Tor too slow? Speed up the ecosystem by setting up your own Tor nodes, Proton.
Welcome to reality.
EDIT: To add to this, this is why ProtonMail recommends using a TOR node to protect your address.
I for one am now only using Protonmail through Tor. Recommend Brave users enable "Automatically redirect .onion sites". If a site has an onion service, it will automatically redirect in case you forget.
I think their advertising copy about not logging IP addresses was poorly done, but their service is private enough for me. It probably doesn’t much matter or make much difference, but I feel OK with using their service, and tweaking my account settings for Google and Apple to the minimum amount of data retention.
I feel that people who let corporations easily have all of their data put themselves at a disadvantage when it comes to any interaction between yourself and any large company (insurance, retail, etc.). Governments will always have our private information so the real purpose of privacy is economic value.
Imagine playing poker with your friends and you had to have your cards face up on the table and they could keep their cards hidden from you. In this example, your friends are corporations.
EDIT: Carissa Véliz, author of Privacy is Power, was interviewed recently on the ProtonMail blog, and I think the interview does a good job of summarizing her excellent book: https://protonmail.com/blog/carissa-veliz-data-privacy/
Everyone just needs to make their own decisions on privacy. I feel fairly comfortable with my practices. For me, it is the economic motivation of wanting to reduce the advantage companies I deal with have over me that convinced me to take extra precautions.
If they route all email over vpn, do they have to disclose the enduser's ip ? If so, how do they avoid that with standalone vpn ?
It has proven multiple times that privacy and security are not something they really care about.
I wonder what else should happen for everyone to completely lose trust in this scam.
Better rabble on HN for a few hundred comments, this is outrageous.
All email is shit. Nothing is encrypted and many company's simply try to sell you on better productivity (hey.com). Already having my email be encrypted so that the host can't read it is a step forward, in my opinion.
https://en.wikipedia.org/wiki/Crypto_AG
And remember Mark Twain: “History Doesn't Repeat Itself, but It Often Rhymes”
After a dude gets arrested, they’re like: oh, we were talking about advertisers! Who did you think?
What a trash team.
Proton mail ==
Are they legally allowed to force someone to implement nonexistent functionality?
I don't use PM, but it seems their product is end to end email encryption, not complete web anonymity. Maybe those wanting to add anonymity should access it via tor (if PM allows it).
Saying "omg they arrested a climate activist" is like saying "omg, they arrested filesystem developer Hans Reiser!"
But is the actual crime any better, though?
If squatting and resisting arrest were the crimes, then I don’t see what justification there could be for wanting to probe into his emails.
They already know the extent of what he did, and where he did it, by nature of the crimes themselves… no?
So, yes, a crime, but comparing it to Hans Reiser seems a bit over the top.
The political one is that if Switzerland in the future will create an international request countries could rebuff that in lieu of this very event. And to be honest I am not sure if they can refuse such requests after the recent referendum about abiding the EU constitution.
The self-interest one is that those activists are/were prone to vandalizing banks which are a cornerstone of Swiss economy to this day (in smaller measure compared to the past since they now can pass information of account holders to other countries). Anyway, banks are still a big deal in the Swiss mentality and giving a literal "out of jail card" to someone that targets banks would set a bad precedent in Swiss public opinion.
EDIT: They actually clarify this in their statement[0], the crime must be valid under Swiss law.
So how long have ProtonMail kept this massive lie from its users then?
> Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding.
But the timeline is unclear to me. If they notified you via e-mail, and then immediately turned on IP logging. So... you'd go and check your e-mail, learn about the third-party request, but by then it's too late as your IP address has already been logged?
If someone is so sensitive about leaking their IP address and they access some service with their real IP and relying on a service's promise to not log it they already are not very careful to begin with.
Not sure what swiss law is like, but I can imagine they might not be allowed to notify the user?
Worst-case they are not allowed to do this while the investigation is ongoing. As such, it will not happen this way.
It is naive to imagine companies that have an address and take payments can ignore judicial decisions.
Yes there's a point about fighting decisions, but as people say "we live in a society".
> under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account.
So I assume normally IP addresses aren't logged. But they can enable IP address logging for specific accounts when ordered to do so.
There is very little practical difference in the protection that gives users, but seemingly the privacy policy was technically correct.
IMO a breach of trust would be actually logging IPs by default and before a legal request is made.
>The firm's privacy policy, which was updated yesterday, now says: "If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation."
That makes it sound like they normally do not / did not log the IP, but then got orders from the police the log these particular IPs.
I was even considering switching to them...
their users were too fanatical over "Swiss laws" to pay attention, going as far to demand proof when observers were merely pointing out the fundamental flaw in the Protonmail concept and incongruent advertising
well, now there is proof
I haven't more on the subject, but I can certainly imagine that they started an investigation only in the days afterwards, when doctors had established reports and cooler heads prevailed.
Look at it from the perspective of the state / society. What's the alternative? Arrest everyone you find in the house, every time when you think you may press charges, and hold them indefinitely until you sort things out?
