It feels like Proton are being intentionally misleading in their statements.
-
@AT1ST @malwaretech
They advertise confidentiality of the communication and that _only_ between INTERNAL (Proton) accounts. Nothing more, nothing less. Thats what they sell: c-o-n-f-i-d-e-n-t-i-a-l-i-t-y. For people who do not know how to read gnupg manual. All gui, easy to click.Then using money earned on their email product they provide more services that used properly _allow_ people to stay safe from being targeted way longer than any other service provider – and these they provide free. They explain the possibilities and explain threats. Problem is that many many many way so many people now just does not want to read before they click or tap.
You can stay a bit, for a longer while, anonymous using Proton: you sign up for a free account using their free #vpn built into #vivaldi and never ever log in to this account not using vpn. Very simple.Not that you can use such account for a malicious public posting. When "imminent threat" is detected, esp. to some #EElite member, anyone on your packet way to the service will act to uncover you. Read the silk road story as a primer.
@ohir @malwaretech "Anyone on your packet way to the service will act to uncover you."
The big detail is that it was the person *closest* the endpoint that did the uncovering that bothers people; had it been ProtonMail's ISP, it would be a different question.
But the issue that people take issue with is that ProtonMail appears to have folded without *any* resistance, over something they claim they would not normally fold over. Hence the "It's not the same as them giving data directly to the FBI if they give it to the Swiss government who then gives it to the FBI." distinction they appear to be trying to make.
-
@malwaretech Ah, and you then respond with even more.
Champ, you need to learn how to interact with other human beings.
-
@malwaretech Ah, and you then respond with even more.
Champ, you need to learn how to interact with other human beings.
@james God, you're insufferable. Enjoy the block list.
-
@ohir @malwaretech "Anyone on your packet way to the service will act to uncover you."
The big detail is that it was the person *closest* the endpoint that did the uncovering that bothers people; had it been ProtonMail's ISP, it would be a different question.
But the issue that people take issue with is that ProtonMail appears to have folded without *any* resistance, over something they claim they would not normally fold over. Hence the "It's not the same as them giving data directly to the FBI if they give it to the Swiss government who then gives it to the FBI." distinction they appear to be trying to make.
@AT1ST @malwaretech
There is no way to *resistance* in many countries. You can complain on merit. Or go to jail for *resistance*. Such resistance to a valid warrant is called "Obstruction of Justice" and penalties vary by country from 3 to 8 years.Then yet again now in simple words: why do you feel entitled to the costly legal representation from the service provider who never advertised "anonymity services"? On what basis? Why mines and over ten thousand other people $80 this year payments should be spent to cover for someone posting explosive threats to the FB. Should Uber "resist" a warrant seeking robber taping Uber services to get the loot from the crime scene?
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech I didn't think it misleading, unless one thinks companies work in vacuums. The Swiss government IS responsible for requesting the info and companies within Switzerland are required to comply with the national laws. A company can't be responsible for agreements between countries.
-
@AT1ST @malwaretech
There is no way to *resistance* in many countries. You can complain on merit. Or go to jail for *resistance*. Such resistance to a valid warrant is called "Obstruction of Justice" and penalties vary by country from 3 to 8 years.Then yet again now in simple words: why do you feel entitled to the costly legal representation from the service provider who never advertised "anonymity services"? On what basis? Why mines and over ten thousand other people $80 this year payments should be spent to cover for someone posting explosive threats to the FB. Should Uber "resist" a warrant seeking robber taping Uber services to get the loot from the crime scene?
@ohir @malwaretech "There is no way to resistance in many countries. You can complain on merit."
...My point is that it seems they relied on the Swiss government to do the resistance and judge the merit. The point of a "Resistance lawsuit" is to complain on merit.
(Also, ProtonMail both makes income, and kind of makes the argument that Swiss companies *cannot* share information with foreign law enforcement under criminal penalty [ https://proton.me/blog/switzerland ]. They're doing this reveal of information as a "Loophole" to their own privacy marketing.
At the minimum, this is a bad look for P.R. purposes.)
-
@ohir @malwaretech "There is no way to resistance in many countries. You can complain on merit."
...My point is that it seems they relied on the Swiss government to do the resistance and judge the merit. The point of a "Resistance lawsuit" is to complain on merit.
(Also, ProtonMail both makes income, and kind of makes the argument that Swiss companies *cannot* share information with foreign law enforcement under criminal penalty [ https://proton.me/blog/switzerland ]. They're doing this reveal of information as a "Loophole" to their own privacy marketing.
At the minimum, this is a bad look for P.R. purposes.)
@ohir @malwaretech Like, Uber doesn't make the claim that you can get privacy in Uber, but Proton *specifically* said this on that web site:
"Strong privacy protections: Switzerland has a constitutional right to privacy and strict data protection laws. Unlike companies in other countries, Proton cannot be compelled by foreign or Swiss authorities to engage in bulk surveillance."
That's a major reason they say "This is why we're Switzerland-based.".
And here? Here they are "Loopholing" that whole statement.
-
@LukefromDC @malwaretech I agree, I don't expect Proton to fall on the sword for my €5/mo (I don't even use Proton but I digress).
There's no unbreakable lock, just locks that deter break-ins by making it not worth it to spend the time/resources.
I doubt this stop cop city guy was a Snowden/Assange level target on the FBI list, mailing cash or doing P2P cash for Monero and using that would've probably be enough for the FBI to drop the Proton lead and try to find other holes in this guy's OpSec.
