Comment on Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency
artyom@piefed.social 6 months ago
The author omitted the complete statement from Reddit:
Hi everyone,
No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.
In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.
Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.
Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.
Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.
The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach.
Classic damage control.
Our team has reviewed these cases individually to determine if any can be restored.
Would they have done this if there wasn’t a public backlash? I would bet money the answer is no.
We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.
What were the TOS violations?
Would they have done this if there wasn’t a public backlash? I would bet money the answer is no.
You can’t really do more than make a random claim here. I could counter it by saying “I would be money the answer is yes. but that’s just as useful a statement.
What were the TOS violations?
If you’re expecting a laundry list of email addresses and each individual violation, you’re not likely to get that from any company.
The review only happen AFTER Phrack publicly complained on Twitter about it and a 150k people saw it, not before.
it's in the reply they copied
Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels
You can blame them for being slow but I don't think you can reasonably assert that they're malicious, which I think is the implication.
The important thing to me is not maliciousness, but reliability under political , social and legal pressure.
All of this is hard to understand, much of what is happening is opaque.
Also this does not apply to all people. Depending on hundreds of variables, one person’s issue is not relevant to another.
I am in a country that can exert legal pressure on them; and so I cannot use their services
There's no legal pressure here. Just a request. A request that it makes sense for them to respond to, for the sake of their own users.
What service do you think isn't subject to legal pressure?
So, if say, Saudi Arabia's CERT tells them to block a list of reporters accounts, they will gladly do it without demanding any evidence?
Or us admin sees reporters on a story, or asks for comment before publishing, they hack their accounts or claim whatever and get them shut down.
Old rules of journalism will not work going forward in all cases. Might need more anonymous authorism with third party asking for comment.
You block then investigate yes.
Just like every other company in existence does it, since the first thing you want to do is stop continued spread/misuse.
I may be wrong here, but does it really make sense when you can’t actually prove the misuse did or did not happen? Say, you suspect phishing, then it’s a matter of inspecting a few next e-mails to/from non-proton users to decide if it’s likely happening. On the other hand, when the account is blocked, proton (as long as the claims about at-rest encryption are true) has no way of verifying the claim, since, as far as I’m aware, a user can’t provide them with what they’ve sent even if they wanted to.
You’re also arrested when suspected of a crime. If it turns out you were innocent, they will let you go.
First response: stop everything to prevent possible malicious/criminal activity. Then investigate to see if it was the right call. If it was, nice. If it wasn’t: “sorry bud, just doing our jobs. Have a nice day.”
Imo this is more akin to a TRO/injunction, you gotta pause it for a second to see if everything checks out before everything goes to shit
How dare you provide context in an online discussion thread!
(/s for the challenged)
bigchunga@feddit.online 6 months ago
Still shows that Proton suspended the accounts because some CERTS told them to. That's not a court order.
artyom@piefed.social 6 months ago
Yeah I mean what's the alternative? Just allowing ALL Proton accounts to continue to be abusive until proven otherwise? How do you think that would impact not only the company but also the users/customers of that company? They were temporarily suspended, and reinstated after investigation.
bigchunga@feddit.online 6 months ago
In the past Proton stated that they only act on claims from legitimate law enforcement with a court order. Now they acted on some organizations request.
If Protons own mechanisms for detecting malicious use trigger, yeah, they should suspend the account and investigate further, but not from a third party that has zero authority.
artyom@piefed.social 6 months ago
They weren't acting based on law, they were acting out interest for themselves and their users. Letting people use Proton accounts for nefarious interests doesn't benefit anyone.
kadup@lemmy.world 6 months ago
Would this sequence of events have happenned if it was an average joe nobody cared about, rather than a public outcry?
artyom@piefed.social 6 months ago
I don't know. But I don't think there's any legitimate reason to rule that out.