Clarifications regarding arrest of climate activist(protonmail.com)
protonmail.com
Clarifications regarding arrest of climate activist
https://protonmail.com/blog/climate-activist-arrest/
301 comments
I understand the points about having to comply with laws. But what is is unjustifiable is my view is that their marketing does not match the reality. They probably did some A/B testing and saw that keeping vague promises about not tracking users increases conversion rate. You, as an HN reader, being in the top 0.1% of the population in terms of tech-savviness, may be able to read through the nonsense and understand how little it means when they say "by default, we do not keep any IP logs". But the other 99.9% of the population won't understand it, and that's why their marketing strategy works: they are selling a level of privacy that does not exist to customers who do not know better without technically lying.
Their threat model and all threat scenarios should be front and centre on their front page and sign up page. That is if they care about user privacy not just the bottom line. They have a choice between better-informed customers or more money, and so far, they have chosen the latter.
What this and the new Apple debacle have proven to me is that privacy is not a product that can be purchased. If you want real privacy, you have spend a lot of time learning how to preserve your privacy. No matter what Apple and ProtonMail and similar companies tell you, you cannot buy privacy off-the-shelf.
Their threat model and all threat scenarios should be front and centre on their front page and sign up page. That is if they care about user privacy not just the bottom line. They have a choice between better-informed customers or more money, and so far, they have chosen the latter.
What this and the new Apple debacle have proven to me is that privacy is not a product that can be purchased. If you want real privacy, you have spend a lot of time learning how to preserve your privacy. No matter what Apple and ProtonMail and similar companies tell you, you cannot buy privacy off-the-shelf.
You can't buy immunity from the legal and law enforcement system, full stop. That's simply an unreasonable expectation.
What you can buy is various degrees and quality of sensible defaults and behaviours that serve your general interest in privacy and security. Privacy from casual snooping or commercial tracking, security from unsophisticated attacks or even sophisticated attacks if you're wiling to also sacrifice some convenience.
These are all worth having, and your choices of product and service provider can have a significant impact on them. I know little to nothing about ProtonMail but maybe they're a better bet than many other similar services, even if they're not perfect.
What you can buy is various degrees and quality of sensible defaults and behaviours that serve your general interest in privacy and security. Privacy from casual snooping or commercial tracking, security from unsophisticated attacks or even sophisticated attacks if you're wiling to also sacrifice some convenience.
These are all worth having, and your choices of product and service provider can have a significant impact on them. I know little to nothing about ProtonMail but maybe they're a better bet than many other similar services, even if they're not perfect.
Right but they could have said "we can be compelled to log IPs, you should use Tor if that's something you care about".
https://protonmail.com/blog/protonmail-threat-model/
> The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as ProtonMail can be legally compelled to log your IP address.
The "Threat Model" blog post is linked from their main site.
> The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as ProtonMail can be legally compelled to log your IP address.
The "Threat Model" blog post is linked from their main site.
Protonmail increasingly seems like one of those Tim Ferris type scams. The one where you build a nice solution and write a bunch of blog posts...
And then you just let it run for 10 years without doing any more work and it just rots away.
And then you just let it run for 10 years without doing any more work and it just rots away.
The do tell you this, up front, if you read.
Can you define what "up front" means to you in this example? Homepage, privacy policy, user agreement, tweets?
As posted elsewhere in another comment, https://protonmail.com/blog/protonmail-threat-model/
Not recommended
If you are attempting to leak state secrets (as was the case of Edward Snowden) or going up against a powerful state adversary, email may not be the most secure medium for communications. The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as ProtonMail can be legally compelled to log your IP address. A powerful state adversary will also be better positioned to launch one of the attacks described above against you, which may negate the privacy protection provided by ProtonMail. While we can offer more protection and security, we cannot guarantee your safety against a powerful adversary.
Not recommended
If you are attempting to leak state secrets (as was the case of Edward Snowden) or going up against a powerful state adversary, email may not be the most secure medium for communications. The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as ProtonMail can be legally compelled to log your IP address. A powerful state adversary will also be better positioned to launch one of the attacks described above against you, which may negate the privacy protection provided by ProtonMail. While we can offer more protection and security, we cannot guarantee your safety against a powerful adversary.
Buried in a blog post from May 19th, 2014 doesn't meet my definition of "up front".
in TFA they claim they did in 2014 and hint that it's a reason they provide an onion site
Yes, but expecting a prospective user to read all your blog posts back to 2014 to discover a line saying you can be compelled to identify them is hardly transparent.
I fail to see why it is their duty, or in their interest, to explain the nuances of Swiss court orders and extent of their powers in their marketing material.
If its something you care about, you should not be making your choices on the basis of marketing splashes and you should certainly not need your email provider to explain Tor to you.
If its something you care about, you should not be making your choices on the basis of marketing splashes and you should certainly not need your email provider to explain Tor to you.
This seems like a logical fallacy many Linux users seem to make.
I want the benefits without being a mechanic. And I'm willing to pay money for it. Lots of money.
I want the benefits without being a mechanic. And I'm willing to pay money for it. Lots of money.
Protonmail cannot, cannot protect you on their own from all privacy concerns, nor can they educate you in a frontpage splash.
Proper Opsec for dissidents requires multiple layers and technologies and simply cannot rely on a single vendor. Any proper company accepting credit card payments is going to be subject to court orders and there are limits to their ability to resist them.
Protonmail has taken extraordinary measures to limit their exposure to those risks but anyone who is assuming they can e.g. be an enviro-terrorist or CCP dissident and be safe solely because they use Protonmail is terribly naive and ignorant..
Proper Opsec for dissidents requires multiple layers and technologies and simply cannot rely on a single vendor. Any proper company accepting credit card payments is going to be subject to court orders and there are limits to their ability to resist them.
Protonmail has taken extraordinary measures to limit their exposure to those risks but anyone who is assuming they can e.g. be an enviro-terrorist or CCP dissident and be safe solely because they use Protonmail is terribly naive and ignorant..
[deleted]
> Right but they could have said "we can be compelled to log IPs, you should use Tor if that's something you care about".
ding ding ding. pin this comment.
ding ding ding. pin this comment.
Oh, but on the contrary. Money buys better lawyers, more time and more research capabilities so in essence you can reliably say, at least in the good ol' USA, that money can buy immunity. The same can be said in many other countries where the corruption of buying justice is more direct.
[deleted]
Hasnt the popularity of Signal been the result of their system literally not able to record IPs?
How do you think the Signal servers send data to your app if they don’t know, at least temporarily, the IP address of your device?
Whisper Systems say they don’t record/log that. But they are no more able to defy legal demands in their jurisdiction to do so than Proton Mail were.
Whisper Systems say they don’t record/log that. But they are no more able to defy legal demands in their jurisdiction to do so than Proton Mail were.
you should read about standard intelligence operations and how underground resistance organizations have historically operated ie. French resistance in Nazi-Occupied France, etc. for a case study in covert comms.
the key you pointed to tho was regarding convenience. simple fact is that most of the usability desired in consumer email is not compatible with the practical design principles of covert communications.
the key you pointed to tho was regarding convenience. simple fact is that most of the usability desired in consumer email is not compatible with the practical design principles of covert communications.
Yeah, this debacle will probably help them find a better wording of their guarantees.
They do explain the threat model quite well but the information is scattered around (e.g. https://protonmail.com/blog/protonmail-threat-model/) and this matters in an era where the attention span of people is very short.
They do explain the threat model quite well but the information is scattered around (e.g. https://protonmail.com/blog/protonmail-threat-model/) and this matters in an era where the attention span of people is very short.
That threat model post is really good. I have a pet saw that is: for security companies, the threat model is the product.
There might be a few things I would add to that post, but really, it's a very sound approach.
"No matter what Apple and ProtoMail and similar companies tell you, you cannot buy privacy off-the-shelf."
The cost is personal time and effort, not money. The software needed is generally free of charge. The goal being not a physical product or a service, but a level of knowledge and proficiency. To put it another way, "tech-savviness" cannot be purchased, it has to be achieved.
The cultural problem we face is that the so-called "0.1%" are leveraging their "tech-savviness" against the rest of the population, working for so-called "tech" companies, websites that make money by exploiting the privacy of the "99.9%" in the service of online advertising.
If we take HN comments as true, in some cases, these employees do not even believe in the bottom line they are working to support.1 They are not adopting the behaviour of the "99.9%", i.e., the "expected" behaviour required to sustain their employer's bottom line. Not sure about you, but that would not give me much confidence they are going to work very hard to protect other users' privacy.
The term "dogfooding" is sometimes used amongst tech companies to describe the situation where employees themselves partake in what they offer to non-employees, i.e., "users".2 To persons outside the tech bubble this can be quite amusing. Does this suggest they view their relationship to users as more like "human-to-dog" than "human-to-human". There is nothing inherently wrong with someone peddling something she does not believe in, however we might consider what is/are the reason(s) for her lack of faith.
To be clear, I am not suggesting the cultural problem can be solved. I am attempting to provide further reasons that digital privacy is, like the parent suggested, generally not something you can "buy".
1 Evidence appears periodically in HN comments. For example, yesterday: "Disclaimer: I work at Google. In cloud, not on Android. I am privacy conscious so I though I would give a try at Graphene OS, it was brutal."
2 The term is alleged to have first appeared one the joelonsoftware.com website and to have originated at Microsoft.
The cost is personal time and effort, not money. The software needed is generally free of charge. The goal being not a physical product or a service, but a level of knowledge and proficiency. To put it another way, "tech-savviness" cannot be purchased, it has to be achieved.
The cultural problem we face is that the so-called "0.1%" are leveraging their "tech-savviness" against the rest of the population, working for so-called "tech" companies, websites that make money by exploiting the privacy of the "99.9%" in the service of online advertising.
If we take HN comments as true, in some cases, these employees do not even believe in the bottom line they are working to support.1 They are not adopting the behaviour of the "99.9%", i.e., the "expected" behaviour required to sustain their employer's bottom line. Not sure about you, but that would not give me much confidence they are going to work very hard to protect other users' privacy.
The term "dogfooding" is sometimes used amongst tech companies to describe the situation where employees themselves partake in what they offer to non-employees, i.e., "users".2 To persons outside the tech bubble this can be quite amusing. Does this suggest they view their relationship to users as more like "human-to-dog" than "human-to-human". There is nothing inherently wrong with someone peddling something she does not believe in, however we might consider what is/are the reason(s) for her lack of faith.
To be clear, I am not suggesting the cultural problem can be solved. I am attempting to provide further reasons that digital privacy is, like the parent suggested, generally not something you can "buy".
1 Evidence appears periodically in HN comments. For example, yesterday: "Disclaimer: I work at Google. In cloud, not on Android. I am privacy conscious so I though I would give a try at Graphene OS, it was brutal."
2 The term is alleged to have first appeared one the joelonsoftware.com website and to have originated at Microsoft.
"Dogfooding" is the tech industry variant of a much older principle. The original expression "Eating your own dogfood" goes back further having been adopted, and shortened into "dogfooding". While its easy to see it implying a second class "dogfood" that the end users have to put up with, it actually stems from the opposite, that the product is good enough they feed it to their own dogs, or in one telling, willingly eat it themselves as a human. https://en.wikipedia.org/wiki/Eating_your_own_dog_food
[deleted]
> No matter what Apple and ProtonMail and similar companies tell you, you cannot buy privacy off-the-shelf.
You can. It's just not that cheap, and not quite as convenient.
https://thehelm.com/
You can. It's just not that cheap, and not quite as convenient.
https://thehelm.com/
Oh neat, I haven't seen this before. Can you explain more for the rest of us? I saw it can be a personal email server - but then it started talking about storing everything for me and I lost a bit of interest as that sounds like it's trying to do everything.
edit: for those curious, discussion on HN 3 years ago https://news.ycombinator.com/item?id=18238581
edit: for those curious, discussion on HN 3 years ago https://news.ycombinator.com/item?id=18238581
Thought ArsTechnica's review from 2018 was pretty good: https://arstechnica.com/gadgets/2018/12/review-helm-personal...
There was another discussion more recently:
https://news.ycombinator.com/item?id=28350466
https://news.ycombinator.com/item?id=28350466
You may not have given it much thought before, but the idea (in your head, let's say) that Protonmail keeps no logs and thus completely protects you from ip-address discovery by law enforcement would imply that one could freely solicit and exchange unencrypted child pornography with strangers with no fear of detection.
I'm not saying "think of the children", I'm saying "think of law enforcement and the judicial system"
thinking about it now in retrospect, do you think that really could have been a possibility? I don't.
I'm not saying "think of the children", I'm saying "think of law enforcement and the judicial system"
thinking about it now in retrospect, do you think that really could have been a possibility? I don't.
This seems like a scapegoat argument
I don't read it that way. More like, "keep this extreme example in mind, and see if you still expect the guarantees to hold up".
If you don't, then they won't either for whatever activities you're doing, that aren't as reprehensible as CSAM, but some government may think otherwise.
It's kind of depressing reasoning maybe. But if a privacy-preserving system is actually that, then even the most technically-savvy terrorists and child abusers should have no qualms about using it as well.
If you don't, then they won't either for whatever activities you're doing, that aren't as reprehensible as CSAM, but some government may think otherwise.
It's kind of depressing reasoning maybe. But if a privacy-preserving system is actually that, then even the most technically-savvy terrorists and child abusers should have no qualms about using it as well.
on the wall at your dry cleaner is a sign, "we are not responsible if your clothing gets ruined" and there's a sign at the parking garage, "we are not responsible if your car gets damaged".
