TBH in 2021 people engaging in potentially dangerous activities should be literate enough to understand, that no business will guarantee them full security and decline all requests from authorities to disclose their identity. The wording you suggest is equivalent of „do not dry your cat in microwave“ instruction - a legal protection from dumb customers, that does not contribute meaningfully to safety.
For the non-Swiss customers working with a Swiss provider can be a good enough protection to avoid inconvenience of Tor. After all, even in the mentioned case it required review and approval of 3 agencies before request came to Proton - from French police, from Europol, and then from Swiss authorities. If this is not enough barriers to protect from politically motivated prosecutions and corruption, then we have much bigger problem in Europe.
The problem is that engaging in "potentially dangerous activities" includes such a wide range of people. Think about a journalist in Afghanistan, a whisteblower in the USA, or a human rights activist in China. They're all engaging in potentially dangerous activities. Are they "dumb" because they don't understand all the ins and outs of surveillance? How about some empathy for them as users?
The proposed statement above is intended to help people like that.
Do I have such activities? Nope. But I believe that those activities should be enabled, whether for me in the future or others around the world.
I advocate on behalf such "dumb" people by supporting simple services like Protonmail with my money. If Protonmail isn't supporting these users, why should I bother supporting Protonmail?
Also ProtonMail's only reason for being is that they are supposed to provide some higher level of privacy. If they don't, how are they any different than a commodity grade SMTP/IMAP provider? I will withhold judgement until I know more about the case but the early context does not look good for ProtonMail's value proposition, which is the least of things.
Is it though? I don't know much about this company but their main selling point seems to be end to end encryption for mail messages. That's not a "privacy" feature by itself. Now it is a tool that you can use it to gain more privacy, but you could also have people who use it to cc all their emails to their entire facebook list. So it seems it all depends on how you use it and what type of privacy you try to achieve.
End to end encryption is a privacy feature by itself.
The example of using an email service to send a mass email to a dislist is irrelevant to the possibility that it would also be able to preserve privacy in other communications. You could send an email directly to the local police chief if you wanted but that does not preclude wanting privacy elsewhere.
I think you are confusing privacy with security, which is a common mistake, not your fault -- end-to-end encryption is what secures the messages, by itself it does not ensure that the messages get to the right place or that the encryption keys are belonging to the right people. It needs to be used in combination with other methods and techniques. Explicit features that are in the domain of "privacy" would be ensuring messages are deleted on a regular basis, or some kind of key cycling, or an anonymizing service like tor, etc.
To use your example of emailing the police chief: let's say your threat profile is that you're being stalked by a criminal, and you want to email the police to give them information on this crime, but you don't want the criminal to know. If the criminal breaks into your email, or if your house is broken into and a hidden camera is placed behind your computer, it makes little difference whether you have end-to-end encryption or not, your privacy is still violated. Does that explain it better? Maybe Proton could have some better messaging around this, if their customers are getting privacy and security confused?
I think you're using a definition of end-to-end encryption that's too narrow, same with privacy. E2E schemes try to ensure that your messages can only be read by their intended recipient. That's undeniably a privacy feature, since having private messages read by a third party (without consent) would be a privacy violation.
Security and privacy are intertwined, imagine your server getting hacked (security problem) leading to your private documents being exposed on the internet (privacy violation).
I understand they are billed that way but in practice I don't believe they fulfill that goal, as the job of making the messages unreadable is mostly already done by transport security (SMTP TLS). Sure it can protect against some things if the mail server is the target, but as we see here, there is still a large amount of identifying metadata that they (unavoidably) have on you. The goal with "privacy" is to ensure that your communications are undetectable and unidentifiable, and I would hardly call it that if it's still regularly going through a well-known mail server attached to a highly identifiable account. And of course it depends on how much you actually use the E2E encryption which is technically optional, for example if you send/receive a lot of mail from gmail users that aren't using S/MIME, which still seems to be the case for a lot, then it won't be enabled and your messages are still vulnerable in a server hack.
* Think about a journalist in Afghanistan, a whistleblower in the USA, or a human rights activist in China*
The former's safe because no one's going to deliver IPs to Afghanistan and the latter are doomed, because the US and China are following a policy of total surveillance. That ship has sailed decades ago.
I wouldn't be surprised if they or anyone else in the future deliver users IPs to the Taliban government specially with they get recognition from more nations.
You do not have to understand all aspects of privacy to realize that governments may have sufficient resources to track your identity and to put enough pressure on businesses to provide information they need.
At the same time, Tor is not the only, the required and the sufficient way to ensure privacy. There are different circumstances requiring different approaches. In many cases Tor will be redundant, in some cases it may be impossible to use, will offer insufficient protection or will actually put the person in an immediate danger, so giving this kind of advice is at least equally harmful as not having full disclosure on logs.
> Are they "dumb" because they don't understand all the ins and outs of surveillance?
US military personell and from other nations is posting on TikTok. At least those probably don't work in reconnaissance.
They aren't stupid and this isn't a technical problem, it is a legislative problem. Real security has been undermined since the early 2000 and before. Western powers just ape China or Russia at this point.
That the Swiss people gave authorities these surveillance capabilities is pretty stupid though. Alpine air must have been pretty thin that day.
A corporation is a power centralization, and government authority can lean on power centralization.
