So Proton should refuse to comply with the law and have to close their entire business?
Comment on ProtonMail Logged IP Address of French Activist; Should You Be Worried About Your Privacy?
Dojan@pawb.social 22 hours ago- Authoritarian regime decides that being critical of the regime is illegal and makes laws to support this.
- Activists use Proton for privacy.
- Regime demands that they give up data on activists.
- Proton complies with the laws.
That’s the issue.
Ulrich@feddit.org 20 hours ago
mjr@infosec.pub 20 hours ago
I don’t know about ‘should’ but wasn’t that the impression their marketing tried to give? Or at least that they would fight to defend user privacy for noble activists? But when challenged, its owners seem to have folded quicker than a strapotin.
Ulrich@feddit.org 20 hours ago
No. Nothing in their marketing says they’ll refuse to comply with lawful orders.
mjr@infosec.pub 19 hours ago
Nothing in their marketing says they’ll refuse to comply with lawful orders.
Maybe not now, but it used to say ‘your privacy comes first’ which certainly gave the impression privacy would be more important than blindly believing and obeying courts.
Thanks for the link to their report.
EncryptKeeper@lemmy.world 19 hours ago
No. The impression their marketing gave was that they followed Swiss law.
lauha@lemmy.world 20 hours ago
Legal entity that doesn’t comply with the law is simply not possible. If you think otherwise, you’re being really naive
mjr@infosec.pub 20 hours ago
And yet, legal entities are often found guilty of not complying with the law. I think people were expecting Proton to at least try to fight a morally-questionable court order.
ook@discuss.tchncs.de 22 hours ago
What data? Here it is the IP address and only under order by authorities.
I feel ever since the social media shitstorm people love to pile on Proton for anything. They never said they won’t comply with law enforcment, did they?
Dojan@pawb.social 22 hours ago
Whatever they gather. It says as much in the article; they started recording IPs once a request by the Swiss government came through.
That’s based on the currently available laws. So if a law gets drafted that says “if we suspect someone to be complicit in criminal activity we want you to gather more data” we should just be fine with that because the authorities say so? Because the authorities are always infallible and incorruptible, right?
The details of this individual case isn’t the problem, it’s the precedent it sets that is. When Mullvad got raided for their logs there was nothing recovered because they don’t store anything. Proton stores things based on if the authorities ask them to, and when they find out that it wasn’t a terrorist or child-trafficker they go “woops we had no idea the account belonged to a climate activist.”
The authorities aren’t infallible. Some years back here in Sweden we had police raid, physically abuse, and kidnap a guy they suspected was a pedophile because he’d sent images of him and his 30 year old boyfriend having sex via Yahoo Mail. There’s no reality where this man should’ve been fucking beaten up and traumatised the way he was, but it happened, and there was no recourse for him. Nowhere down the chain of responsibility did anyone get reprimanded or investigated for misconduct.
Complying with the law is such a bullshit fucking excuse.
Wildmimic@anarchist.nexus 21 hours ago
ProtonMail does not log things by default, but they can still be court ordered to do so by swiss authorities - if you want to run any business at all, you have to submit to a jurisdiction, you can only choose which one to run under. And even if your chosen authority is alright by itself, it can still be misled by other jurisdictions like the French did, using the terror-cudgel against climate activists.
I can also recall that in this case Proton said that had their user actually bothered to use any VPN, even Proton’s, there wouldn’t have been anything to give to authorities except for an exit node IP.
Dojan@pawb.social 21 hours ago
“She shouldn’t have dressed that way.”
Proton could do better.
_cryptagion@anarchist.nexus 21 hours ago
Yeah, they should just go to prison for someone they don’t know and had nothing to do with, that’s the only answer we should be ok with!
Do you hear how stupid that sounds?
Dojan@pawb.social 21 hours ago
Right, because corporations are widely known for going to prison when they break the law. Where exactly did they imprison Facebook for interfering in elections? Running illegal experiments on people? Pirating books and pornography? Surveilling children and selling their data?
Look at Mullvad. They’ve denied access to their data multiple times, they got raided, and nothing of use was recoverable. That’s what respect for privacy looks like. Proton could set their infrastructure up in this fashion, but instead they’ve chosen to just hand out user data freely.
Ulrich@feddit.org 20 hours ago
Mullvad is not a mail provider…?
Dojan@pawb.social 20 hours ago
They both have no-log policies. One is “we never log” and the other is “we log sometimes” do you see the difference?