But, you have the right to expect that the dry cleaner and parking garage will take reasonable care with your belongings and will not act in ways that are negligent, the signs they put up notwithstanding.
There's no scapegoating, it's a question of what should a reasonable person expect from a transaction. Protonmail said they don't keep logs by default and that they also need to respect court orders.
But, you have the right to expect that the dry cleaner and parking garage will take reasonable care with your belongings and will not act in ways that are negligent, the signs they put up notwithstanding.
There's no scapegoating, it's a question of what should a reasonable person expect from a transaction. Protonmail said they don't keep logs by default and that they also need to respect court orders.
Would be curious to see a diff of Proton's privacy policy over the next few weeks.
> thinking about it now in retrospect, do you think that really could have been a possibility?
The only thing I am saying is that if real privacy is not a possibility (and it may very well not be), they shouldn't pretend they are selling real privacy. I am not saying they should find a way to do the impossible and legally avoid laws. I am saying they should not pretend their service is any more private than it actually is.
Think of it this way: imagine someone starts advertising a magic potion that stops aging. People buy it, but they predictably continue to age and die. If someone starts protesting, we shouldn't say "what are you complaining about? what do you want the seller to do? break the laws of nature? that's ridiculous." We should say, "we really should stop that guy from making baseless promises about his potions".
The only thing I am saying is that if real privacy is not a possibility (and it may very well not be), they shouldn't pretend they are selling real privacy. I am not saying they should find a way to do the impossible and legally avoid laws. I am saying they should not pretend their service is any more private than it actually is.
Think of it this way: imagine someone starts advertising a magic potion that stops aging. People buy it, but they predictably continue to age and die. If someone starts protesting, we shouldn't say "what are you complaining about? what do you want the seller to do? break the laws of nature? that's ridiculous." We should say, "we really should stop that guy from making baseless promises about his potions".
if they are making a good faith effort to give all the real privacy you can expect, I don't think they have a particular duty to water down their marketing messages by going into distracting detail that criminals shouldn't have the same expectations. They did disclose within their terms that they don't by default keep logs, and they do need to comply with court orders.
Assuming people who really use their services are criminals is like assuming someone who cares about a car's details is an illegal street racer.
I use Protonmail to provide tools for journalists, teachers, and whistleblowers, and people who are in danger from folks who mark them "criminals".
I use Protonmail to provide tools for journalists, teachers, and whistleblowers, and people who are in danger from folks who mark them "criminals".
You need to think bigger. How could Protonmail make the world a better place in this regard? Promote Tor to users through its blog? Report on Tor usage stats? Enable account creation through Tor without requiring a cell phone?
All of the above and more.
All of the above and more.
While you're probably right that this would not be allowed, I fail to understand why so many people thinktthis is normal. The postal system can't open your letters to check if there's CP in them, so it used to be that you could send CP over the mail between PO boxes and feel safe. Yet having untraceable communication over the internet is considered unthibkable for some reason.
> The postal system can't open your letters to check if there's CP in them, so it used to be that you could send CP over the mail between PO boxes and feel safe.
Wat? You better stop sending anything incriminating via the mail, they totally can and will open your letters if there's a court order.
Wat? You better stop sending anything incriminating via the mail, they totally can and will open your letters if there's a court order.
If there's a court order. With digital data, companies are forced to scan my data in their storage to see if it's copyright infringing or CP or others.
And to be clear, I don't think people have any kind of right to create, disseminate, or even view CP. But that doesn't mean that any guarantees to data privacy should be thrown away.
And to be clear, I don't think people have any kind of right to create, disseminate, or even view CP. But that doesn't mean that any guarantees to data privacy should be thrown away.
> With digital data, companies are forced to scan my data in their storage to see if it's copyright infringing or CP or others.
I don't think they are. What Apple & friends are doing is voluntarily. There's no requirement for e.g. your webhoster do scan your data, or your email provider to scan your emails. Case in point: ProtonMail doesn't, and they're not violating the law by not doing so.
I don't think they are. What Apple & friends are doing is voluntarily. There's no requirement for e.g. your webhoster do scan your data, or your email provider to scan your emails. Case in point: ProtonMail doesn't, and they're not violating the law by not doing so.
In this case law enforcement know who they were after, in that situation they would also have been able to intercept physical mail.
True, I was thinking more of the requirement on cloud providers to scan data proactively.
Many countries actually have laws that say you HAVE to log.
You may not have given it much thought before, but the idea (in your head, let's say) that Protonmail keeps no logs and thus completely protects you from ip-address discovery by law enforcement would imply that one could freely solicit and exchange infornation about climate activism with strangers with no fear of detection.
I'm not saying "think of the climate", I'm saying "think of law enforcement and the judicial system"
thhinking about it now in retrospect, do you think that really could have been a possibility? I don't.
I'm not saying "think of the climate", I'm saying "think of law enforcement and the judicial system"
thhinking about it now in retrospect, do you think that really could have been a possibility? I don't.
By default they don’t have logging on. Does not mean they can’t turn it on if asked.
You can’t have privacy; you need to be actively participating in our society or you’re dead. As soon as you try to build it you’ll realize it’s a full time job and you won’t be able to afford to eat on what it pays.
Only 5% of people in the US still hunt. We are coupled to the modern systems we have (unless MIT is right and it falls apart soon).
You want privacy, go off grid. Those of us living on grid will be sure to leave you be and keep everything we build for ourselves.
None of us explicitly cheered on the end of privacy but we did cheer on the engineering effort that made it happen. Despite numerous voices warning us.
Ciao.
You can’t have privacy; you need to be actively participating in our society or you’re dead. As soon as you try to build it you’ll realize it’s a full time job and you won’t be able to afford to eat on what it pays.
Only 5% of people in the US still hunt. We are coupled to the modern systems we have (unless MIT is right and it falls apart soon).
You want privacy, go off grid. Those of us living on grid will be sure to leave you be and keep everything we build for ourselves.
None of us explicitly cheered on the end of privacy but we did cheer on the engineering effort that made it happen. Despite numerous voices warning us.
Ciao.
I wonder if the future of a company like Protonmail is that it has to be open source. Almost like simply an API, no privacy statement, no marketing, just a smart contract. More like UniSwap.
How do you do emails on a blockchain? Is that another of those scenarios where "it will work when everybody will switch to the chain" ?
The naive way would just be to send a transaction to the recipient’s wallet address (or more practically, their ENS name) where the transaction payload is an encrypted text message.
As you point out, that requires both parties be on the blockchain. If you want to send/receive off-chain, you would probably just set up a trusted relay. e.g. send an ethereum tx to emailrelay.eth and it would forward it over the SMTP system. Send an email from a SMTP client to [email protected] and it’ll do the reverse. This implementation would have the relay see all your plaintext messages. Not much different from how centralized email services like gmail operate, in practice.
There’s nothing that makes any of this technically infeasible to a knowledgeable dev today — maybe it even already exists (ethmail.cc shows there’s at least interest in it). Transaction fees kill this from a practicality point of view. Probably you want to roll this out on a layer 2 network, and those are still pretty new things.
As you point out, that requires both parties be on the blockchain. If you want to send/receive off-chain, you would probably just set up a trusted relay. e.g. send an ethereum tx to emailrelay.eth and it would forward it over the SMTP system. Send an email from a SMTP client to [email protected] and it’ll do the reverse. This implementation would have the relay see all your plaintext messages. Not much different from how centralized email services like gmail operate, in practice.
There’s nothing that makes any of this technically infeasible to a knowledgeable dev today — maybe it even already exists (ethmail.cc shows there’s at least interest in it). Transaction fees kill this from a practicality point of view. Probably you want to roll this out on a layer 2 network, and those are still pretty new things.
Submit encrypted message to sufficiently large and stable data processor (bitcoin blockchain, hackernews, reddit, ...).
Provide pointer to message via side channel to recipient.
Done.
Now, that has OTHEHR problems. So, as anything but a napkin sketch, don't take it too seriously.
Provide pointer to message via side channel to recipient.
Done.
Now, that has OTHEHR problems. So, as anything but a napkin sketch, don't take it too seriously.
Oh neat wasn't aware of ethmail.cc will check it out
> Transaction fees kill this from a practicality point
That depends on the amount. If it's small it could be a feature.
That depends on the amount. If it's small it could be a feature.
[deleted]
Who pays the servers then?
The users. Who else?
An intelligence agency such as the CIA
They claim to have exceptionally good Tor support, when in reality people have (rightly) been screaming at them for years now to fix their permabroken Tor signup flow.
1. It's impossible to create a paid account with cryptocurrency: You can only use it to pay for an existing account
2. It's impossible to anonymously create any account over Tor: You have to at least pass SMS / secondary email verification, and it better not be an easy to get address ("Email verification temporarily disabled for this email domain" etc.)
Lots of marketing and boxticking (.onion: check), but it looks curiously hostile to anonymity if you actually try to use it.
1. It's impossible to create a paid account with cryptocurrency: You can only use it to pay for an existing account
2. It's impossible to anonymously create any account over Tor: You have to at least pass SMS / secondary email verification, and it better not be an easy to get address ("Email verification temporarily disabled for this email domain" etc.)
Lots of marketing and boxticking (.onion: check), but it looks curiously hostile to anonymity if you actually try to use it.
They are an email provider. Providing true anonymity leads to spam abuse. Spam abuse leads to blacklisting. And blacklisting leads to bankruptcy. Not sure what people expect.
> Not sure what people expect.
Transparency as the bare minimum? We are talking about a service that you expect to handle some sensitive information, you expect them to be transparent on what they do. If they block account creation over TOR because of spam issues, then that's should be said clearly on their platform.
OP is not only complaining about free account, they are also mentioning paid account, which has a 1k message per day limit. No spammer is going to pay 5 euros to send 30k message in a month, that just not worth it. So there's no reason to block paid account too.
Transparency as the bare minimum? We are talking about a service that you expect to handle some sensitive information, you expect them to be transparent on what they do. If they block account creation over TOR because of spam issues, then that's should be said clearly on their platform.
OP is not only complaining about free account, they are also mentioning paid account, which has a 1k message per day limit. No spammer is going to pay 5 euros to send 30k message in a month, that just not worth it. So there's no reason to block paid account too.
$48/year per address is an expensive way to spam.
Yes it's time Protonmail got rid of free accounts. Or disable free accounts so they can't send more than 10 emails a day.
This isn't rocket science, Protonmail. You make it look hard. I'll take my money elsewhere (open to suggestions here).
This isn't rocket science, Protonmail. You make it look hard. I'll take my money elsewhere (open to suggestions here).
> I'll take my money elsewhere.
Feel free to report where. Something tells me it ain't that easy to find a decent alternative.
Feel free to report where. Something tells me it ain't that easy to find a decent alternative.
Edited to say I'm open to suggestions here. Given that Protonmail dropped the ball for $60/year, apparently that's not enough to keep them focused. I'm prepared to pay $100/year for email now.
Any service that won't comply with local authorities risks getting shut down at any moment.
That said, I do have a country perfect for this - lax law enforcement, outside EU but bordering it, no US, Chinese or Russian affiliation, either, very reliable high speed Internet and cheap electricity.
Something tells me as soon as most people see the name, they will refuse to sign up.
That said, I do have a country perfect for this - lax law enforcement, outside EU but bordering it, no US, Chinese or Russian affiliation, either, very reliable high speed Internet and cheap electricity.
Something tells me as soon as most people see the name, they will refuse to sign up.
What about what I said suggests anything about not complying with the law? All my suggestions to Protonmail were around transparency and user education. They can host it in China if that's the case for all I care. In the modern age, every state is an adversary.
> Something tells me as soon as most people see the name, they will refuse to sign up.
Wouldn't even need to see the name to refuse to sign up. Assuming it's not Switzerland, all the other options seem bad.
Wouldn't even need to see the name to refuse to sign up. Assuming it's not Switzerland, all the other options seem bad.
Turkey?
Go check ctemplar, it is not without faults, but it seems to be that, or set up your own lavabit/tutanota server
Appreciate the suggestion. Solutions like this also caught my interest:
https://thehelm.com
(hn discussion from last week: https://news.ycombinator.com/item?id=28350466
from years ago: https://news.ycombinator.com/item?id=18238581)
(hn discussion from last week: https://news.ycombinator.com/item?id=28350466
from years ago: https://news.ycombinator.com/item?id=18238581)
I don't understand why spammers can't be fully stopped via built-in methods that prevent say, mass emails to more than a certain number of independent contacts upon account creation, for the first month maybe of service.
Why give up on this point? There's nothing that says true anonymity has to lead to spam. Spammers have the limit that they have to spam to , presumably make money, since they go via the 1000 tries and only needing one hit to win. They have a weakness. users and activists dont have this weakness really.
Why give up on this point? There's nothing that says true anonymity has to lead to spam. Spammers have the limit that they have to spam to , presumably make money, since they go via the 1000 tries and only needing one hit to win. They have a weakness. users and activists dont have this weakness really.
> for the first month maybe of service.
They probably have that, but spammers can wait. They have the time and money(!) to figure these limits out.
> There's nothing that says true anonymity has to lead to spam.
Lack of burdens against abuse does say that it leads to abuse.
They probably have that, but spammers can wait. They have the time and money(!) to figure these limits out.
> There's nothing that says true anonymity has to lead to spam.
Lack of burdens against abuse does say that it leads to abuse.
Figure out how to solve it. People need to be able to create accounts through Tor.
Otherwise I'll just use Gmail it's free.
Otherwise I'll just use Gmail it's free.