The article stated that he refused to give ID / fingerprints at the time (which is his right, as he was not charged). Clearly he no longer has a house; you just kicked him out. What do you do? How do you find him?
So they asked for an international warrant for his IP (not the contents) so that they could find him, which was approved by a disinterested third party. The warrant was executed, and now he will answer in a court of law, where he can argue his innocence while the onus is on the state to prove the contrary.
Contrast that with the alternative approach "in the heat of things" (arresting everyone, retrebutive escalating violence) and I think it's pretty amazing that our society works this way, and how much effort is spent to safeguard both justice and individual liberties. Hell, in the US, 25% of homicide-by-police is happen as the result of traffic stops that turned sour.
As far as I understand according to several comments I read here in HN "99%" of the people don't understand what "by default" means, making the sentence misleading for most.
Throwing in a word like default changes the entire meaning.
Instead of we don't log anything*
* we log only when requested
They should say your ip can be logged.
It's like saying in big headline.
No meat burgers *
* meat means carots
And my point was not to equate assault and murder. Just to say that we were having the wrong discussion.
https://paris-luttes.info/communique-sur-l-affaire-de-la-145...
You probably should have picked a different account than mine to try this particular line with.
...I have no way of verifying it then I don't believe them. Worked pretty good so far.
This can't possibly be true since one can't verify everything. If one truly lived this then they'd be in an endless quest of verifying things. For instance, verifying verifiers.
We are about to enter into an age of hard to detect AI generated articles and research so this isn't philosophical silliness.
Sure, it's a more stable country than many other countries in the world, but not much different from most EU countries for example. And privacy wise there is no difference.
Be also aware of the fact that many companies market themselves as Swiss, but all it means is they have a head office in Switzerland due to tax reasons. In one example, it's a cloud storage company, they say on their marketing page and their about page that they are based in Switzerland and under Swiss law, but if you look at the legal pages the company you sign up with are actually based in Bulgaria. Their servers are based in Texas, USA and Luxemburg, Europe and their development team in Bulgaria.
- No physical security: our offices don't even have locks
- Pro-crime-CEO: our CEO is a known (and future) criminal
- Political: we seriously try to read your email for the cops but we cant :(
- None of that matters because our protocol is open source, blockchain enabled, and it doesn't matter if you trust us at all.
Seems like a joke but you get my point. In God we trust, for everyone else use math.
Best to not have employees if they know the CEO is pro-crime. I mean why not eBay all of the company's equipment on my personal account? Just towing the company line.
Your code better be flawless.
Our terms of service[1] Explicitly state that your data will never leave the location you’ve chosen.
So if you’re still in the market for cloud storage in Zürich, email us. We’ll give you a “screwed by pcloud” discount.
[1] rsync.net/resources/notices/tos.html
> Yeah I also bought a lifetime plan from that cloud storage company few years ago, scammed by the marketing page, only to find out somewhere in the settings page that my data were never in switzerland or even in EU but were physically in US
Anyone want to name names?
It's exactly true, companies incorporate there due to tax laws, even Phillip Morris is there.
So for me, ProtonMail is basically a web email service, a nice web email service to be completely fair, but without perks. I will never call them an "encrypted email" service.
If you've ever been to a really large American city, you'll notice all the logos of the large Swiss banks on big tall shiny office towers. The USA said that if they want to keep doing that, then they have to follow American laws. The Swiss banks decided that running their businesses in America was more profitable than secrecy.
"Follow our laws or get out" is not even remotely controversial.
This sounds like you think this was a bad thing. But a not insignificant amount of swiss bank holdings, and profit, stemmed directly from dormant accounts of holocaust victims, purposely withheld from their heirs under the guise of "privacy"; and from plunder deals with the Nazis.
Just out of curiosity, in this kind of situation what laws actually apply? Wouldn't that be the Bulgarian laws?
"If a European Union user of the Site or Services is located outside of Switzerland, then, for the purposes of any claim or action relating to these Terms, the Privacy Policy, the Site, or any Services, the applicable jurisdiction will be the courts that are located in the territory of residence of such European User. "
We all need to make our own evaluation of the privacy promises of those services and whether they actually provide privacy above and beyond what other companies offer. We shouldn't rely on vague impressions that privacy is strong in company X merely because of their presence in a particular country (and which the company uses heavily for promotion).
[1] https://bestswiss.ch/swissness-gesetzgebung-marke-schweiz
I don't believe it means anything. They form a company in Switzerland, which makes them compliant to the Swiss laws, they rent infrastructure from a provider where these services are most favourable for their business(which in this case could be USA and Luxembourg) and they do their tech dev work in Bulgaria(Which is in EU) because they get the most bang for their buck in this country.
What I see is simply business as usual. Are there even single origin tech companies? Even if everything is Swiss, if you have your app on the Apple App Stor or Google Play, you would be required to comply with US laws. You came up with an interesting encryption? Well, you will be asked to document it as part of you export compliance if you are going to make the app available outside of the US.
I don't see them having offices in Bulgaria. However they have offices in North Macedonia.
https://cloudstorageinfo.org/interview-with-anton-titov-pclo...
