actual emails of the account in question, but "just" the connecting IP.
cf_
·5 jaar geleden·discuss
Well, yes and no. Currently, Swiss law doesn't support this and providing the IP is based on specific requirements for telecommunication providers as far as I know. But yes, the law could be changed. However, keep in mind that Switzerland is a direct democracy and people here frequently actually vote on such issues directly (if one can gather enough support from the public).
cf_
·5 jaar geleden·discuss
As far as I know Tresorit has actual offices and staff in Zurich, Switzerland. They also appeared clear to me in the past that they have multiple offices around the world (I listened to a presentation from them recently at a conference).
cf_
·5 jaar geleden·discuss
Ok, that‘s cool! But the client get‘s to download the encrypted master key without authentication, right? Doesn’t that enable easy offline attacks or is the decryption too time-consuming?
cf_
·5 jaar geleden·discuss
Well, depending on legislation, they could be ordered to change the code to send the user password to them on next login for that account and then decrypt everything…
cf_
·5 jaar geleden·discuss
Since it‘s a paid service with user accounts. You would be able to ban users that have been reported to use this service for illegal means. The same question can be asked to WhatsApp / iMessage / Signal / etc.
cf_
·5 jaar geleden·discuss
Looks great - congratulations! Could you please add if / how you store a hash of the user password of authentication - it‘s not discussed on the architecture page. Thank you.
cf_
·5 jaar geleden·discuss
Well, actually Singapore is listed as #2 in "Top Overworked Cities in the Ranking"
cf_
·5 jaar geleden·discuss
Yes, but I assume the rationale here is that they will only have to refund that month and can reset the clock for the next month. So if they have serious downtime it won't cost them for the full year - just for that one month.
cf_
·6 jaar geleden·discuss
Yes, the same could and has been said about YouTube-dl. It depends what you do with the tool. If you are using it to download videos that specifically allow this, then there is nothing illegal about it. It's the same thing with a hammer. You can use it for legal or illegal actions, but that doesn't make the hammer an illegal tool...