> I'll just use Gmail it's free.
So that is your alternative... Not sure what your threat model was.
So that is your alternative... Not sure what your threat model was.
My threat model is an un-educated population of people who don't value privacy or care about surveillance. I'll put up with shitty tools in the mean time but can only support those who are building a better future.
I would switch to Gmail and donate my $50/year to EFF.
I would switch to Gmail and donate my $50/year to EFF.
How does using Gmail help to address the threat of people who don't value privacy? It seems to be joining them.
Disclaimer: Paying Protonmail customer
Proton's first and last blog post about Tor was in 2017. [1]
The CEO today claimed to be a leader with Tor simply because they have a Tor site up.
This is 2021, not 2017. I expect better.
[1] https://protonmail.com/blog/tor-encrypted-email/
Proton's first and last blog post about Tor was in 2017. [1]
The CEO today claimed to be a leader with Tor simply because they have a Tor site up.
This is 2021, not 2017. I expect better.
[1] https://protonmail.com/blog/tor-encrypted-email/
and, the onion address is for their old service. They haven't redirected it to their new updated service, or published another onion address for their new service.
Link back to thread about this in the earlier protonmail story: https://news.ycombinator.com/item?id=28429582
Link back to thread about this in the earlier protonmail story: https://news.ycombinator.com/item?id=28429582
> Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.
This is false.
Each time you visit protonmail you re-download (cache can be invalidated) their client. It would be trivial for them to serve a specific user a modified client which uploads their encryption keys.
This problem is not specific to protonmail, any service which contends to be secure with respect to some server (the protocol relies on the client to decrypt stuff the server cannot) can be compromised this way because of implicit trust in the client software which can be modified at any time with no notice - making any auditing entirely meaningless in the case of targeted attacks.
This problem should perhaps be addressed by browsers since it seems they are becoming pseudo operating systems.
This is false.
Each time you visit protonmail you re-download (cache can be invalidated) their client. It would be trivial for them to serve a specific user a modified client which uploads their encryption keys.
This problem is not specific to protonmail, any service which contends to be secure with respect to some server (the protocol relies on the client to decrypt stuff the server cannot) can be compromised this way because of implicit trust in the client software which can be modified at any time with no notice - making any auditing entirely meaningless in the case of targeted attacks.
This problem should perhaps be addressed by browsers since it seems they are becoming pseudo operating systems.
Not only that, but it's very unfortunately worded. There's a missing "contents of emails, attachments, calendars, files, etc. cannot be compromised by legal orders", since I assume there is vital metadata that still can be compromised.
> Each time you visit protonmail you re-download (cache can be invalidated) their client
What about their app? They'd have to push a malicious update through the Play Store or Apple's Store to target someone, which is very unlikely.
What about their app? They'd have to push a malicious update through the Play Store or Apple's Store to target someone, which is very unlikely.
They say "cannot be compromised by legal orders" and they say they are bound by and only by swiss laws.
Maybe what they mean is that the swiss authorities have no legal basis on which to force them to serve a modified, backdoored, client like the one you're talking about.
Maybe what they mean is that the swiss authorities have no legal basis on which to force them to serve a modified, backdoored, client like the one you're talking about.
Their marketing copy still says "Anonymous. Opt out of tracking or logging of personally identifiable information".
And "Unlike competing email services, we do not track you."
Nowhere does it say "Unless your government asks the Swiss government then we'll capture, log and report every IP address you use".
Source: https://protonmail.com/security-details
Screenshot: https://imgur.com/a/gfUcYme
And this marketing copy was rewritten after this incident.
Before this incident it didn't say "opt out of tracking". How does one "opt out", by using Tor?
It used to say, in bold print, "No tracking or logging of personally identifiable information".
No weasel words about requiring the user to take some unspecified action to "opt out". No asterisks or caveats or warnings of any kind.
It also used to explicitly promise: "we do not record metadata such as the IP addresses used to log into accounts".
Now that part is mysteriously gone.
Pretty shitty to quietly flush this down the memory hole, then pretend nothing's changed, blaming and gaslighting users for not understanding.
Source: https://web.archive.org/web/20210607023937/https://protonmai...
Screenshot: https://imgur.com/a/R1muChN
And "Unlike competing email services, we do not track you."
Nowhere does it say "Unless your government asks the Swiss government then we'll capture, log and report every IP address you use".
Source: https://protonmail.com/security-details
Screenshot: https://imgur.com/a/gfUcYme
And this marketing copy was rewritten after this incident.
Before this incident it didn't say "opt out of tracking". How does one "opt out", by using Tor?
It used to say, in bold print, "No tracking or logging of personally identifiable information".
No weasel words about requiring the user to take some unspecified action to "opt out". No asterisks or caveats or warnings of any kind.
It also used to explicitly promise: "we do not record metadata such as the IP addresses used to log into accounts".
Now that part is mysteriously gone.
Pretty shitty to quietly flush this down the memory hole, then pretend nothing's changed, blaming and gaslighting users for not understanding.
Source: https://web.archive.org/web/20210607023937/https://protonmai...
Screenshot: https://imgur.com/a/R1muChN
Appreciate the analysis!
I think PM's approach is more lipstick on a pig. It may be a good looking pig compared to the other pigs (gmail), but it is still a pig. Blue ribbon pigs are still a pig.
Am expecting some real change if PM wants my $.
I think PM's approach is more lipstick on a pig. It may be a good looking pig compared to the other pigs (gmail), but it is still a pig. Blue ribbon pigs are still a pig.
Am expecting some real change if PM wants my $.
This point is weird. No reasonable person would understand that sentence to include "and we won't even comply with court orders".
Seems reasonable to understand "no tracking or logging" to mean that in the event of a government demand to produce records, they could honestly reply that no records exist.
Other email providers keep logs that they provide to governments when there's a legal order.
What's the point of bragging about "no tracking or logging" if you're just going to track and log like every other email provider if the government asks for it?
Other email providers keep logs that they provide to governments when there's a legal order.
What's the point of bragging about "no tracking or logging" if you're just going to track and log like every other email provider if the government asks for it?
>Seems reasonable to understand "no tracking or logging" to mean that in the event of a government demand to produce records, they could honestly reply that no records exist.
No one with the least understanding of the internet could suppose that Protonmail could not be forced to provide the IP address associated with a user's login, which I assume is what happened here.
No one with the least understanding of the internet could suppose that Protonmail could not be forced to provide the IP address associated with a user's login, which I assume is what happened here.
They did promise that, though. One lie leads to infinite more.
> Seems reasonable to understand "no tracking or logging" to mean that in the event of a government demand to produce records, they could honestly reply that no records exist.
And they would. They don't keep those records. However, when a government agency shows up with a court order that states they have to cooperate and provide those records going forward they must comply.
> What's the point of bragging about "no tracking or logging" if you're just going to track and log like every other email provider if the government asks for it?
Again: a reasonable person would not assume that their email provider is a criminal enterprise that does not comply with the law.
And they would. They don't keep those records. However, when a government agency shows up with a court order that states they have to cooperate and provide those records going forward they must comply.
> What's the point of bragging about "no tracking or logging" if you're just going to track and log like every other email provider if the government asks for it?
Again: a reasonable person would not assume that their email provider is a criminal enterprise that does not comply with the law.
I would not be surprised if Swiss intelligence agency does have the legal power to hack whomever they want.
The idea that someone can just pay €60 per year and expect to be safe from State prosecution seems so naive.
The idea that someone can just pay €60 per year and expect to be safe from State prosecution seems so naive.
FootballMuse(1)
Good idea for a browser addon to check for that.
There is actually one: https://www.mailvelope.com/en/ (works on gpg encrypted mails, and handles decryption / encryption entirely on the client side)
There's no design of browser add-on that could check for that. They update it every so often as it is, and they could serve the modified version to everybody, but it only does the modified behaviour for some people.
The browser add-on that comes closest is Signed Page[0], and in theory it could provide TOFU level security by requiring the user to opt in to new versions. For unclear reasons, though, the devs seem to be against implementing that.[1]
Any system for protecting against backdoors assumes that someone is auditing the code to check for user-specific code paths, so the only extra layer of security to add is some sort of Binary Transparency. A good example of that is Sigstore, which is being experimentally integrated with the Arch Linux package ecosystem.[2]
[0] https://github.com/tasn/webext-signed-pages
[1] https://github.com/tasn/webext-signed-pages/issues/13
[2] https://github.com/kpcyrd/pacman-bintrans
Any system for protecting against backdoors assumes that someone is auditing the code to check for user-specific code paths, so the only extra layer of security to add is some sort of Binary Transparency. A good example of that is Sigstore, which is being experimentally integrated with the Arch Linux package ecosystem.[2]
[0] https://github.com/tasn/webext-signed-pages
[1] https://github.com/tasn/webext-signed-pages/issues/13
[2] https://github.com/kpcyrd/pacman-bintrans
[deleted]
[deleted]
They could just not encrypt future emails. Wouldn't help where they've already discarded the plaintext, but newer emails are usually more useful anyway.
You can use ProtonMail Bridge with your own mail client to remove the dependency on the ever-changing webapp. I'm not sure if it's possible to build Bridge from source instead of blindly trusting the binaries they offer, though.
You also can't use your own mailbox keys loaded into bridge - the only mailbox keys that can be used seem to be generated inside their app (which from a security standpoint is the same as generated on their server).
when you do, be aware that locally encrypting mail and sending it over the bridge will not work.
And that the bridge exposes your IP address if you aren't using Tor.
This isn't a complaint, it should be pretty obvious. Though it'd be neat if they integrated Tor into the Bridge such that they cannot tell where the connection is coming from, that would be cool.
Not that this is really part of my threat model anyway, I don't expect protonmail to be anonymous, merely more private in certain situations.
I posted this as an idea if anyone wants to vote it up, they seem to be pretty responsive to end users compared to other services (at least the paying ones).
https://protonmail.uservoice.com/forums/284483-protonmail/su...
This isn't a complaint, it should be pretty obvious. Though it'd be neat if they integrated Tor into the Bridge such that they cannot tell where the connection is coming from, that would be cool.
Not that this is really part of my threat model anyway, I don't expect protonmail to be anonymous, merely more private in certain situations.
I posted this as an idea if anyone wants to vote it up, they seem to be pretty responsive to end users compared to other services (at least the paying ones).
https://protonmail.uservoice.com/forums/284483-protonmail/su...
One possible mitigation to this would be to let customers deploy ProtonMail's open-source client [0] themselves to wherever (as one example, this is something that TermPair implements [1]).
[0] https://github.com/ProtonMail/WebClients
[1] https://github.com/cs01/termpair/#static-hosting
[0] https://github.com/ProtonMail/WebClients
[1] https://github.com/cs01/termpair/#static-hosting
Another possible mitigation is SecureBookmarks[0] which uses SRI integrity hashes and Data URLs to ensure that you always get the same web app.
At worst, this means the security level fits the TOFU model (Trust On First Use), which is better than the default BEEF model, which stands for "Beware Each and Every Fetch".
[0] https://coins.github.io/secure-bookmark/
At worst, this means the security level fits the TOFU model (Trust On First Use), which is better than the default BEEF model, which stands for "Beware Each and Every Fetch".
[0] https://coins.github.io/secure-bookmark/
Thanks for this. I've been toying with this idea myself in the context of Signal's refusal to implement a web client, due to web clients missing TOFU. Glad to see it's not as crazy of an idea as I felt it was.
I wonder why this topic seems so unpopular. Nobody cares that currently it is impossible to make a secure web app?
From your other comments I also found webext-signed-pages, and the issue asking if they could make it secure, and I'm amazed that they dismissed it. In their readme they claim to protect against malicious and compromised servers, but in reality they don't, so what is the point..?
I wonder why this topic seems so unpopular. Nobody cares that currently it is impossible to make a secure web app?
From your other comments I also found webext-signed-pages, and the issue asking if they could make it secure, and I'm amazed that they dismissed it. In their readme they claim to protect against malicious and compromised servers, but in reality they don't, so what is the point..?
People do care, but it's a hard problem to solve well without the help of browser makers. I don't know why Mozilla aren't trying to move the web forward in this way, but the usual argument is that browsers shouldn't implement features that web developers aren't going to use, which causes a bit of a chicken and egg problem.
The main disadvantages of SecureBookmarks are that the address bar contains the Data URL (rather than a trusted domain, with a padlock) and it is difficult to upgrade a bookmark. Technically, though, it should be possible for the server to keep a record of the latest version the user has opted in to, and that value could be signed by the user's password which the server never sees. That way only the initial web app bootstrapping code is not upgradeable.
I agree that the response from the Signed Pages devs has been disappointing, but for balance I should say that their claim seems to be that protecting against downgrades would necessarily prevent gradual deployments of complex web apps. I'm not convinced about that, but haven't looked deeply into the technological limitations. In any case, the lack of downgrade protection doesn't make the extension useless, since it improves the security of web apps from having to trust an online TLS key to trusting an offline PGP key.
The main disadvantages of SecureBookmarks are that the address bar contains the Data URL (rather than a trusted domain, with a padlock) and it is difficult to upgrade a bookmark. Technically, though, it should be possible for the server to keep a record of the latest version the user has opted in to, and that value could be signed by the user's password which the server never sees. That way only the initial web app bootstrapping code is not upgradeable.
I agree that the response from the Signed Pages devs has been disappointing, but for balance I should say that their claim seems to be that protecting against downgrades would necessarily prevent gradual deployments of complex web apps. I'm not convinced about that, but haven't looked deeply into the technological limitations. In any case, the lack of downgrade protection doesn't make the extension useless, since it improves the security of web apps from having to trust an online TLS key to trusting an offline PGP key.
