They complied with laws. Where is the issue?
Comment on ProtonMail Logged IP Address of French Activist; Should You Be Worried About Your Privacy?
unexposedhazard@discuss.tchncs.de 6 days ago
Oh ffs. We have known for years that Proton is just a for profit company like any other. They dont give a fuck about you or your privacy. They never have and they never will.
TuxEnthusiast@sopuli.xyz 6 days ago
Dojan@pawb.social 6 days ago
- Authoritarian regime decides that being critical of the regime is illegal and makes laws to support this.
- Activists use Proton for privacy.
- Regime demands that they give up data on activists.
- Proton complies with the laws.
That’s the issue.
ook@discuss.tchncs.de 6 days ago
What data? Here it is the IP address and only under order by authorities.
I feel ever since the social media shitstorm people love to pile on Proton for anything. They never said they won’t comply with law enforcment, did they?
Dojan@pawb.social 6 days ago
What data? Here it is the IP address and only under order by authorities.
Whatever they gather. It says as much in the article; they started recording IPs once a request by the Swiss government came through.
ProtonMail can’t directly share data with foreign governments. In fact, doing so is illegal under Article 271 of the Swiss Criminal code. The police gained access to the IP address because Swiss authorities chose to cooperate with the French government. ProtonMail also points out how Swiss authorities will only approve requests that meet Swiss legal standards.
Under Swiss law, ProtonMail should notify the user if a third party makes a request for their private data and if the data is for a criminal proceeding. However, there’s a big catch/ loophole here. On its law enforcement page, ProtonMail highlights that the notification can be delayed in the following cases:
That’s based on the currently available laws. So if a law gets drafted that says “if we suspect someone to be complicit in criminal activity we want you to gather more data” we should just be fine with that because the authorities say so? Because the authorities are always infallible and incorruptible, right?
The details of this individual case isn’t the problem, it’s the precedent it sets that is. When Mullvad got raided for their logs there was nothing recovered because they don’t store anything. Proton stores things based on if the authorities ask them to, and when they find out that it wasn’t a terrorist or child-trafficker they go “woops we had no idea the account belonged to a climate activist.”
The authorities aren’t infallible. Some years back here in Sweden we had police raid, physically abuse, and kidnap a guy they suspected was a pedophile because he’d sent images of him and his 30 year old boyfriend having sex via Yahoo Mail. There’s no reality where this man should’ve been fucking beaten up and traumatised the way he was, but it happened, and there was no recourse for him. Nowhere down the chain of responsibility did anyone get reprimanded or investigated for misconduct.
Complying with the law is such a bullshit fucking excuse.
Ulrich@feddit.org 6 days ago
So Proton should refuse to comply with the law and have to close their entire business?
mjr@infosec.pub 6 days ago
I don’t know about ‘should’ but wasn’t that the impression their marketing tried to give? Or at least that they would fight to defend user privacy for noble activists? But when challenged, its owners seem to have folded quicker than a strapotin.
lauha@lemmy.world 6 days ago
Legal entity that doesn’t comply with the law is simply not possible. If you think otherwise, you’re being really naive
mjr@infosec.pub 6 days ago
And yet, legal entities are often found guilty of not complying with the law. I think people were expecting Proton to at least try to fight a morally-questionable court order.
mjr@infosec.pub 6 days ago
They said things that led the unwary to trust they wouldn’t. Remember, this isn’t some terrorist mass-murderer they handed over, but apparently an anti-gentrification youth activist linked to Greta Thunberg’s campaign groups.
_cryptagion@anarchist.nexus 6 days ago
Proton never says they won’t comply with orders from the Swiss government. You won’t find that claim anywhere on their website, any more than you’ll find it on Tuta’s website.
rozodru@pie.andmc.ca 6 days ago
it’s always disappointing when people all about FOSS and shit suggest Proton to people looking to switch from google. no, don’t do that. use Tuta or self host or ANYTHING other than Proton. it’s such a shit company that does not deserve the praise they receive.
_cryptagion@anarchist.nexus 6 days ago
So Tuta would refuse a legal order from the Swiss government?
ook@discuss.tchncs.de 6 days ago
Probably yes since they don’t operate out of Switzerland. Sorry, couldn’t resist! But they would probably comply with a German legal order.
Ulrich@feddit.org 6 days ago
they would probably comply with a German legal order
So…why is Tuta better again?
_cryptagion@anarchist.nexus 6 days ago
Yup, I noticed that and edited about five seconds before you replied lol
rozodru@pie.andmc.ca 6 days ago
[deleted]Feyd@programming.dev 6 days ago
You recognize that it is absurd to complain about recommendations and then recommend something you know nothing about and refuse to stand behind, right?
_cryptagion@anarchist.nexus 6 days ago
The answer is no. They would not refuse a legal order from their own government. And it’s ridiculous people think that.
mjr@infosec.pub 6 days ago
Tuta are also a for-profit company, aren’t they? Just one that currently has better published positions than most. Use them, but make sure you keep a path to the exit door in view.
Goodlucksil@lemmy.dbzer0.com 6 days ago
Please tell me a mail client that doesn’t comply with national laws.
unexposedhazard@discuss.tchncs.de 6 days ago
I never said anything about complying with laws, people just interpreted it that way. Of course everyone will comply with local laws or secret government orders that come with threats of imprisonment. I dont know if Proton was required to log this data in the first place, but if they were then this specific situations is not their fault.
The issue with Proton isnt that they follow laws, but that they portray themselves like they are better or more private than others when they are just not. Bigger = worse in the tech world. Whenever too many people are using services of a single company, it becomes an attractive surveillance target.
What im also annoyed about is people being surprised by this and these headlines that make it look like its some sort of betrayal. You should always be worried about your privacy when you put data on a computer that isnt in your physical possession. Proton isnt trustworthy because nobody is trustworthy except yourself.
_cryptagion@anarchist.nexus 6 days ago
For profit or FOSS, they can’t ignore the Swiss government. It’s fucking stupid that people put this ridiculous standard on them like they’re able to just tell the Swiss no and face no consequences.
If you were in their position, you would roll over too, and if you claim otherwise you’re just straight up lying.