We all saw the Wolf of Wallstreet.
So if you're not a swiss citizen, you've got nothing to worry about. The only thing they did different was notify the person they were being investigated and then began tracking. That's the major difference.
It's not like some random company can just skirt all laws globally for the sake of privacy.
Truth is that Email is almost a dead protocol now, anyway. As much as that hurts me to say. It was never able to meet the moment- PGP is complicated and easy to mess up, it's pretty damn hard to host your own Email server and not end up in everyone's SPAM or blocked, and if they person on the other end is using GMail, your shit's being read, analyzed, and archived anyway.
Email is going to be a business-only (as in "companies"/"corporations"/etc) protocol soon.
What makes me sad is how flimsy their entire premise (not necessarily "promise") turned out to be: all it took was some minor rascal in France to hug the wrong tree (so to speak), and ProtonMail is in the open saying they can't even protect the IP address of their customers. From there, all it takes is for somebody to change a law in Switzerland and end-to-end encryption of the messages themselves will only be "by default."
I think there is a market for datacenters in open seas.
For example, this paragraph is important:
> Unlike other providers, we do fight on behalf of our users. Few people know this (it’s in our transparency report), but we actually fought over 700 cases in 2020 alone. Whenever possible, we will fight requests, but it is not always possible.
They can also fight against Swiss authorities, unless they come with a court+gag order.
Anyway, I believe them that the do their best to protect their customers, but it's simply not an option to break the law. And they never promised to do so; in fact, they quite clearly state that they don't.
My quick take: France tells Switzerland who then compels PM to START tracking account holder(s) and prevented PM (by law from what I've read) from telling account holder. Per PM CEO this type of Swiss order could not be disputed with the way PM has disputed other claims.
To me, it's not logging of the IP; it's when did it start and from my reading they started after being compelled to do so over a period of time between compelled to and this coming to light.
To me, strong pushback (for those who feel passionate about it) should be directed to Switzerland for complying with France for what many think is not a high enough bar to compel all this tracking. Maybe they did scrutinize it and maybe they didn't.
Any meta-data saving isn't secure but sharing that after being compelled to track account holders isn't surprising.
There's a line in their agreement that says " If a request is made for encrypted message content that we do not possess the ability to decrypt, the fully encrypted message content may be turned over.".
Maybe I'm missing something in my logic.
And it still holds!!
What it didn't stat is that while _by default_ no such information is logged, but if they are legally compelled to they will log such the neseccary information for the email (account?) they are required to log them for.
Its honestly surprising for me that anyone though that a fully legally (in Swiss)operating service would protect their privacy beyond the point they are allowed to by Swiss law. But luckily for us Swiss law is pretty neat wrt. privacy, at least currently.
"no personal information"...does it still say that? Let me know where, will email them.
This tool is turned against the poor and marginalized and used to eliminate opposition but not for making the system work better as it was supposed to.
In a sense society is being hacked by those in power using surveillance.
I understand that people desire the UX of an e-mail client such as Thunderbird, Mail.app, Gmail or whatever. Nothing wrong with wanting that. But there is currently no good way to send e-mail securely.
Some previous threads worth reading:
Same goes for any of the German mail providers like mailbox.org or posteo.de ("We do not save your IP address when you visit or use our website. [...] To protect your privacy and for security reasons, we also delete any potential IP address entries made by local email programs from the email headers. Emails sent using our webmail interface or using email programs therefore contain neither your local nor your public IP address."). If the authorities can prove that they have a legitimate reason to expect them to log the IP addresses, then they must do it. They are all normal companies which need to abide by the law if they want to conduct business.
Clarifications regarding arrest of climate activist - https://news.ycombinator.com/item?id=28433601 - Sept 2021 (273 comments)
ProtonMail logged IP address of French activist after order by Swiss authorities - https://news.ycombinator.com/item?id=28433131 - Sept 2021 (155 comments)
Climate activist arrested after ProtonMail provided his IP address - https://news.ycombinator.com/item?id=28427259 - Sept 2021 (565 comments)
They market their service to journalists and activists, which are often targetted by their own governments. Seems that they cannot protect any of them.
So really, it's more like 'unless you commit a crime in a country that cooperates with Switzerland and the Swiss legal system decides to hand in a request'
Right, because the police would never persecute someone who didn't commit a crime, is that right?
That was unclear and has now been removed.
The most important thing a serious privacy-minded service provider can do is be forthright and honest with users about the limitations of their privacy guarantees, particularly with respect to what hinges on math and what hinges on trust. ProtonMail has failed in this respect. It has always been the case, for example, that they could log these IPs, or that any incoming plaintext emails can be recorded before being encrypted at rest - and the fact that they're encrypted at rest is another thing we have to take on faith. Their proprietary components have always been a problem, and we also trust that they won't silently add key exfiltration to their webmail UI on the demands of a court. They don't explain any of this, they just pose themselves as experts on privacy and let vulnerable users stumble into law enforcement's hands because they care about their money more than their security.