Mailvelope is basically Protonmail's OpenPGP javascript client done as a browser plugin.
Mailvelope (https://github.com/mailvelope/mailvelope) is an open source extension for Chrome and Firefox that allows users to use openpgp encryption with any webmail provider. Unfortunately, I have only one contact who has corresponded with me using pgp. But two others (both activists) use ProtonMail (my only reason for having an account on the service) -- but not Tor (their ProtonMail use predates the latest "explainer").
As several others here have written, the vast majority of people don't care about their (or your) privacy: so most of our contacts are just more holes in a very leaky boat.
When it comes to email, I'm going to go out on a limb and say people should _never_ trust it for sensitive communications. Message content itself can be protected by pgp encryption (if people would bother to use it), but there's no watertight way to consistently avoid the kind of relationship mapping that nation states and transnational corporations have been doing for the last two decades. That game is already over, and Big Brother won -- no matter who you use for email.
As several others here have written, the vast majority of people don't care about their (or your) privacy: so most of our contacts are just more holes in a very leaky boat.
When it comes to email, I'm going to go out on a limb and say people should _never_ trust it for sensitive communications. Message content itself can be protected by pgp encryption (if people would bother to use it), but there's no watertight way to consistently avoid the kind of relationship mapping that nation states and transnational corporations have been doing for the last two decades. That game is already over, and Big Brother won -- no matter who you use for email.
Email isn't much worse at leaking metadata than most of the things people use for messaging and is better than many:
* https://articles.59.ca/doku.php?id=em:anonemail
Ultimately, for the strongest privacy protection you need to go to something offline, like email:
* https://articles.59.ca/doku.php?id=em:emailvsim
Obviously not everyone needs the highest level of protection, but the fact still needs to be acknowledged.
* https://articles.59.ca/doku.php?id=em:anonemail
Ultimately, for the strongest privacy protection you need to go to something offline, like email:
* https://articles.59.ca/doku.php?id=em:emailvsim
Obviously not everyone needs the highest level of protection, but the fact still needs to be acknowledged.
> Message content itself can be protected by pgp encryption (if people would bother to use it)
The message might be encrypted, but if they get to the other guy and offer him a sweet enough deal, there is no protection. There are two copies of the content out there, if it is that serious, why leave the papertrail.
People like to believe they are subverting the CIA snooping on all their very important 'activism', but in reality the most they are doing is opting out of google using their emails to market them shit they were never going to buy in the first place.
The message might be encrypted, but if they get to the other guy and offer him a sweet enough deal, there is no protection. There are two copies of the content out there, if it is that serious, why leave the papertrail.
People like to believe they are subverting the CIA snooping on all their very important 'activism', but in reality the most they are doing is opting out of google using their emails to market them shit they were never going to buy in the first place.
[deleted]
Throwaway.
As the manager of various accounts used by environmental and social activists on Protonmail, this is really bad.
I understand they have to follow Swiss law, but surely there are higher standard and processes than: police forward foreign request. Don't challenge or question, just do task required.
Interpol requests are not as universally recognized as what some people here are alluding to. Countries can file these requests with interpol but it's up each country to determine if they act or recognize the request.
If the Chinese government files 500 requests via interpol and the swiss police merely pass them on the proton, will proton mail automatically comply and install malware on their client on targeted accounts?
I hope this is not the case but I expect this to be clarified. On th face of it, organizing an occupy protest hardly seems to pas the bar of "serious criminal cases"
As the manager of various accounts used by environmental and social activists on Protonmail, this is really bad.
I understand they have to follow Swiss law, but surely there are higher standard and processes than: police forward foreign request. Don't challenge or question, just do task required.
Interpol requests are not as universally recognized as what some people here are alluding to. Countries can file these requests with interpol but it's up each country to determine if they act or recognize the request.
If the Chinese government files 500 requests via interpol and the swiss police merely pass them on the proton, will proton mail automatically comply and install malware on their client on targeted accounts?
I hope this is not the case but I expect this to be clarified. On th face of it, organizing an occupy protest hardly seems to pas the bar of "serious criminal cases"
Your concerns are valid but I think you are downplaying this by characterizing it as "swiss police merely pass them to proton". Protonmail recieved a legally binding order from the Swiss Federal Department of Justice.
I'm not saying Swiss laws are infallible but this request was not simply "forwarded": "Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)"
As they mentioned in the blog post, they do challenge many of these requests but it was not legally possible in this case.
I'm not saying Swiss laws are infallible but this request was not simply "forwarded": "Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)"
As they mentioned in the blog post, they do challenge many of these requests but it was not legally possible in this case.
Replace "Swiss" with "US" and Protonmail with GMail and the sentence remains equally true. So I guess the question remains, what does Protonmail offer in terms of privacy that is better than GMail or Outlook, given that USA and Swiss are both adhere to democratic standards.
> what does Protonmail offer in terms of privacy that is better than GMail or Outlook, given that USA and Swiss are both adhere to democratic standards.
Well for a start the privacy policy of Gmail allows them to use your data for advertising purposes.
Secondly, emails encrypted at rest, are still encrypted, so at least the body is protected.
Unless you were receiving emails that were encrypted prior to being sent that wouldn't be the case with Gmail.
The threat model for Protonmail is fairly clearly defined under the "ProtonMail recommended use cases". https://protonmail.com/blog/protonmail-threat-model/
The fact still remains email was probably not the right tool for these people as there is a lot of data stored server side.
Well for a start the privacy policy of Gmail allows them to use your data for advertising purposes.
Secondly, emails encrypted at rest, are still encrypted, so at least the body is protected.
Unless you were receiving emails that were encrypted prior to being sent that wouldn't be the case with Gmail.
The threat model for Protonmail is fairly clearly defined under the "ProtonMail recommended use cases". https://protonmail.com/blog/protonmail-threat-model/
The fact still remains email was probably not the right tool for these people as there is a lot of data stored server side.
> Well for a start the privacy policy of Gmail allows them to use your data for advertising purposes.
This is false - google stopped doing this for personal accounts many years ago (and never did for paid corporate).
> emails encrypted at rest
Google also encrypts at rest
This is false - google stopped doing this for personal accounts many years ago (and never did for paid corporate).
> emails encrypted at rest
Google also encrypts at rest
> This is false - google stopped doing this for personal accounts many years ago.
Does seem to be the case https://www.theguardian.com/technology/2017/jun/26/google-wi...
> (and never did for paid corporate).
We weren't talking about Workspaces.
However that said, people logged into gmail generally use google search so they get to use all the data collected from that and youtube videos you watch so I don't think it really matters too much. https://support.google.com/google-ads/answer/7019460?hl=en
With ProtonMail they can't actually read the contents of your emails, even for law enforcement, whereas Google certainly would be able to hand over entire copies.
Does seem to be the case https://www.theguardian.com/technology/2017/jun/26/google-wi...
> (and never did for paid corporate).
We weren't talking about Workspaces.
However that said, people logged into gmail generally use google search so they get to use all the data collected from that and youtube videos you watch so I don't think it really matters too much. https://support.google.com/google-ads/answer/7019460?hl=en
With ProtonMail they can't actually read the contents of your emails, even for law enforcement, whereas Google certainly would be able to hand over entire copies.
But if Protonmail can be compelled by a proxy foreign government to start logging an individuals IP, they could easily collect your decryption key and therefore your emails with a targeted attack as well.
Can Google decrypt without your permission?
Honest question, because that's the obvious difference (if you believe ProtonMail claims).
Honest question, because that's the obvious difference (if you believe ProtonMail claims).
Can you access your e-mail if you lose your phone, forget your password, get a new SIM card, and successfully go through account recovery?
There is your answer.
There is your answer.
I know that I cannot access my protonmail email under a wide variety of circumstances that I make efforts to avoid. Two of them involve forgetting complicated passwords, either of which would render my entire (historical) email vault unreadable. But it could absolutely be security theater.
What I have no idea about is Google. Do they even need to do anything targeting you in order to decrypt the data or not? Obviously they can modify your software with a remote update such that they can capture your decryption password, but that's a lot more work than querying a database and using a master key that Google has on hand for this sort of thing.
What I have no idea about is Google. Do they even need to do anything targeting you in order to decrypt the data or not? Obviously they can modify your software with a remote update such that they can capture your decryption password, but that's a lot more work than querying a database and using a master key that Google has on hand for this sort of thing.
For Google (and almost every provider that isn't very specifically targeting the highest levels of security at the expense of usability), the answer to the rhetorical question I posed is "yes", which implies that they can read your mail, without having to target you or anything you have.
While (as you correctly pointed out) the fact that you lose access to the data if you lose your passphrase doesn't prove that the data is completely inaccessible without it, the opposite (being able to access the data even if you forget/lose all your secrets/keys) conclusively proves that such access is possible.
While (as you correctly pointed out) the fact that you lose access to the data if you lose your passphrase doesn't prove that the data is completely inaccessible without it, the opposite (being able to access the data even if you forget/lose all your secrets/keys) conclusively proves that such access is possible.
> Can you access your e-mail if you lose your phone, forget your password, get a new SIM card, and successfully go through account recovery?
You can't. But this really doesn't answer if there was a special way for law enforcement, which I don't believe there is.
You can't. But this really doesn't answer if there was a special way for law enforcement, which I don't believe there is.
The question was about Google, and there (as with almost any other provider) you can. Most users would be pretty upset (no sarcasm) if something so small (sarcasm) as losing all their means to authenticate actually caused them to lose data.
Yes google can, but if Protonmail can be compelled by a proxy foreign government to start logging an individuals IP, they could easily collect your decryption key with a targeted attack as well.
Alternately, they could just log plaintext emails as they come in, before being encrypted.
Right, of course. I'm talking about decrypting the past messages.
Obviously they can modify their software to capture your decryption password, my question is more out of curiosity than it being a serious advantage against a state actor targeting you specifically.
I am fairly sure that protonmail cannot do this without modifying the software to target me by capturing the decryption password.
Of course they can always capture plaintext messages as they come in, we can only assume they don't keep records of that. If that's true, and we only have their word for that, it would make any requests forward focused, like a wire tap rather than a search of old bank records. They can't necessarily access old emails without explicit effort.
It's not some insurmountable barrier, and I don't mean to suggest it is. It's trivial to think of at least three ways to work around it, assuming you are still logging in. But it is a difference in design.
Obviously they can modify their software to capture your decryption password, my question is more out of curiosity than it being a serious advantage against a state actor targeting you specifically.
I am fairly sure that protonmail cannot do this without modifying the software to target me by capturing the decryption password.
Of course they can always capture plaintext messages as they come in, we can only assume they don't keep records of that. If that's true, and we only have their word for that, it would make any requests forward focused, like a wire tap rather than a search of old bank records. They can't necessarily access old emails without explicit effort.
It's not some insurmountable barrier, and I don't mean to suggest it is. It's trivial to think of at least three ways to work around it, assuming you are still logging in. But it is a difference in design.
> what does Protonmail offer in terms of privacy that is better than GMail or Outlook
Encryption. That was always the point. Your emails are stored encrypted, and nobody can read their content except you.
Not sure why some people expected ProtonMail to act as a magical VPN, both truly anonymous and not obeying to any court order, to an unencrypted email account like Gmail.
Encryption. That was always the point. Your emails are stored encrypted, and nobody can read their content except you.
Not sure why some people expected ProtonMail to act as a magical VPN, both truly anonymous and not obeying to any court order, to an unencrypted email account like Gmail.
Comparing the USA to Switzerland is truly naive. The Switzerland doesn’t have a permanent occupation of another sovereign country where Switzerland subjected prisoners to “enhanced interrogation techniques”, not to mention other routine human rights abuse violations.
And let’s not forget that proton doesn’t have the same record of customer abuse as google.
Countries override democratic standards for vaguely defined "national interests" all the time. It so happens that US, with its sprawling global empire, has a lot more "national interests" than the generally MYOB Swiss, and so is more prone to such abuse.
The difference, I guess, is that someone wouldn't start protonmail in the US precisely because of this. If Swiss laws changed for the worse, they might consider changing their country of operations.
Because of what? The US has fairly good privacy protections. Certainly, they are a five-eyes member, but for example it is not required by law that you keep logs. In many places in europe, it is required.
I think we are long past the point where we can trust all governments to use interpol notices only when required, and for the local law enforcement agencies not to take nuclear actions based on something that is clearly contrived, or political in nature.
Now, I don't support squatting, but launching an interpol notice, and attacking privacy under color of law seems like a misuse of the law, and abuse of the Swiss legal system.
We may need to attack this problem differently since it appears the Swiss do not have the vaunted protections they claim.
Also, we need Protonmail to look into offshoring, and obtaining independence of a potentially abusive legal system.
Sealand had at least a few good ideas around immunities from State power.
Now, I don't support squatting, but launching an interpol notice, and attacking privacy under color of law seems like a misuse of the law, and abuse of the Swiss legal system.
We may need to attack this problem differently since it appears the Swiss do not have the vaunted protections they claim.
Also, we need Protonmail to look into offshoring, and obtaining independence of a potentially abusive legal system.
Sealand had at least a few good ideas around immunities from State power.
Switzerland is a grouping of "Cantons" and each has very distinct autonomy. Some of them are far more conservative than others, and are going to have judges who are going to make decisions accordingly.