In general, regardless of what their TOS say, never believe that a corporation can't be compelled by the law to do anything they could physically do. CEOs can be jailed; when's the last time we heard of one actually going to jail over user privacy?
> CEOs can be jailed; when's the last time we heard of one actually going to jail over user privacy?
Ladar Levison from Lavabit came close. But even he admits that was because the FBI wanted to subvert every single Lavabit user's account (attempting vast overreach on the brazen assumption that "we are after Snowden" was going to pull the wool over everybody's eyes). Levison admits though, to having "responded to" at least two dozen subpoenas and complied with at least one warrant before.
The CEO of the phone company qwest claims that the insider trading charges he got prison for was only brought to court because he refused to allow the installation of NSA surveillance equipment.
The point being made agrees with you, and is just saying that since protonmail can't help but obey sometimes, they should make the effort to educate their customers about that fact and whatever their customers can personally do to mitigate the risks of that fact.
A customer that specifically chooses Proton for privacy, must read and agree to privacy policy, which explicitly states, that Proton may in fact keep temporary IP logs and that user may opt in for login IP logs. Requests from authorities may ask for this kind of information and Proton will have to provide it.
The „opt-in“ part for login logs is particularly interesting, because in fact Proton recommends this as a security best practice. Whether it’s in the best interest of the customer or not, it’s an open question. I would say, in a risk model, where threat of human rights violation by Swiss government is much lower than risks of unauthorized party accessing the account, it makes sense. Tough luck for the criminals that followed this advice.
3 days ago i did this very thing. when the oppressive govt banned internet, i had to talk to someone outside india and then i dictated them some text. reddit keeps ip logs for 100 days so i had a dormant account for over a year. i asked the guy to log in, type that message and post.
that way the govt can demand from reddit that account ip but since the only ip available is from outside india, they cant do shit.
i was ready to dictate base64 image character by character but the internet blockade remained for only 2 days so yeah. there are plenty of ways
ah yes. unless they are actively listening in am i not safe enough as compared to DPI censorship and network analyzers mandated by the said oppressive government?
> In 499 BC, he shaved the head of his most trusted slave, tattooed a message on his head, and then waited for his hair to grow back. The slave was then sent to Aristagoras, who was instructed to shave the slave's head again and read the message, which told him to revolt against the Persians.
Since this was a trusted slave, the tattoo seems unnecessary. The slave could just tell Aristagoras "Histiaeus says to revolt against the Persians".
There was enough trust that the slave did not desert and that they were taking the message to the destination.
There was not enough trust that the slave would actually know the CONTENT of the message. As such the slave wouldn't even know to where to desert to :)
Do as terrorists and generals do.just use one mail account, never send mail, use the draft feature, and start everything as a discussion about an elaborate real world spy/crime novel.
> . I know that when an individual uses an electronic device to communicate withothers in order to commit a crime, the individual’s electronic device will generallyserve both as an instrumentality for committing the crime, and also as a storagemedium for evidence of the crime. The electronic devices are an instrumentalityof the crime because it is used as a means of committing the criminal offense.The electronic devices are also likely to be a storage medium for evidence ofcrime. From my training and experience, I believe that an electronic device usedto commit a crime of this type may contain: data that is evidence of how theelectronic device was used; data that was sent or received; and other records thatindicate the nature of the offense.
If the tech. companies involved have monetized surveillance, and no I am not talking about the kind they do for advertising, but instead the $ for data on users/portal, all that jazz, fees for LE levels of access, cost for responses, etc the LE are also the customers too then?
I'm fine with Proton treating my data as a liability. Give me the tools to take away that liability by only sending them noise through an anonymous email address. I will pay for that.
Sure, the wording istingray suggested is a bit over the top. But the existing wording "By default, we do not keep any IP logs" is misleading. Why even say it? They should simply delete it.
I'd read that as "by default we don't keep logs, so we can't be compelled to provide IPs for sessions in the past. We can still be compelled to provide that information for current/future connections."
It is in contrast to the immediately following paragraph, which discusses a user-controllable setting that does cause ip logs to be retained permanently.
In the twitter screenshot linked to in this post, there is a discussion of the authentication logging feature in the immediately following paragraph (the screenshot discussing IP logging).
My first reading of "by default" here is that I can optionally enable it through my account.
Really, it's a phrase that means 3 things: I can enable it, ProtonMail can enable it[0], or the authorities can compel ProtonMail to enable it.
Saying any of that, or at least linking to a page that does, would be a smart move.
[0] https://protonmail.com/privacy-policy - "IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions"
> If this is not enough barriers to protect from politically motivated prosecutions and corruption, then we have much bigger problem in Europe.
Well, in this case isn't it clear that these barriers were in fact not enough? Or do you think anti-squatting is a major enough problem that it warranted this level of international cooperation, without any politically motivated thinking?
Looks like your run of the mill radical left occupation of housing (the stuff you see in big European cities like Berlin and Paris where they have that tradition).
Their bouts with law enforcement trying to evict them could be the reason for the arrests. If the google translate is not completely misleading then they refused to give their names or fingerprints when initially arrested.
For the non-Swiss customers working with a Swiss provider can be a good enough protection to avoid inconvenience of Tor. After all, even in the mentioned case it required review and approval of 3 agencies before request came to Proton - from French police, from Europol, and then from Swiss authorities. If this is not enough barriers to protect from politically motivated prosecutions and corruption, then we have much bigger problem in Europe.