Good privacy systems do not rely on trust or faith, they rely on math. Where some trust is required, in the case of a commercial service provider, it is their solemn duty to be honest with users and explain to them what promises they can and cannot make, and to make sure users understand which of these claims are backed up by math, which are backed up by law, and which are backed up with thoughts and prayers, so that these users can make informed decisions about how they use a service they're relying on for their personal liberty.
It always ends up being something like, "Well, I could buy a bunch of raspberry PIs with cash and then go to a coffee shop that I never go to and upload the message to a gmail account that I'll only ever use once. Throw the PI away afterwards in a random trash can in town and make sure to wear gloves every time I touch it. Finally use some sort of encryption scheme or something so I can identify myself for repeated correspondences because each time will be with a different one shot email account."
It turns out that this isn't some fanciful paranoia, but is in fact the bare minimum of what I should be doing if something like that ever came up.
If I sign up with protonmail today using a vpn like mullwad, since I'm probably not currently be targeted, I can reasonably be sure that it will be difficult to track things back to me.
However, once I'm targeted and there's a warrant against me, any activity I have on such services is going to be logged going forward.
So, using the service once to receive some data or do something anonymously is reasonably secure... This is very different from services like gmail which will have kept any logs in the past about me and that will always be able to track me without any further logging.
It's imperfect but I think that given the current environment and the current laws, this might be the best we can have.
1) the making of a statement
2) the falsity of the statement
3) an intent to deceive
4) reasonable reliance on the statement by the injured party
5) injury sustained as the result of the reliance
I get a sense to move along, but it still seems interesting. It is, or was, based in Iceland.
https://protonmail.com/blog/protonmail-beta-v1-13-release-no...
I also don't understand why does ProtonMail record the device type - I doubt there is a law requiring this.
- Local law enforcement can force the to do so.
- Locals laws can change.
- Guys with guns might barge in and demand it.
Mostly, you can understand that they don't _intend_ to log IPs, and aren't in the business of collecting and redistributing data. But that doesn't mean you can count on absolute and unconditional secrecy.
Indymedia was widely infiltrated, I think; certainly there were some infiltrators, and they often trolled that Indymedia loggeed IP addresses.
There was a tool we could use to capture addresses; they were captured to memory only, and the tool could only be switched on for a limited time; it usually got switched on for less than an hour - long enough to find and block the addresses of particularly egregious spammers and trolls.
An SMTP server could be run without address logging; but a commercial SMTP server would be damned hard to administer without IP addresses in the logs.
[Edit] Indymedia had two servers seized in the UK; one was the property of Bristol Indymedia, and didn't run Apache. The other was run by Indy UK, and didn't log addresses. There was therefore no fallout from the seizure, except that the cops hung onto it for about 5 years. When we finally got it back, we retired it - we couldn't trust it, and it was by then obsolete kit anyway.
Four words: The Intercept, Secure Drop. A one-way mail (content submission) system that runs exclusively on Tor, and thus can't be supboenated for users' IP address.
While I get your premise due to concerns of law, I think it is entirely feasible - and hinges on execution, marketing ability. We already have IP-hiding technology, whether Tor or Freenet or other such. The concern is "are we good enough yet to make it a sustainable business?"
For sake of example: if a hypothetical competitor to ProtonMail was to offer sign-up and email access only over Tor protocol, it would effectively be safe from police's demands to start logging IPs - thanks to technical measures. The actual difficulty is in the business side: getting enough paying customers to install & enable relevant browser or browser plugin.
Granted, the police could try to force the hypothetical competitor to install malicious JavaScript that would try to gather & leak users' IP address or other identifying information through other means, but that's solvable in the longer run just as well.
- engineer troubleshooting might do so temporarily.
Assume you're an all cash business - can governments require that you take and log every customer's ID?
The idea of having a isolated sovereign floating platform in the ocean doesn't doesn't really solve the problem of escaping the rules of national governments because it still needs network connections into those countries.
Whether it's underseas fiber optic cables or bouncing signals off of satellites, the datacenter will be rendered useless if nations' citizens get a "This site can’t be reached. [...] ERR_CONNECTION_TIMED_OUT"
It addition to the physical network topology challenges, the ip address space allocation is controlled by IANA ... which is a government entity.
Not if Elon succeeds with Starlink:
>>@thesheetztweetz: How does transmitting into a country without a local downlink work on the regulatory side?
>@elonmusk: They can shake their fist at the sky [0]
For context, certain countries like India have quite strict regulation of satellite comms, requiring special permission[1] even to use plain consumer tech like Iridium. I presume EU would also try to tightly regulate consumer satellite comms, just like it requires real (government issued) ID to use cell phones - specifically to register locally purchased SIM cards, again for national security reasons.
[0] https://twitter.com/elonmusk/status/1433123220643717120
[1] https://www.osac.gov/Content/Report/9db45731-1eec-477a-a7af-... >There are multiple instances of authorities confiscating undeclared satellite phones from foreign travelers upon arrival in India. The official notice states: "All foreigners travelling to India are hereby informed that it is illegal to use/carry Thuraya or other such satellite phones in India. Custom authorities in India may seize such phones and legal action may be taken against the passenger concerned."