As much as we might like to believe it, law is not universally applied in a fair manner. Swiss authorities will approve requests that are total garbage requests. I happen to be on the receiving end of one of those, which was eventually, after significant time, effort and money thrown out for prejudice.
As much as we might like to believe it, law is not universally applied in a fair manner. Swiss authorities will approve requests that are total garbage requests. I happen to be on the receiving end of one of those, which was eventually, after significant time, effort and money thrown out for prejudice.
IMO the problem is that France use anti-terrorists law against environmental activist. It is not the first time it happens, and I bet that it will happen again.
If I were an environmental activist, I would definitely step up my operational security.
If I were an environmental activist, I would definitely step up my operational security.
> use anti-terrorists law against environmental activist
I have seen this commented a lot by people, that specifically anti-terrorist laws were used? But from what I have found, they used regular laws. Any chance you can point me in the right direction?
I have seen this commented a lot by people, that specifically anti-terrorist laws were used? But from what I have found, they used regular laws. Any chance you can point me in the right direction?
I am not sure about this specific case, but France has done it multiple times in the past:
https://www.liberation.fr/france/2015/11/27/l-etat-d-urgence...
https://www.climatechangenews.com/2019/04/03/french-police-t...
https://www.liberation.fr/france/2015/11/27/l-etat-d-urgence...
https://www.climatechangenews.com/2019/04/03/french-police-t...
Reminder that France literally bombed and sunk a moored Greenpeace ship (killing one person) not that long ago to prevent further protests against their nuclear weapon tests.
While this is true, I wouldn't call 36 years ago "not that long ago." That is a literal lifetime ago for many users of this site.
It is for many of us, but we're more than willing to accept that our lifetimes are not a useful yardstick for what was "long ago" ;)
they could still charge the bombers now, and everyday, the government more or less choses not to do it. While they still pursue the terrorists of the Red Brigades whose crime are even older.
They were actually charged and went to prison.
Kinda weird actually considering they were operating on their own government's orders.
https://en.wikipedia.org/wiki/Sinking_of_the_Rainbow_Warrior
Can you imagine, the government telling you to do something and then dragging you in front of a court after you do it :S I don't think they should have gone through with it but as they were under orders I don't think the responsibility lies with them.
By the way I really miss the way Greenpeace is no longer a grassroots environmental organisation. Protesting against nuclear testing, whaling etc the way they did was risky but effective.
Nowadays they're just another multinational corporation, just with some environmental goals. It's no wonder they're never really in the news anymore. And the need for this activism is actually much greater than ever now.
Kinda weird actually considering they were operating on their own government's orders.
https://en.wikipedia.org/wiki/Sinking_of_the_Rainbow_Warrior
Can you imagine, the government telling you to do something and then dragging you in front of a court after you do it :S I don't think they should have gone through with it but as they were under orders I don't think the responsibility lies with them.
By the way I really miss the way Greenpeace is no longer a grassroots environmental organisation. Protesting against nuclear testing, whaling etc the way they did was risky but effective.
Nowadays they're just another multinational corporation, just with some environmental goals. It's no wonder they're never really in the news anymore. And the need for this activism is actually much greater than ever now.
> Can you imagine, the government telling you to do something and then dragging you in front of a court after you do it :S
The French agents were arrested by New Zealand, not France, and convicted in New Zealand. France also threw their weight around to avoid having their agents jailed for the term of their sentences, AFAIK.
Beyond that, there's nothing wrong with holding responsible agents of the state who follow illegal orders (whether this was by French law, I can't speak to it). Many liberalized states, and particularly the militaries of those states, operate on the assumption that you must refuse to follow an illegal order. (Intelligence services, which caused the sinking of the Rainbow Warrior, may have different rules, but fundamentally there's supposed to be a carve-out and an escalation process for addressing orders "beyond the rules"." An example from the United States: https://warontherocks.com/2017/07/when-can-a-soldier-disobey...
The French agents were arrested by New Zealand, not France, and convicted in New Zealand. France also threw their weight around to avoid having their agents jailed for the term of their sentences, AFAIK.
Beyond that, there's nothing wrong with holding responsible agents of the state who follow illegal orders (whether this was by French law, I can't speak to it). Many liberalized states, and particularly the militaries of those states, operate on the assumption that you must refuse to follow an illegal order. (Intelligence services, which caused the sinking of the Rainbow Warrior, may have different rules, but fundamentally there's supposed to be a carve-out and an escalation process for addressing orders "beyond the rules"." An example from the United States: https://warontherocks.com/2017/07/when-can-a-soldier-disobey...
Ah good point, I didn't see that. And yes, I saw they were released after only 2 years of their ten-year sentence.
I totally agree they should have refused the orders. But the people who gave the orders are more accountable in my opinion.
I totally agree they should have refused the orders. But the people who gave the orders are more accountable in my opinion.
For anyone else wondering: https://en.m.wikipedia.org/wiki/Sinking_of_the_Rainbow_Warri...
Why don't you use riseup.net, they have been providing similar services specifically for activists for more than 20 years. While they are based in the US, the idea that Switzerland = privacy is bull. In the US, you are not required to keep logs. If you have them, you can be forced to turn them over, but if you don't they cannot force you to enable them.
I have been a riseup user for years. They have received foreign legal requests, and they do not simply do the task requested. They've also received US-based legal requests, and challenge them, but in the end, they do not have the data that is being requested, so ultimately they can respond saying exactly that.
(throwaway aswell)
I have been a riseup user for years. They have received foreign legal requests, and they do not simply do the task requested. They've also received US-based legal requests, and challenge them, but in the end, they do not have the data that is being requested, so ultimately they can respond saying exactly that.
(throwaway aswell)
>riseup.net
They are based in the US and only provide their services to radical leftist activists.
That combination seriously smells like FBI honeypot.
They are based in the US and only provide their services to radical leftist activists.
That combination seriously smells like FBI honeypot.
Except they've been around for 20 years, and the people running it are part of the left activist movement. I don't think its particularly constructive to post a comment on the internet about how something "smells"
The great thing about no trust models is that even if they were comprimised it wouldnt matter
Hardly. They get your password on login, and decrypt your mail. They don't (theoretically) even need a code change, just root/kernel level access/tracing to dump the password.
Unless of course you were using PGP - but then you would be about as well off with Gmail?
I mean, they provide a great service, and the stack is open - but I would hesitate to call it "secure" (that goes for ProtonMail too BTW).
https://0xacab.org/liberate/trees
Unless of course you were using PGP - but then you would be about as well off with Gmail?
I mean, they provide a great service, and the stack is open - but I would hesitate to call it "secure" (that goes for ProtonMail too BTW).
https://0xacab.org/liberate/trees
Where is the no trust model there though?
If riseup were a trap, they could do all the logging (in secret), find the activist, then do parallel construction for the actual evidence presented in court.
If riseup were a trap, they could do all the logging (in secret), find the activist, then do parallel construction for the actual evidence presented in court.
Why would they voluntarily act as agents of the state to do that? They would need to be compelled legally to do so, and to do that in the US would require a legal order that has not yet succeeded (remember the Apple case around the terrorist in San Bernadino?).
Before you say, "Well, it could be done in secret", please look up the Wiretap + technical assist laws and note the disclosure requirements.
Before you say, "Well, it could be done in secret", please look up the Wiretap + technical assist laws and note the disclosure requirements.
Because if you don't trust them, it's plausible that some or all of the people running the infrastructure aren't actually privacy activists, but moles planted by the state, acting as agents of the state because they are employed by the state, paid by the state, and specifically tasked to pretend to be activists and build a trap.
(There may be some solid evidence making this unlikely in reality, but that ultimately relies on some form of trust.)
(There may be some solid evidence making this unlikely in reality, but that ultimately relies on some form of trust.)
I've never understood decrypting with login credentials. My gpg creds are distinct. My client challenges on each mail. Can be set to save for key per session, but don't.
Trees fails to load mobile?
> They are based in the US and only provide their services to radical leftist activists.
They're pretty chill on who to provider their services to. Yes, they host radical leftist activists, but they also host pretty mainstream leftist activists. And they obviously don't care who does what, they don't check your accounts.
I'm far from being a radical leftist (or any leftist!) and I have an account.
They're pretty chill on who to provider their services to. Yes, they host radical leftist activists, but they also host pretty mainstream leftist activists. And they obviously don't care who does what, they don't check your accounts.
I'm far from being a radical leftist (or any leftist!) and I have an account.
1 I know some staff at a remove of 1 degree. don't believe but can't prove the honeypot conjecture.
Interpol is simply a way for law enforcement to communicate across borders.
If the Chinese government files a request by means of Interpol, it’s very dishonest to say “an Interpol request.” It’s a Chinese request.
If the Chinese government files a request by means of Interpol, it’s very dishonest to say “an Interpol request.” It’s a Chinese request.
Interpol won't tell you it's a Chinese request though. You can claim it's dishonest by Interpol, but not by the party receiving the request at the end of the line.
> but surely there are higher standard and processes than: police forward foreign request. Don't challenge or question, just do task required.
There are, which they specifically described.
This also goes for your second described case. The chinese government is only one of the two required.
There are, which they specifically described.
This also goes for your second described case. The chinese government is only one of the two required.
It's up to the local authorities as you said. If the Chinese government files 500 requests on interpol and the Swiss authority recognizes the requests, ProtonMail will just have to comply.
But usually interpol rejects many requests from the Chinese government (to track uyghurs for example).
The real scandal here is why the French authority is making such request on an activist, why Interpol processed it (as far as I understand there are no crimes in play here?), and why the Swiss authority recognizes the request? Perhaps we don't have the full story, but, with only the information we have, it sounds like an abuse of the protocol on 3 different entities. And double standards from Interpol (not okay to track down chinese activists, but ok for french activists?)
But usually interpol rejects many requests from the Chinese government (to track uyghurs for example).
The real scandal here is why the French authority is making such request on an activist, why Interpol processed it (as far as I understand there are no crimes in play here?), and why the Swiss authority recognizes the request? Perhaps we don't have the full story, but, with only the information we have, it sounds like an abuse of the protocol on 3 different entities. And double standards from Interpol (not okay to track down chinese activists, but ok for french activists?)
> The real scandal here is why the French authority is making such request on an activist, why Interpol processed it (as far as I understand there are no crimes in play here?), and why the Swiss authority recognizes the request?
This seems easy to answer - according to French media[1], they were activists illegally occupying[2] buildings to protest rising real estate prices. This is illegal in Switzerland, too. What's the scandal? Authorities using their powers?
[1]: https://www.lesnumeriques.com/vie-du-net/protonmail-a-fourni...
[2]: https://www.lefigaro.fr/societes/a-paris-un-local-du-restaur...
This seems easy to answer - according to French media[1], they were activists illegally occupying[2] buildings to protest rising real estate prices. This is illegal in Switzerland, too. What's the scandal? Authorities using their powers?
[1]: https://www.lesnumeriques.com/vie-du-net/protonmail-a-fourni...
[2]: https://www.lefigaro.fr/societes/a-paris-un-local-du-restaur...
Illegal, okay, but is it a crime? I mean, after WWII interpol asked countries to not fill requests on nazis criminals because they did crimes of political nature and interpol needs to stay politically neutral [0].
But now, for an anti-capitalist activist it's not political?
[0]: https://en.wikipedia.org/wiki/Interpol#cite_ref-14
[0]: https://en.wikipedia.org/wiki/Interpol#cite_ref-14
> Illegal, okay, but is it a crime?
According to Swiss law, yes.
According to Swiss law, yes.
Why do the climate activists hiding, I can not understand?
Climate is fashionable and respected today, they would got medals maybe if not hiding?
I can openly say that I am for good climate and ecology. Greta Thunberg is also not hiding.
And about this specific activist, do you know what he is accused of? (It must be something other than activism, right? Difficult to imagine climate activism is illegal in France).
PS: I understand this topic is mostly about Proton failing the privacy expectations, but curious to know what can activist be charged with.
Climate is fashionable and respected today, they would got medals maybe if not hiding?
I can openly say that I am for good climate and ecology. Greta Thunberg is also not hiding.
And about this specific activist, do you know what he is accused of? (It must be something other than activism, right? Difficult to imagine climate activism is illegal in France).
PS: I understand this topic is mostly about Proton failing the privacy expectations, but curious to know what can activist be charged with.
> For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying premises rented by Le Petit Cambodge — a restaurant that was targeted by the November 13th, 2015 terrorist attacks in Paris.
https://techcrunch.com/2021/09/06/protonmail-logged-ip-addre...
Still strange, how could they anonymously occupy the places, if they were physically present there.
https://techcrunch.com/2021/09/06/protonmail-logged-ip-addre...
Still strange, how could they anonymously occupy the places, if they were physically present there.
In yesterday thread there were comment if I remember right that included more details. The squatters in question has already been sentenced and given suspended sentences. The request to ProtonMail was about other members of the same group that is suspected of home invasion and theft.
If that qualify as serious crime is still up to debate and it could just be a excuse to go after the organizers. I do however find the case a bit more nuanced after reading those details.
If that qualify as serious crime is still up to debate and it could just be a excuse to go after the organizers. I do however find the case a bit more nuanced after reading those details.
In your job as an intermediary would it be reasonable to roll your own email servers? If done properly then you wouldn't have to trust anyone and could give instructions to your clients on how to produce and use their own private keys. Commercial mail providers don't offer this option for some (likely legal) reason, but if you're willing to share risk with the activists then I think it would be worthwhile.
> could give instructions to your clients on how to produce and use their own private keys
PGP has been around since 1991, if it was as easy as writing a catchy how to, then some people might use it. Now 30 years in, basically nobody uses it. Got to wonder why ...