Does it raise the bar for bothering to do that? Sure. But it’s certainly not absolute protection.
Sealand's HavenCo tried it back in the 2000s. As it turned out, it didn't work well.
https://en.wikipedia.org/wiki/HavenCo
See: Death of a data haven: cypherpunks, WikiLeaks, and the world’s smallest nation https://arstechnica.com/tech-policy/2012/03/sealand-and-have...
There's no doubt in my mind there would be huge demand for such a thing. People hate that the government can spy on anything you do. The chilling effect is exhausting.
That's what the Sealand [1] dudes thought.
Until a bunch of boats showed up loaded with men carrying rifles who simply took over the country.
And when that happens, who/where do you turn to to whine that someone took your thing?
That's what sovereignty means: you're on your effing own. For real this time.
One thing most people tend to forget about governments: they have the monopoly on physical violence.
That's the first, most important and probably only useful thing you pay taxes to your government for: physical security.
If you want to run a DC in open seas:
- buy a bunch of gunboats
- hire a small army to provide physical security
- try and not piss off any of the real countries lest they be the one showing up with many more gunboats than you may muster and take over the "open sea DC".
- your services won't be cheap: gunboats must be maintained, armies paid and fed.
I was thinking you could have some sort of satellite service with data stored on the satellite. Allow multiple authorised ground stations to connect and store/retrieve emails for users. But again, the person that controls the software and operation would be a target.
Why even the IP address is both technically and law-wise on of the hardest thinks to protect. The only way to get anywhere close to it is by using a VPN, Tor or similar additionally to whatever protection the service provides, and surprise, they do have a onion site (I think).
To quote
“ There's an important distinction here. Under Swiss law, email providers fall into a category which requires us to comply with certain legal requests. Swiss law does not have a provision which could force a VPN provider to log.”
“ With VPN the legal principle is different. Thousands of users might be using the same server, logging them all would be assuming everybody is guilty until proven innocent. This is considered to be disproportionate. In the email case, it is possible to request information on a specific user, and that is considered to be proportionate.”
https://www.reddit.com/r/ProtonMail/comments/pil6xi/climate_...
And this was quite obvious for someone who actually looked into staying anonymous (or gave the Protonmail threat model page a deeper read).
> What makes me sad is how flimsy their entire premise (not necessarily "promise") turned out to be: all it took was some minor rascal in France to hug the wrong tree (so to speak), and ProtonMail is in the open saying they can't even protect the IP address of their customers.
That's a big simplification. It took quite a few authorities to wave through a very draconian request for (what appears to be) a minor crime. As Protonmail themselves pointed out, they never promised to protect the IPs and they could explicitly not promise that. In fact, they even stated very clearly that they could not. Expecting them to print that on the frontpage is quite unreasonable when their marketing has to compete with shady VPNs that promise the sky.
> From there, all it takes is for somebody to change a law in Switzerland and end-to-end encryption of the messages themselves will only be "by default."
While this is a reasonable threat, it's not like one could do this in an afternoon.
All in all, I still trust ProtonMail, they are handling this quite well and transparently. Their original messaging was probably a compromise between getting the message out there and leaving some room for things like this. Arguably that was a mistake, or maybe with the whole truth in bold on the front page, people would have flocked less to ProtonMail? I still don't agree with that original messaging though, as they don't themselves anymore.
Still pretty great free service if you ask me. If a family plan was cheaper I'd have migrated everyone there a long time ago.
A couple of weeks ago, it was Apple announcing that they will spy by default in all of their customers via the iPhones because of child pornography. Apple has spent galleons of gold marketing itself as a privacy-first company and they are not a pushover; for them to do that, whatever is going on behind the curtains must be grim.
I thought it would be a few years before somebody wanted to use something like that technology for something less serious. Then yesterday the news broke that courts had forced ProtonMail to break their business just so the French police could find a climate activist.
In my view, we are heading to a world where our electronic devices and services will be used to prosecute petty crimes, like drinking alcohol in Arab countries or even parking over the line anywhere else.
Saying "Well, you could also use our VPN as well" is more marketing. Of course they'll have to comply with legal requests for that too.
This is a political issue. What's missing is the legal oversight which prevents overreach. Demanding logs to catch a mass murderer is one thing. Demanding logs to catch someone who is being financially and politically irritating is on a completely different level and much harder to justify.
They are only required to provide the IP Addresses from ProtonMail but ProtonVPN gets different treatment legally speaking, were they cannot (currently) force logging [0][1].
[0] https://protonvpn.com/support/no-logs-vpn/ [1] checked with Andy Yen (CEO/Founder)
Operating outside of national protection requires either extremely small scale and high risk or it requires becoming a quasi-nation.
We must be living on alternate time lines - try reading their transparency report. This is not even the first time this week, let alone the first time ever.
This will never happen. There are too many clandestine ways for this to suddenly no longer be there in ways that would be totally deniable for anyone doing the deed. Whether it's just "cut a cable" supplying the data streams or physical destruction of the vessel housing the data center.
Technology itself has to be law-prone && gun-prone.
You might escape the laws constraining you, but you will also escape the laws protecting you.
So if there is a datacenter in the open seas either:
- It's operated by some government, potentially indirectly through some straw mans.
- It's undermined by some goverment using it as a honypot or similar.
- It's so small that no-one cares about it.
- It's gone.
So IMHO, realistically speaking there is no such marked, if you want to escape the law it's properly easier to do so inside of an country instead of escaping onto the sea and then trying to somehow connect internet.
Privacy activists, for some reason, don't take the time to read transparency reports.
We are on a thread talking about them removing claims on their marketing material... that's abundantly clear to you?
Have we reached that level of expectation? That it's abundantly clear when marketing material are not saying the same thing as reports?
> In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.
This is what the Transparency Report say too. In EXTREME criminal cases. Is it abundantly clear to you this case is an EXTREME criminal cases too? This was someone that manifested by squatting a building... is that extreme to you? My definition of extreme is a tiny bit higher, I would expect risk of life or at least a pretty large amount of money involved... not a bunch of kids manifesting gentrification.
Protonmail has been dishonest in their marketing.
1. Their homepage stated ""By default, we do not keep any IP logs...". Due to complaints about this being a lie, they have today removed this statement
2. Their website also stated "No personal information required to create an account". However, for creating an account through Tor a phone number is required. This has been an issue for 4 years [1]
How could I expect Proton to disobey legal requests? That's crazy.
[1] https://www.reddit.com/r/ProtonMail/comments/638ykr/phone_nu...
Untrue.
There are many way to resist authority without being seen as blatantly disobeying the law.
In this particular case, they could have gone with the standard: "can't technically do it, we don't have the infrastructure". Or: "the guys who manages the logs just quit, we can't recover the information". Or: "we don't have the budget to implement that, it'd bankrupt us" ... etc ... make as many lame excuses as the day is long.
Drag things into court and just bog the effing big brother machine down in technicalities long enough until they simply give up or the French activist has had ample time to skedaddle.
That's ultimately why I cancelled my PM subscription and went elsewhere.
Nothing stops them from logging user password either, then the entire mailbox contents is compromised
Many good points + 1.
#2 likely fails because the statement was at worst ambiguous or incomplete, not false. The statement that they do not keep logs by default combined with what reasonable people are expected to know as mentioned above should have led a reasonable person to see through the ambiguousness.
And if not PM went in to more detail in the TOS. Yes, it is well known that most people don't read the TOS. Heck, I often do not read the TOS.
But when you are using a service as part of some criminal endeavor or for something for which there is a reasonable chance will be mistaken for a criminal endeavor you really do need to read the TOS. To not do so is unreasonable.
#3 probably fails because there is likely no way to prove intent to deceive.
#4 likely runs into problems similar to those of #2. A reasonable person using a service for furthering some illegal activity would be expected to put some care into checking out the service to see if it is safe for such activity, and in doing so should have discovered that PM is not safe against Swiss law enforcement obtaining some meta data.
https://web.archive.org/web/20151117172602/https://ProtonMai...
When did the activist start using ProtoMail? Also, if they say roughly, we will not follow Swiss law for you and they follow Swiss law, that is still lying.
This is all very silly. They said right up front they can. Their TOS said they can.
It’s also very silly to assume PM would disobey EU requests. They were created with EU funding.
If their marketing team can't come up with something better, just take text from the privacy policy verbatim.
A proper burner address service would be SimpleLogin or Anonaddy.
But a first world country ? They have laws, they have international influence, they have technical means and the ability to intervene wherever you are.
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN’T REAL. When it rains, it pours." - https://www.schneier.com/blog/archives/2015/08/mickens_on_se...
This applies to ProtonMail too. What do you think happened with Lavabit ? They were pretending full security too, and we all know what happened.
Stop thinking this is a problem technology can fix.
plausibility and the legal system are two vastly different things.
regarding your second point, you're correct, except for the fact they've been blatantly lying about what their product is and does.
I think it’s time we stop doling out this advice and acknowledge that it’s entirely unrealistic. I’m a lawyer. I read the fine print a lot. Sometimes just for fun. But even I don’t “always” read it. Usually I don’t even read it so much as I give it a skim. If I read the fine print each and every time I came across it during the day I would literally do nothing else. Not even sleep.
And that’s to say nothing of the average person’s hope of actually understanding what the fine print even means!
But even for someone very well-suited (a retired lawyer, for example, with all the time in the world) the suggestion to always read the fine print is absurd.
These are contracts of adhesion. As consumers we usually don’t have any leverage to change the terms or even much of a choice to take our business elsewhere. It makes far more sense to regulate consumer contracts and force businesses not to screw people over than it does to ask millions of people to waste hours of their lives reading pages and pages of legalese they don’t understand and couldn’t change even if they did.
Hopefully this system would provide a useful signal even if it was only adopted by a few big mail providers, and they could pressure newly-registered mail domains to adopt it or face delivery delays. Long-established mail domains would be grandfathered in, so most providers wouldn't have to change anything.