> don't offer this option for some (likely legal) reason
Not at all, they dont do it because it is a terrible customer experience. It is confusing, it is hard, if you lose a key, your data is garbage. If you make a copy of your key, you are not secure. Some people are happy to go that path, most are not.
If only it was so simple. Imagine a world where Gmail launched, but if you forgot your password, boom, all your email is gone as is access to your email address. The next company that came along and offered 'password resets' would have wiped them out.
PGP has been around since 1991, if it was as easy as writing a catchy how to, then some people might use it. Now 30 years in, basically nobody uses it. Got to wonder why ...
> don't offer this option for some (likely legal) reason
Not at all, they dont do it because it is a terrible customer experience. It is confusing, it is hard, if you lose a key, your data is garbage. If you make a copy of your key, you are not secure. Some people are happy to go that path, most are not.
If only it was so simple. Imagine a world where Gmail launched, but if you forgot your password, boom, all your email is gone as is access to your email address. The next company that came along and offered 'password resets' would have wiped them out.
> if you forgot your password, boom, all your email is gone as is access to your email address
Replace "email" with "Bitcoin"
Replace "email" with "Bitcoin"
Those are all benefits when your goal is discrete communication: which is exactly what we're discussing.
[deleted]
Sadly, it is impossible hide your identity from gov and legal enforcement (from US to China) if you use any commercial service. As far as I know, FBI knows identity of all “ransomware” hackers. But they just cannot get them.
Could you explain or substantiate this claim in a bit more detail? How is it absolutely impossible to find anonymity using any commercial service? and where did you hear that all the ransomware hackers are known?
Here is what is written in the police report, and it doesn't look good for Protonmail:
https://twitter.com/OnEstLaTech/status/1434576598418796549/p...
It's in french but here is a summary: Law enforcement contacted Protonmail directly and the company told them to use the "Europol channel", which law enforcement did.
Protonmail then provided the date when the account was created, the IP address (Not clear if it is the one when it was created or last login) and the "device", I suppose they are talking about the user agents.
Please keep in mind that companies can charge processing fees on law enforcement requests. I would really like to know if ProtonMail is earning money on this.
It's in french but here is a summary: Law enforcement contacted Protonmail directly and the company told them to use the "Europol channel", which law enforcement did.
Protonmail then provided the date when the account was created, the IP address (Not clear if it is the one when it was created or last login) and the "device", I suppose they are talking about the user agents.
Please keep in mind that companies can charge processing fees on law enforcement requests. I would really like to know if ProtonMail is earning money on this.
And said Europol channel probably ended up landing with a police department in Swítzerland.
I think I would be happier with a "no, we cannot comply with your request" rather than the "no, we cannot comploy with your request, go to this other window..." but I wouldn't be surprised if the option they took is the legally safer route.
I think I would be happier with a "no, we cannot comply with your request" rather than the "no, we cannot comploy with your request, go to this other window..." but I wouldn't be surprised if the option they took is the legally safer route.
Does anyone have information on what the climate activist is accused of? This is the only thing I've found:
> For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying premises rented by Le Petit Cambodge — a restaurant that was targeted by the November 13th, 2015 terrorist attacks in Paris.
> For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying premises rented by Le Petit Cambodge — a restaurant that was targeted by the November 13th, 2015 terrorist attacks in Paris.
I found this page [0] (in French). I don't know how reliable this website (or my French, for that matter) is, but it seems like its a group of activists illegally squatting, damaging the property (at least changing the locks) and causing some public disturbances in the street, and the police were having a difficult time catching them. This email account was linked to the organization's Twitter account, and from there they were able to put together enough information to arrest.
[0] https://paris-luttes.info/recit-policier-de-sainte-marthe-15...
[0] https://paris-luttes.info/recit-policier-de-sainte-marthe-15...
In short, a judge ordered the eviction, the BAC (French police's anticrime unit) proceeded and 50-60 people intervened and tried to stop them, at least two officers were injured, one had to take 15 days off.
So that activist was the leader and social media coordinator of the group.
I'm not quite following:
> ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.
But the arrest was by the French police. So the Swiss government used a warrant to get info from PM and then passed it to France because the charges passed muster under Swiss law ("Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)")?
> ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.
But the arrest was by the French police. So the Swiss government used a warrant to get info from PM and then passed it to France because the charges passed muster under Swiss law ("Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)")?
I think it was a request from a French police investigation to provide the data, which makes the Swiss government ordering PM to reveal user details seem very generous IMO. If I were Swiss I would probably want a bit more restriction on potentially arbitrary foreign government requests.
the difference here being that protonmail gave the data to the swiss government. which in term passed it to the French for its police investigation.
cross border criminal investigation and police cooperation is very common in Europe, and fully within swiss law.
cross border criminal investigation and police cooperation is very common in Europe, and fully within swiss law.
Okay, that's what I was wondering; I wasn't giving an option, just trying to figure out how a Swiss investigation resulted French police arresting someone. So thanks:)
This is the exact kind of clarity that was needed for users to have confidence in their understanding of Protonmail. Andy Yen (Proton CEO) is a very thoughtful communicator and is making the world better.
At some point everything on the internet becomes local, because people and businesses eventually must exist at a location in the real world. Proton is always going to be subject to local law enforcement wherever they are based.
At some point everything on the internet becomes local, because people and businesses eventually must exist at a location in the real world. Proton is always going to be subject to local law enforcement wherever they are based.
Disclaimer: Paying Protonmail customer
This is a weak response. "What we're changing" isn't specific. It's a "our shit doesn't stink" kind of reply.
"What we're changing" should be far more specific. Start educating users about Tor on your homepage.
Start blogging about Tor more than once in 2017. Have a score for how many users log in through Tor. Have a score for how many times your privacy policy is loaded.
Stop claiming to be the best simply because you have a Tor site with an old version of your app. That's not good enough.
I'm looking for leadership. Protonmail is clearly an "explainer" more than a leader. I'll keep my eyes peeled for whoever comes along to replace them.
This is a weak response. "What we're changing" isn't specific. It's a "our shit doesn't stink" kind of reply.
"What we're changing" should be far more specific. Start educating users about Tor on your homepage.
Start blogging about Tor more than once in 2017. Have a score for how many users log in through Tor. Have a score for how many times your privacy policy is loaded.
Stop claiming to be the best simply because you have a Tor site with an old version of your app. That's not good enough.
I'm looking for leadership. Protonmail is clearly an "explainer" more than a leader. I'll keep my eyes peeled for whoever comes along to replace them.
Seems like CTemplar (based in Iceland) supports Tor [0] and looks pretty good based on the comparison table they posted on their blog [1].
[0] https://ctemplar.com/how-ctemplar-over-tor-makes-your-email-...
[1] https://ctemplar.com/email-comparison-table/
[0] https://ctemplar.com/how-ctemplar-over-tor-makes-your-email-...
[1] https://ctemplar.com/email-comparison-table/
> Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding.
They’re not explicit with regards to the activist, this would mean the activist was notified upon ProtonMail receiving the request?
I’m not sure there’s much you can do but lawyer up if you receive such a notice, but potentially the activist could have immediately started using Tor (maybe too late though, because to read the notice they might have already leaked their IP).
They’re not explicit with regards to the activist, this would mean the activist was notified upon ProtonMail receiving the request?
I’m not sure there’s much you can do but lawyer up if you receive such a notice, but potentially the activist could have immediately started using Tor (maybe too late though, because to read the notice they might have already leaked their IP).
Disclaimer: I am a paying customer.
Very classy post. To-the-point. There are limitations with digital services.
If you don't like what happened, you need to change things. They only way to change things is to change the law. This begins with voting.
Very classy post. To-the-point. There are limitations with digital services.
If you don't like what happened, you need to change things. They only way to change things is to change the law. This begins with voting.
It's very rare to actually change things in a liberal democracy with voting. This is a central contradiction of the system, because there is very little incentive for existing governments to offer the ability to vote for policies which would change the status quo. Probably doubly so with something as subversive as what you are suggesting, states don't like it when non-states are able to keep secrets.
Modern labor rights, environmental policy, and basic equality for marginalized groups (women, POC, LGBT people etc.) under the law, are frequently touted as victories of liberal democratic systems but almost all of these rights exist because of massive civil disobedience, and often violent protests.
In all cases, you need huge support of the voter base for a particular issue before voting for a candidate to represent it is ever an option. Even then, there is simply no way to hold elected officials accountable to implementing their platform, and how could there be? No plurality of elected officials would ever want to pass that law in the first place.
Modern labor rights, environmental policy, and basic equality for marginalized groups (women, POC, LGBT people etc.) under the law, are frequently touted as victories of liberal democratic systems but almost all of these rights exist because of massive civil disobedience, and often violent protests.
In all cases, you need huge support of the voter base for a particular issue before voting for a candidate to represent it is ever an option. Even then, there is simply no way to hold elected officials accountable to implementing their platform, and how could there be? No plurality of elected officials would ever want to pass that law in the first place.
This is absolutely not the case in Switzerland where ProtonMail is located. The government doesn't have a say in what questions are voted for. Any proposal that gathers 100k signatures is put to a nation-wide referendum. About a dozen proposals are voted for each year. It is absolutely possible to run a public initiative to change the privacy or criminal laws, provided you have support in the population.
It might largely depend on whether you live somewhere with proportional representation or not. Full-on revolution at the ballot box is rare in liberal democracies, sure, but single-issue candidates get elected pretty commonly and often have outsized influence if they're needed for a coalition government.
Women's rights actually occurred in defiance of popular numbers by a vote. In the US, the same thing happened for integration of schools.
You do, typically, need a majority of the voters to agree with you. In representative democracy that means you need a plurality of representatives.
Candidates can and do lie. That is something you need to evaluate as part of voting for them.
You do, typically, need a majority of the voters to agree with you. In representative democracy that means you need a plurality of representatives.
Candidates can and do lie. That is something you need to evaluate as part of voting for them.
In defiance of popular numbers, but as a result of decades of (mostly illegal) protests.
The only issue here, is that Proton said on their homepage that they don't log IP, but they in fact do it when asked by the police. Vote will not impact that.
Anonymity doesn't exists for GAFA or Big governments on internet that's all, if you are not happy with that, you can vote as you want it will not change. But anonymity in society will soon stop existing as well. With all cameras that we have everywhere, we just need the Chinese facial recognition system and that will be the end. That's how it is.
Anonymity doesn't exists for GAFA or Big governments on internet that's all, if you are not happy with that, you can vote as you want it will not change. But anonymity in society will soon stop existing as well. With all cameras that we have everywhere, we just need the Chinese facial recognition system and that will be the end. That's how it is.
They have always said that. Years go.
What do I do when not a single candidate in any election that I can vote in has even heard of, much less taken my preferred position on, this issue?
- Lobby with the existing candidates (and/or incumbents) to get them to take a stand on this issue.
- Same point as before but indirectly: gather public support by leveraging the (social) media available to you.
- If all else fails: run for office yourself.
- Same point as before but indirectly: gather public support by leveraging the (social) media available to you.
- If all else fails: run for office yourself.
And, if all of this fails and your country appears to be corrupted, consider protesting. Revolting might become necessary depending on the condition.
> - If all else fails: run for office yourself.
I advise all, especially Americans, to do this first.
I advise all, especially Americans, to do this first.
Run yourself
Or, you could change the country of your email provider.
So in other words, protonmail is only safe if you use it for tax evasion, as there the swiss authorities won't help foreign governments.
I don't understand why it is so hard for people on HN to understand that "no logs by default" is perfectly compatible with "if the government orders us to turn on logs, we must".
No company or organization can sustainably stop a determined government request that they continue to operate in financially or physically. It doesn't matter what the company says at some point they will be forced to either shutdown or give in eg lavabit(1).
The government can trace and stop the flow of all or most of their money threating their primary motivation for the business. Or they can physically detain people or equipment required to function.
the only way for an entity to never comply with government orders and continue to function is to remain anonymous and their servers accessible only via temporary addresses or tor since static ip's and domains can be taken away. Making it impossible for receiving email and more effort than the average person would want to access. It then becomes a catch 22 as you cant fully trust an anonymous, transient entity since their motivation can never be verified(they could be a honey trap), they can rarely be held accountable if they betray you, and they could be replaced or compelled to comply without anyone knowing(someone part of a visible physical social network could have friends put out a warning if something suspicious happened to them).
What it comes down to is what we already know. they only way to be sure your email provider wont hand over your emails is to run your own email server anonymously. For anyone who cant do that protonmail is still likely the best choice even if its imperfect. plus adding whatever other layers of protection on top you are capable of.
1. https://en.wikipedia.org/wiki/Lavabit
the only way for an entity to never comply with government orders and continue to function is to remain anonymous and their servers accessible only via temporary addresses or tor since static ip's and domains can be taken away. Making it impossible for receiving email and more effort than the average person would want to access. It then becomes a catch 22 as you cant fully trust an anonymous, transient entity since their motivation can never be verified(they could be a honey trap), they can rarely be held accountable if they betray you, and they could be replaced or compelled to comply without anyone knowing(someone part of a visible physical social network could have friends put out a warning if something suspicious happened to them).
What it comes down to is what we already know. they only way to be sure your email provider wont hand over your emails is to run your own email server anonymously. For anyone who cant do that protonmail is still likely the best choice even if its imperfect. plus adding whatever other layers of protection on top you are capable of.
1. https://en.wikipedia.org/wiki/Lavabit
What does the word "activist" mean in this case? What form did the activism take, that a criminal case was opened?
That's the small story in the bigger one. In the end, Proton is failing to deliver service that claimed to not record PII therefore failing protect their users.
One could argue they only protect good users - as defined by Swiss law. Then what's the point of Proton?
Next time, a whistleblower from a Swiss bank or agency?
One could argue they only protect good users - as defined by Swiss law. Then what's the point of Proton?
Next time, a whistleblower from a Swiss bank or agency?
I understand that Proton failing the privacy expectations.
But curious about the other part of the story. The word "activist" is abused very often. I can not find the details, what exactly they are trying to dress up as "activism" is this case.
Also, "activist arrested" makes impression he was arrested for activism. But strictly speaking, the charge may be totally unrelated.
But curious about the other part of the story. The word "activist" is abused very often. I can not find the details, what exactly they are trying to dress up as "activism" is this case.
Also, "activist arrested" makes impression he was arrested for activism. But strictly speaking, the charge may be totally unrelated.
Heres the issue with Proton's marketing that no one is mentioning. The CEO keeps making claims about "Swiss law" as if it is something to be desired. However he never adds any citations to the relevant laws or their interpretation. This seems strange because #1 How many Proton customers know anything about Swiss law (how many can even read German or French^1) and #2 The CEO is not a lawyer, he is a physicist.
It seems prudent that Proton customers would want to have a look at those "Swiss laws" (a) to see what sort of protection they offer and (b) to make sure they dont violate one. In the case of (b) the customer will potentially lose all privacy protections, as emphasized in this announcement.
1 It appears that Swiss law is conveniently published in English however the English translation is not what Swiss courts use.
It seems prudent that Proton customers would want to have a look at those "Swiss laws" (a) to see what sort of protection they offer and (b) to make sure they dont violate one. In the case of (b) the customer will potentially lose all privacy protections, as emphasized in this announcement.
1 It appears that Swiss law is conveniently published in English however the English translation is not what Swiss courts use.
Any company large enough _will_ have to deal with compliance at some point, that's why most devs in large software companies have to take these silly "exams" every year telling you to not plug a USB key you found on the floor in your company laptop, even if it should be very obvious to most.
I'm seeing a lot of people here that are surprised by the fact that even a company who has privacy as their main marketing point has to deal with compliance, but really, unless you host your own mail server, you just can't guarantee your own privacy.
I don't generally advise hosting your own mail server due to all the troubles that come with it, but this is really one of the only ways I can think of where you can achieve a decent enough level of control when it comes to exchanging emails.
I'm seeing a lot of people here that are surprised by the fact that even a company who has privacy as their main marketing point has to deal with compliance, but really, unless you host your own mail server, you just can't guarantee your own privacy.
I don't generally advise hosting your own mail server due to all the troubles that come with it, but this is really one of the only ways I can think of where you can achieve a decent enough level of control when it comes to exchanging emails.
The crux of the matter is very simple: do not break Swiss law when using ProtonMail.
Someone needs to build "CanaryEmail: Safe, Secure and Informed", where every time I login I can see an up to day message "We do not have any request from Law Enforcement regarding your data", "We do not have any request from Law Enforcement regarding your logs", etc.
I would definitely love to switch to something like this.
Edit: in addition, every time there is a new javascript library installed, user need to have confirmation if he/she wants to proceed. Otherwise it could be email provide on behalf of LE under their enforcement installing middle man.
I would definitely love to switch to something like this.
Edit: in addition, every time there is a new javascript library installed, user need to have confirmation if he/she wants to proceed. Otherwise it could be email provide on behalf of LE under their enforcement installing middle man.
My problem isn’t that ProtonMail followed the law, it’s that the company’s marketing has gone to extreme lengths to hide what exactly it will log (when compelled by the courts) and when it will fight.
It’s also concerning, legal or not, that logging was required in this case, which is not about drugs or the murder or corruption. But climate activism. By very young people. If the Swiss police will demand that data for something so small, that’s a a concern about trusting their laws and authorities to be “better” than the alternative.
It’s also concerning, legal or not, that logging was required in this case, which is not about drugs or the murder or corruption. But climate activism. By very young people. If the Swiss police will demand that data for something so small, that’s a a concern about trusting their laws and authorities to be “better” than the alternative.
Ha ha. For years HN was almost fanatic about ProtonMail. It is funny to see how things change 180 in a day. Same thing happened to Apple with CSAM.
Seriously I thought I was the uncool kid for not using ProtonMail and some other HN favorites. In the end, they are all someone's server with unknown connections. Do not trust other companies no matter what. Period.
Seriously I thought I was the uncool kid for not using ProtonMail and some other HN favorites. In the end, they are all someone's server with unknown connections. Do not trust other companies no matter what. Period.
It appears they didn't start logging until ordered to.
So, this might be in line with their policy of not having logs by default- but I have to wonder if this applies to phone numbers(which the crowd that signs up using VPN/TOR reports that they're required to provide).
If they don't keep that info, then Protonmail would be solid as long as you access it via VPN well before a order tells them to start monitoring the IP.
I'm also curious, I see here they do this for spammers - there is no way, a better system can't be created to 'verify' users against spammers ,since I see their logic here that spammers are why they do it https://old.reddit.com/r/ProtonMail/comments/phnyd9/why_is_p...
I'm aware that every other major email provider bans your account if you don't provide a phone umber shortly after account creation, such as Outlook for example. (Others require phone numbers up front, and all of them ban VOIP numbers)
We're nearly at the point that you can't email anyone without providing your phone number or other details...I know social media is already like that.
One thing i noticed, For things like Discord even, if you make an account, give them a non-major email address and they then force you to give a email, or else you can't sign in to that formal account. for now one can still use a permalink to get to a discord server without having to make an account...for now..
Protonmail is a standout if they don't log any of it, and still the best option left in the world, but this is still a icky situation.
I see also they point out Swiss law means this cannot happen to the ProtonVPN service, as email providers are specifically legally in the situation they have to allow active monitoring. Not for Swiss VPN providers...
And one needs a 'big' email provider address, or else it gets rejected by multiple services now that require a email address for sign up or usage.
I hope they clarify that payment details /phone numbers of TOR/VPN users doesn't get logged, like IP addresses, by default. Also, more importantly- that they move forward in fully dissuading spammers, and remove the phone requirement of people signing up anonymously
So, this might be in line with their policy of not having logs by default- but I have to wonder if this applies to phone numbers(which the crowd that signs up using VPN/TOR reports that they're required to provide).
If they don't keep that info, then Protonmail would be solid as long as you access it via VPN well before a order tells them to start monitoring the IP.
I'm also curious, I see here they do this for spammers - there is no way, a better system can't be created to 'verify' users against spammers ,since I see their logic here that spammers are why they do it https://old.reddit.com/r/ProtonMail/comments/phnyd9/why_is_p...
I'm aware that every other major email provider bans your account if you don't provide a phone umber shortly after account creation, such as Outlook for example. (Others require phone numbers up front, and all of them ban VOIP numbers)
We're nearly at the point that you can't email anyone without providing your phone number or other details...I know social media is already like that.
One thing i noticed, For things like Discord even, if you make an account, give them a non-major email address and they then force you to give a email, or else you can't sign in to that formal account. for now one can still use a permalink to get to a discord server without having to make an account...for now..
Protonmail is a standout if they don't log any of it, and still the best option left in the world, but this is still a icky situation.
I see also they point out Swiss law means this cannot happen to the ProtonVPN service, as email providers are specifically legally in the situation they have to allow active monitoring. Not for Swiss VPN providers...
And one needs a 'big' email provider address, or else it gets rejected by multiple services now that require a email address for sign up or usage.
I hope they clarify that payment details /phone numbers of TOR/VPN users doesn't get logged, like IP addresses, by default. Also, more importantly- that they move forward in fully dissuading spammers, and remove the phone requirement of people signing up anonymously
> 5. Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. More information can be found here.
This is subject to carve-outs of course, but it would be interesting to see how PM seeks to achieve this.
This is subject to carve-outs of course, but it would be interesting to see how PM seeks to achieve this.
> 6. Under current Swiss law, email and VPN are treated differently, and ProtonVPN cannot be compelled to log user data.
So, they could offer the service only over Tor and their own vpn (possibly adding in mullvad/Firefox and a few others to the whitelist) - and the email logs would be less useful?
Ie: build vpn into the email app?
So, they could offer the service only over Tor and their own vpn (possibly adding in mullvad/Firefox and a few others to the whitelist) - and the email logs would be less useful?
Ie: build vpn into the email app?
If law enforcment can order to log IPs, could they tell Microsoft that there is an Windows user with specific e-mail address (which that user uses as windows login) and order them to deploy Microsoft signed update only to that user devices with embedded trojan written by some three letter agency ?
I don't think this clarification is sufficient for the weasel words in their advertising/marketing.
Maybe posteo as alternative? But, really, self~host. I know I'm a perv, but, since rspamd came along, I like doing my own mail. PS. Maintain qmail/courier and postfix systems available as hidden services. Have crypto lists with schleuder.
A service must be paid for.
And if a payment is done, it is connected to a real person.
THE END
No matter what PM promises, without addressing this issue it is all bull.
Ladar Levison from Lavabit (Snowden email case) tries to square this circle to provide safe services.
No matter what PM promises, without addressing this issue it is all bull.
Ladar Levison from Lavabit (Snowden email case) tries to square this circle to provide safe services.
> A service must be paid for. And if a payment is done, it is connected to a real person. THE END
Unless payment is made in a way that preserves the user's privacy (i.e. using cryptocurrency).
Unless payment is made in a way that preserves the user's privacy (i.e. using cryptocurrency).
Note that "i.e." is short for "id est" (that is), rather than something that can be interpreted as "for example". And it is not necessarily the case that transacting in crypto currencies preserves your identity, it just takes one mistake, then your no-longer-anonymous transaction that was preserved in IMMUTABLE BLOCKCHAIN FOREVER is there for discovery.
So, if I was actually concerned about my privacy and anonymity, I would not transact in (most, at least) cryptos, dealing only in much less traceable cash.
So, if I was actually concerned about my privacy and anonymity, I would not transact in (most, at least) cryptos, dealing only in much less traceable cash.
> Due to Proton’s strict privacy, we do not know the identity of our users, and at no point were we aware that the targeted users were climate activists
I don't understand what this is about. Would they had refused to comply, was that the case?
I don't understand what this is about. Would they had refused to comply, was that the case?
that they didn't/can't read their email because it was encrypted
> Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.
This is false. Just like LE forced them to turn on IP logging on someones account, same LE can force them - by law - to install some javascript code to AJAX back home the unencrypted content of the email once the client opens their email. How stupid do they think people are??
> There was no legal possibility to resist or fight this particular request.
WTF? So Switzerland is a fascist or authoritarian state now that you cannot take your own Government (in this case LE) to court and argue in front of a judge? I thought there is a separation of power in Switzerland, no? Then why the heck did Protonmail chose Switzerland to host their mail if they are being so oppressive?
This is false. Just like LE forced them to turn on IP logging on someones account, same LE can force them - by law - to install some javascript code to AJAX back home the unencrypted content of the email once the client opens their email. How stupid do they think people are??
> There was no legal possibility to resist or fight this particular request.
WTF? So Switzerland is a fascist or authoritarian state now that you cannot take your own Government (in this case LE) to court and argue in front of a judge? I thought there is a separation of power in Switzerland, no? Then why the heck did Protonmail chose Switzerland to host their mail if they are being so oppressive?
Maybe a bit off topic, but is Mixmaster/Mixminion still a viable option? I can still remember playing around with Mixmaster many years ago but mail delivery was not 100% reliable.
Can the Swiss Government still claim neutrality after this?
You mean by executing a warrant they somehow entered into a military bloc? Must be strange membership rules.
ha, was tounge in cheek, however, the post by PM CEO said the following on Twitter [0]:
"In this particular case, the suspect unfortunately did break Swiss law, and there was simply no possibility to fight the decision made by the Swiss Federal Department of Justice."
How does squating in France break swiss law?
[0] - https://twitter.com/andyyen/status/1434665940696846340
How does squating in France break swiss law?
[0] - https://twitter.com/andyyen/status/1434665940696846340
"would the same thing be against the law if it happened here" is a somewhat common benchmark in treaties and laws about respecting and acting on foreign law enforcement requests, presumably that's what's meant. (When it comes to extraditions it's often called the "dual criminality" requirement, and can involve quite a bit of transfer to make things comparable. E.g. since Assange is charged with conspiring with Manning to steal US military data, the UK extradition ruling was considering if it would have been a crime in the UK if he had conspired with a UK service member to steal UK data)
I'd like to know who the activist is and what the alleged crime is. The bar is set very high for Switzerland.
> Due to Proton’s strict privacy, we do not know the identity of our users, and
That is not something I'm ready to believe.
I remember trying to sign for a protonmail account a while back.
At some point in the process, they do ask for a valid cell phone number, which, unless you go to the length of getting a burner (not easy in many European countries except maybe the UK) basically means they know exactly who you are.
When I saw this, I walked away.
> under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation.
There's complying with the law like a good little sheep, and there's acceptable civil disobedience.
In this specific instance, proton should have taken the latter approach.
Take the fine, go to court, fight the injunction tooth and nail, make sure that even if they lose, the Swiss govt. knows the kind of fight and waste of time and money they're in for each time they come knocking.
They just bent and complied like good little boys.
Now their business model is compromised, serves them right.
That is not something I'm ready to believe.
I remember trying to sign for a protonmail account a while back.