(It does have its "secure vault" but you can't sync it to your computer and costs a significant extra fee to use. You may as well use cryptomator)
The issue is both Tresorit and pcloud store the data outside of Switzerland. If you start using pcloud on the expectation that it's stored in Switzerland you are wrong, it will be stored in Texas or in Luxemburg. So, how can Swiss law really apply once it really matter? And secondly, who cares if it's Swiss law, it's nothing special with that.
People seem to believe there is some kind of banking secrecy that applies to data storage. On top of that, the Swiss banking secrecy does actually not exist anymore.
And looking at the Terms & Conditions from pcloud, it says: "If a European Union user of the Site or Services is located outside of Switzerland, then, for the purposes of any claim or action relating to these Terms, the Privacy Policy, the Site, or any Services, the applicable jurisdiction will be the courts that are located in the territory of residence of such European User."
So what is the point to highlight they are in Switzerland, if Swiss laws do not apply if you do not live in Switzerland? It's just false marketing.
My expectation here would typically be that the company itself is governed by a stable, democratic government. It matters, because different legislations can impose different requirements (see recent changes in Australia for example).
Yes, banking secrecy has nothing to do with this and doesn't really apply, since that is more about someone not spilling your information, while here you already ensure on your device that the data is not visible to anyone.
I think you are right - it's a marketing element, but most companies do that, don't they? See for example Apple with "Designed in California", which is really just trying to not only say "Made in China". People have known associations with certain countries (such as Switzerland), which are used for marketing, yes.
> Under current Swiss law, email and VPN are treated differently, and ProtonVPN cannot be compelled to log user data.
Curiously enough, we've seen anonymous services succeed for results unrelated to privacy-from-government: places like Omegle & ChatRoulette use anonymity for fun; places like 4chan use anonymity both for fun and also to avoid certain problems common to name-posting. Anonymity has long been a viable alternative put to good use in literature, arts, and entertainment. Perhaps the proper marketing would be along those lines?
> Swiss law requires a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. However, in certain situations, notification can be delayed. This includes the following cases [...]
From https://web.archive.org/web/20210724054806/https://protonmai... (under "ProtonMail User Notification Policy", emphasis is mine).
> Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding.
People will read this and the majority will think there is some kind of notification as soon as that happens. I mean, users here on HN thought that. Only if you click the link, the one that you shared, then you'll know that there are multiple situations where that notification will be delayed.
I think that is actually the worst part about the whole situation so far. One can argue that they should've made the potential logging more clear right under their no logs marketing. But pretty much doing the same stunt again with the notification, does feel a bit like intent... or stupidity.
My actual point, was why in the world would you not post the name of the company in the original post? What thought processes occurred that suggested you shouldn't provide the name in the first place?
https://ec.europa.eu/info/law/law-topic/data-protection/inte...
Good tradecraft is hard.
As a Protonmail customer, thanks for saying this. There seems to be this idea that a blog post Proton made in 2014 is being "up front" about their policies.
Protonmail needs to do better.
If you're storing any kind of information you'd rather keep private on a server you do not control and not diving into the policies and blog posts of said provider to make doubly sure they're all they say they are, it's no one's fault but your own when something inevitably happens. Either do your due diligence or blindly accept the risk. People took the second option and look what happened.
And yes, I would say an order from Swiss courts that was unappealable is an extreme criminal case. Anything that could threaten Protonmail qualifies.
So before this case, if I told you is someone in France trespassing enough for ProtonMail to log and provide IP, you would say sure?
My point is that this is not what most people would expect by reading extreme criminal case. If it's not what they expect, it is thus misleading.
I also wouldn't even agree that this is an extreme criminal case. What an non extreme one then? This is not an exception, this is simply a criminal case. It clearly doesn't need to be extreme to allow them to get the IP.
Protonmail was forced by Swiss courts, period. Protonmail will not risk themselves for you. No client of Protonmail is worth fighting the Swiss courts over. Protonmail bowed down to the laws of the country they operate in, a smart move if they wish to continue legal operations.
If you still do not understand this fact, or that I am speaking strictly about the repercussions that a Swiss company could face by ignoring a court order from Swiss courts in Swiss law in Switzerland, then we have nothing else to discuss.
What happens if your job is to be a watch dog for oil rigs to make sure they're not polluting local waters or covering up spills? Some rough looking men tell you that you should forget some of what you saw in your last inspection? Should these types of jobs not exist?
What happens if you're just out for a walk late at night because you have insomnia? You just happen to see the chief of police up to some less than ideal actions at 3 in the morning in the park. How would changing your job even help in this scenario?
Sometimes people need to communicate something that could be a problem for their personal safety. And the rest of us as a society dearly need them to do it. And personally, I would like them to be able to do it while also costing them as little as possible. Because otherwise people tend to be quiet about things that should be known by all.
Some people try to make the world a better place. Your message is personal freedoms matters more than my beliefs. That is not true for everyone. Many will turn in their own mother to save themselves others will put their lives on the line to save your mother.