At some point in the process, they do ask for a valid cell phone number, which, unless you go to the length of getting a burner (not easy in many European countries except maybe the UK) basically means they know exactly who you are.
When I saw this, I walked away.
> under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation.
There's complying with the law like a good little sheep, and there's acceptable civil disobedience.
In this specific instance, proton should have taken the latter approach.
Take the fine, go to court, fight the injunction tooth and nail, make sure that even if they lose, the Swiss govt. knows the kind of fight and waste of time and money they're in for each time they come knocking.
They just bent and complied like good little boys.
Now their business model is compromised, serves them right.
I'm angry and ready to switch. Who's the best alternative?
I imagine protonmail users would like to know exactly what types of data are provided to authorities if they are compelled to provide it.
Is it a list of access time, IP tuples? Is that it or more?
Is it a list of access time, IP tuples? Is that it or more?
Non-expert here.
What are the best alternatives to ProtonMail?
What are the best alternatives to ProtonMail?
I guess it depends what you mean by best? Best at sending emails - gmail.com is good at that. Something that claims great security - you could try https://mailfence.com/
Thanks, and yes, I could have been more precise. I'll take a look at the latter.
From their website, regarding Onion:
"...we are one of the only email providers that supports this). "
What now?
"...we are one of the only email providers that supports this). "
What now?
TL;DR They don’t log IP addresses. But they can be compelled to by Swiss law and they cannot NOT oblige as it’s trivial for them to do at various levels in their stack without even needing to modify their software. So they advise you to use their onion address if you need to anonymity.
Don’t know why they can’t plonk a tcpip->tor->ProtonMail reverse proxy in front of their infra offering this facility to every connecting client, and transparently. After all, their services (including ProtonVPN) already support tor to some extent.
Don’t know why they can’t plonk a tcpip->tor->ProtonMail reverse proxy in front of their infra offering this facility to every connecting client, and transparently. After all, their services (including ProtonVPN) already support tor to some extent.
It seems like they could've simplified their explanations about only Swiss law applying by simply recommending Swiss users go elsewhere.
It seems like the safest way to use email is to use email operated outside your own country.
It seems like the safest way to use email is to use email operated outside your own country.
I think you're misinterpreting. It doesn't matter where the user is from at all. They are obligated to disclose certain things if they get a request from the Swiss authorities, but it certainly does not only apply to people living in Switzerland.
It simply means that if, lets say the US, govt makes a request, they are not obligated to comply unless they are specifically requested by the Swiss authorities.
It simply means that if, lets say the US, govt makes a request, they are not obligated to comply unless they are specifically requested by the Swiss authorities.
I think the French asked the Swiss to aid them in the investigation. Idk the whole story but I think it was to get some squatting climate activists (you know, super serious crimes…).
The linked post by Proton suggests VPN and Tor usage for better anonymity.
The linked post by Proton suggests VPN and Tor usage for better anonymity.
I don't believe the person involved was Swiss. My understanding is that a request was made to the Swiss authorities by the French authorities.
So, to avoid this, a user would need to not be accused of a crime in a country that is on speaking terms with Switzerland.
So, to avoid this, a user would need to not be accused of a crime in a country that is on speaking terms with Switzerland.
which is basically all of the EU and surrounding countries.
this has been the case for a very long time. (more then 80 years in the benelux for example).
this has been the case for a very long time. (more then 80 years in the benelux for example).
if you think your email provider is immune to search warrants, thats your first mistake... how about dont use email to conduct your illegal business?
Are we now calling climate activism "illegal business"?
Certain behaviors (such as occupy other people's property) do not suddenly become legal/ethical just because you have a climate activism agenda in your head.
Most social change over the years has happened because of activist action which was considered 'illehal' at the time. Civil rights, workers rights, voting emancipation etc etc. Legal and ethical are not necessarily the same thing.
Keep in mind that illegal does not mean unethical, and vice versa. Parent comment is just stating what it was.
Journalists, whistleblowers, and teachers in certain countries are performing "illegal business".
Don't conflate "illegal" with "wrong".
Obviously there is a lot of overlap, but the reality is that civil disobedience is often the only way to force changes in unjust laws, history (even incredibly recently) has proven that time and time again.
Obviously there is a lot of overlap, but the reality is that civil disobedience is often the only way to force changes in unjust laws, history (even incredibly recently) has proven that time and time again.
[deleted]
I still do not understand what is point of ProtonMail: they are same as others. Google, MS or Apple will not sent your data to gov without court order. ProtonMail is the same.
And I bet that these big corporations have better security.
Please advise…
And I bet that these big corporations have better security.
Please advise…
ProtonMail messages can be end-to-end encrypted and they aren't scanned for serving ads to you. ProtonMail might be the same with regards to metadata, but they offer an onion site to mitigate that risk to a certain extent.
I'm sure Google and MS have a lot more data to give in an information request than ProtonMail. According to what ProtonMail has posted, they only turned over an IP address. Google and MS would probably have your account name, contents of your emails, login session times, all recorded IP addresses you've logged in from, all recorded devices you've logged in from, etc. I'm not sure about Apple though.
Google literally log every thing you do[1]
[1] https://www.wired.co.uk/article/how-to-delete-google-search-...
[1] https://www.wired.co.uk/article/how-to-delete-google-search-...
The "data" in this case was the user's IP address and time they logged in.
Other providers might be able to be compelled to provide much more explicit data such as email content or the user's identity.
Other providers might be able to be compelled to provide much more explicit data such as email content or the user's identity.
ProtonMail to ProtonMail emails are e2ee. Emails sent outside of ProtonMail ecosystem can still be secured with a password with a link to the email hosted at ProtonMail. ProtonMail uses zero-access encryption, which means it is technically impossible for them to decrypt user messages. When you sign up with Google you have to give them a phone number and other details which ProtonMail don’t require.
In relation to GMail specifically see[1]
[1] https://protonmail.com/blog/protonmail-vs-gmail-security/
In relation to GMail specifically see[1]
[1] https://protonmail.com/blog/protonmail-vs-gmail-security/
> ProtonMail to ProtonMail emails are e2ee. Emails sent outside of ProtonMail ecosystem can still be secured with a password with a link to the email hosted at ProtonMail.
You can also encrypt emails with PGP with someone's public key from within ProtonMail, in this scenario you don't need to send them a password or a link. They do however have to have you in their address book with public key attached.
You can also encrypt emails with PGP with someone's public key from within ProtonMail, in this scenario you don't need to send them a password or a link. They do however have to have you in their address book with public key attached.
Proton to Proton might be E2EE. Proton to any other service is almost certainly not. I'd suggest that their marketing is not exactly transparent. Their 'zero-access encryption' only applies to mailboxes stored in their environment.
It's nice that they offer hosted secure mail, like those on offer from enterprise tools (Proofpoint, Mimecast etc.), but it's not really E2EE email. Signing up to Protonmail may not require a mobile number, but a recovery email (PII) must added and linked the account.
Here is an example of a Protonmail to Gmail message (potential PII removed):
Email, no matter what you do to try and make it secure, is an inherently insecure protocol, that has been mangled beyond what it was intended for. I'm not suggesting that we shouldn't try to make it better, but that it might just be closing the proverbial stable doors.
It's nice that they offer hosted secure mail, like those on offer from enterprise tools (Proofpoint, Mimecast etc.), but it's not really E2EE email. Signing up to Protonmail may not require a mobile number, but a recovery email (PII) must added and linked the account.
Here is an example of a Protonmail to Gmail message (potential PII removed):
Delivered-To: [email protected]
Received: by xxxxx with SMTP id {...};
Mon, 6 Sep 2021 00:00:00 -0000
X-Google-Smtp-Source: {...}
X-Received: by xxxxx with SMTP id {xxx}.50.{xxx};
Mon, 6 Sep 2021 00:00:00 -0000
ARC-Seal: i=1; a=rsa-sha256; t={...}; cv=none;
d=google.com; s=arc-20160816;
b={...}
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-{...};
h=mime-version:message-id:subject:reply-to:from:to:dkim-signature
:date;
{...}
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=protonmail header.b={...};
spf=pass (google.com: domain of [email protected] designates {...} as permitted sender) [email protected];
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Return-Path: <[email protected]>
Received: from mail-{...}.protonmail.ch (mail-{...}.protonmail.ch. [{...}])
by mx.google.com with ESMTPS id {...}.{...}
for <[email protected]>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 6 Sep 2021 00:00:00 -0000
Received-SPF: pass (google.com: domain of [email protected] designates {...} as permitted sender) client-ip={...};
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=protonmail header.b=WRR3qgpc;
spf=pass (google.com: domain of [email protected] designates {...} as permitted sender) [email protected];
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Date: Mon, 6 Sep 2021 00:00:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t={xxx}; bh={...}; h=Date:To:From:Reply-To:Subject:From; b={...}
To: "[email protected]" <[email protected]>
From: {...} <[email protected]>
Reply-To: {...} <[email protected]>
Subject: Testing proton mail "encryption".
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="THE_BOUNDARY"
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE shortcircuit=no autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch
--THE_BOUNDARY
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
--THE_BOUNDARY
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
--THE_BOUNDARY--
Nothing special, certainly no E2EE encryption (to be fair, the welcome email explains this is Protonmail <-> Protonmail only) and STARTTLS, so it may be opportunistic encryption for the transmission. Not sure what benefit the Base64 encrypted body has as it's more bytes that the unencrypted message. Of course, encrypting with PGP and sending over Tor helps with anonymity, but it still relies on the recipient keeping everything secure their end.Email, no matter what you do to try and make it secure, is an inherently insecure protocol, that has been mangled beyond what it was intended for. I'm not suggesting that we shouldn't try to make it better, but that it might just be closing the proverbial stable doors.
> Proton to Proton might be E2EE. Proton to any other service is almost certainly not.
There is nothing stopping you from importing a public key into your contact in your address book, when you do that and send an email it will have a green closed lock. It supports fetching the key via WKD as well.
The lock icon indicates if it is encrypted https://protonmail.com/support/knowledge-base/encryption-loc...
There is nothing stopping you from importing a public key into your contact in your address book, when you do that and send an email it will have a green closed lock. It supports fetching the key via WKD as well.
The lock icon indicates if it is encrypted https://protonmail.com/support/knowledge-base/encryption-loc...
That can be done with Thunderbird/Enigmail and with GPGTool in mail.app. If the key is on a public server, then decryption can be done by anyone. The point is that Proton is categorically not E2EE sending to 3rd parties. It can’t be because email doesn’t work like that. PGP is a bandaid. If you want to send email securely, don’t use email!
> The point is that Proton is categorically not E2EE sending to 3rd parties
Who said it was?
Who said it was?
The comment must have been deleted.
[deleted]
As always, the root problem is abuse of citizens and the law perpetrated by the government. Using terror laws to go after a climate activist is peak authoritarian for western democracies so far. Our climate is failing and instead of listening to those speaking up they jail them.
noncompliant(1)
It’s hard for me to even find info about what the group did but this sure doesn’t look like terror.
https://www.flickr.com/photos/dprezat/50386413932
https://www.flickr.com/photos/dprezat/50386413932
> Using terror laws to go after a climate activist is peak authoritarian for western democracies so far.
It wasn't too long ago that Eco-terrorism was a thing that resulted in people's homes being burned down. I have a family member who got injured as a result of somebody digging holes in a fairly remote grass air strip. I'm sure somebody would describe the guy with a post hole digger as a heroic "climate activist". This situation doesn't appear to be that, but that might provide a little good faith context for why law enforcement would be interested in going after the likes of ELF.
It wasn't too long ago that Eco-terrorism was a thing that resulted in people's homes being burned down. I have a family member who got injured as a result of somebody digging holes in a fairly remote grass air strip. I'm sure somebody would describe the guy with a post hole digger as a heroic "climate activist". This situation doesn't appear to be that, but that might provide a little good faith context for why law enforcement would be interested in going after the likes of ELF.
> We are also deeply concerned about this case and deplore that the legal tools for serious crimes are being used in this way.
Good PR job! Instead of saying "okay we remove "by default" from our marketing materials because yeah if LE ask us to start logging, we gladly do whatever the case against someone is, i.e. jaywalking", they simply post a fake outrage in hope to minimize people leaving them. Well, I wasn't to, but now after this blog, I am moving away my 8 domains on platinum account. I mean seriously Google Suite is $6 per month, so why the heck should I need this fancy email hosting in the middle of Switzerland mountain BS, if at the end of the day they will comply with everything LE will throw at them, and then some. Seriously at this point it looks like Google legal arm is better at trying to fight subpoenas against you and force LE to show serious crimes, than Proton is.
Good PR job! Instead of saying "okay we remove "by default" from our marketing materials because yeah if LE ask us to start logging, we gladly do whatever the case against someone is, i.e. jaywalking", they simply post a fake outrage in hope to minimize people leaving them. Well, I wasn't to, but now after this blog, I am moving away my 8 domains on platinum account. I mean seriously Google Suite is $6 per month, so why the heck should I need this fancy email hosting in the middle of Switzerland mountain BS, if at the end of the day they will comply with everything LE will throw at them, and then some. Seriously at this point it looks like Google legal arm is better at trying to fight subpoenas against you and force LE to show serious crimes, than Proton is.
[deleted]
Climate activist arrested after ProtonMail provided his IP address - https://news.ycombinator.com/item?id=28427259 - Sept 2021 (552 comments)
ProtonMail logged IP address of French activist after order by Swiss authorities - https://news.ycombinator.com/item?id=28433131 - Sept 2021 (139 comments)