The other objections are about whistleblowing on private parties, discrimination or in one case a corrupt petty politician/magistrate. None of them would generate a safety concern to someone protected by Swiss law.
Seriously, the folks working the privacy angle on this story need to distinguish themselves from gangsters and organized crime syndicates. One person doing the wrong thing is bad; an organization doing it is a serious public concern and everywhere and always will generate a public response.
If you substituted Substack or a public-facing communication medium I'd be more sympathetic to the outrage at an email vendor complying with Swiss law. Here, however, we're talking about discovery of the identity behind private communications of an undetermined nature in compliance with the law of a mature Western democracy. Sorry folks, you've sometimes got to work within the democratic system to achieve your goals.
China could easily pressure an EU nation to make the request.
I support providers that believe this as well, and act in accordance.
Your model more treats privacy as something to be earned or attained through technical knowledge. No thanks. Journalists and whistleblowers need others looking out for them when no one else will.
If Protonmail doesn't solve this by the time my account is up for renewal, I will not be renewing.
While Switzerland is not a member, they do have special agreements for trade reasons so it might be okay to store data there.
I believe you're confusing "is not actively logging" with "will not log, even when law enforcement takes over the server" (which a court order essentially comes down to, if you don't comply). The former is what ProtonMail also does. The latter is what no company can offer.
But then we weren't a corporation. Between us, we had little to lose. We didn't have to help the cops. Protonmail is a business, so I suppose they are much more likely to roll over. Still, I'm pretty disappointed; their whole sctick is security, and they pitch to the likes of whistleblowers. It looks pretty bad to me.
The IndyUK server was seized from Rackspace, under the directions of the FBI (this was in Manchester, UK; I guess Rackspace US were leaned on by the feds, and HQ leaned on the Manchester datacenter). I think the feds kept the disks, which were encrypted.
If Rackspace just flat out refused to follow court orders, they wouldn't be able to run a data center. A DC that will comply with a court order is better than no DC imho.
Perfect is the enemy of good, and PM is definitely good at doing email with a high degree of privacy. Should you use it from your home dial-up while leaking the definite proof that reptilians are running the show? Probably not, but that doesn't make them unusable. For a lot of other threat models, they're perfectly fine, at least until proven otherwise.
Virtually no one (besides a few trained super spies) will resist and not comply once the first finger nail is coming off. Court orders are just the friendly foreplay, and they'll escalate from there depending on how important it is for them to get them to comply. If you're betting your safety on anyone withstanding that and not giving up their password, you're setting yourself up for disappointment (and pain!).
That said, if there was a third entity that removed IPs for Protonmail, maybe that could get away with it. Kind of like how Tor is functioning.
We don't know what jurisdiction this happened in - Belarus, Switzerland, or the USA. I doubt that Switzerland or the USA empower the police to force a private company to put up a bogus service on the internet - especially on behalf of China.
We also don't know whether the activist was taking advantage of Protonmail-to-Protonmail security, or whether one end of the connection was non-Protonmail.
My guess: they were logging IP addresses, at least for SMTP, and the activist was using SMTP.
So if a referendum in Switzerland passed tomorrow which changed the law so that the Swiss government had to refuse to process any foreign warrants requesting IP addresses of email users, would France cut their trade and comms links to Switzerland?
I have no idea how to pull that off.
you start with a military force that is enough to prevent another sovereign nation from doing something bad like cutting off your comm link, or forcing or freezing your bank account...
Still doesn’t solve the banking issues, but one problem at a time I suppose.
The premise that you can buy secure comms from a commercial third party is... unconvincing.
Where did I say they shouldn't have done this? I do understands that fact.
The issue isn't on what they did, it's on how they said they were protected against this but actually wasn't. We are talking about their marketing materials promising anonymity that they can't legally provide.
If that was a mere misunderstanding from their parts and they thought they could actually get away from providing the IP but couldn't actually, sure it was a simply mistake from their part to say that, I would agree with you, but you provided the proof that they knew, and you even said it was "abundantly clear" that it was the case.
I'll say the same as you, if you don't understands that part, we have nothing else to discuss. Even more so if you believe that it's fine to promise stuff that you can't legally provide.
> The dot-com crash not only cut the bottom out from colocation pricing, but also took out HavenCo's fiber-optic link when the company providing it went bankrupt. That left the entire operation with a pokey 128 Kbps satellite link, which staggered badly under denial-of-service attacks.
In Neal Stephenson's novel Cryptonomicon, the data haven is a main theme in its plot.
https://en.m.wikipedia.org/wiki/2007_Chinese_anti-satellite_...
But whether or not you need encryption, is that ok to advertise something that you don't have?
Also. Yes. The Android app is very bad compared to e.g. drive/photos
Signal uses an OTR variant (I believe OTR masks the identity of the sender/receiver) -- not sure how thorough their implementation and protocol are[1]. Although if authorities already have the IP of one user they might gather a list of contacts.
So long as a company exists in a world controlled by US/European finance or is in their borders, they can be compelled to log what they are told to.