Anyways, thanks for the insightful lessons in OpSec, much appreciated
-
@ohir @malwaretech Like, Uber doesn't make the claim that you can get privacy in Uber, but Proton *specifically* said this on that web site:
"Strong privacy protections: Switzerland has a constitutional right to privacy and strict data protection laws. Unlike companies in other countries, Proton cannot be compelled by foreign or Swiss authorities to engage in bulk surveillance."
That's a major reason they say "This is why we're Switzerland-based.".
And here? Here they are "Loopholing" that whole statement.
@AT1ST @malwaretech
Proton can not be compelled to provide bulk surveilance.What is to be misunderstood in the "bulk" word? They stated what laws of their incorporation says.
Privacy does not mean anonymity. Encryption does not mean anonymity.
Encryption provides confidentiality, this is a vessel for privacy. Tech can provide your mail can not be read by their staff if both parties use two-key approach. As this was too hard for the masses, one can now turn this on.The problem is so many people can not grasp the details. Then the easy and enough-secure provider is magnitude better for the masses than alternatives feeding the monster siliconiacs.
Were Proton started their message with "dear user, remember we are obliged to help law enforcement to know you" this would be as much misunderstood. And prospect non US user would be inclined to choose eg. Apple mail instead. Because "you know, Apple protects their customers".
Reiterating: Privacy is not anonymity. Encryption is not anonymity. There is no anonymity on current Internet, only are ways to up cost and time to discover. Like hand routed Tor between mail services hosted in separate mafia states.
-
@ohir @malwaretech "There is no way to resistance in many countries. You can complain on merit."
...My point is that it seems they relied on the Swiss government to do the resistance and judge the merit. The point of a "Resistance lawsuit" is to complain on merit.
(Also, ProtonMail both makes income, and kind of makes the argument that Swiss companies *cannot* share information with foreign law enforcement under criminal penalty [ https://proton.me/blog/switzerland ]. They're doing this reveal of information as a "Loophole" to their own privacy marketing.
At the minimum, this is a bad look for P.R. purposes.)
@AT1ST @malwaretech
> Swiss companies *cannot* share information with foreign law enforcement under criminal penalty
True. You can not sell your customer data without a warrant from the Swiss authorities. Thats why Swiss bankers got so insanely rich. They can not be compelled to be customer watchers, then a valid warrant must have had a valid warrant subject. -
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech If you don’t like Proton, there’s always Google! I love how readily people criticize Proton even though it’s likely the best privacy ecosystem we have now. At the same time I wish they zero encrypted the meta data enough to make this a non-issue. More than one thing is true at the same time.
-
@malwaretech So they're skirting the government request *entirely* on money and lack of compliance?
I am not saying that ProtonMail has to *win* their case, but it does feel like ProtonMail is just folding right out of the gate.
Like how it has been pointed out that a Filibuster where you have to keep debating an issue in the House or the Senate to block it became suddenly a "If you threaten to filibuster it, then I guess we don't bother testing that you *can* filibuster this law - it's just dead.".
No, it's a different situation from a technical perspective.
One is a request for data (mail) a company already has stored on its own servers, and that that company can already access at will.
The other is a request for a company to develop and provide a tool to the government, so the government may unlock devices belonging to 3rd parties, and independently access the data therein.
To build a flimsy analogy here, one case is the government coming to your house and saying "give me all the files from the safe in your office".
The other is the government going to the safe company and saying "give me a skeleton key to unlock every safe you've ever made" -
No, it's a different situation from a technical perspective.
One is a request for data (mail) a company already has stored on its own servers, and that that company can already access at will.
The other is a request for a company to develop and provide a tool to the government, so the government may unlock devices belonging to 3rd parties, and independently access the data therein.
To build a flimsy analogy here, one case is the government coming to your house and saying "give me all the files from the safe in your office".
The other is the government going to the safe company and saying "give me a skeleton key to unlock every safe you've ever made"@lackthereof The technical difference is only partially why that stance was taken.
As I understand it, they didn't even give away mail, they gave away the credit card processing token (Or the information outright), so that the credit card processing company could reveal more information. That is, Proton Mail made a point that they still cannot actually retrieve mail from their servers without doing the skeleton thing, and they aren't doing that.
But they did hand over information similar to a journalist not giving away their source, but instead giving away where they met their source and who knew their source, on account of a warrant.
-
@blustoftimes @malwaretech so germany does not have MLAT with u.s.?
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech Yes. And. They're riding on reputation built by Swiss banks' previous refusal to comply with international reporting standards. Switzerland overall has a *reputation* of aversion to surveillance and a critical reaction to requests by foreign authorities, but that doesn't mean they'll go to bat for anyone based on those principles alone.
-
@malwaretech If you don’t like Proton, there’s always Google! I love how readily people criticize Proton even though it’s likely the best privacy ecosystem we have now. At the same time I wish they zero encrypted the meta data enough to make this a non-issue. More than one thing is true at the same time.
@unCoopervised ya'll fanboys are insufferable
-
@kallisti @silhouette @malwaretech
Nice piracy target.
@oldoldcojote @kallisti @silhouette @malwaretech If you torrent all of Metallica's output from a data center on a ship, they send you a free eye patch and a pointy hat.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
lol, this post really brought out all the insufferable fanboys. I'm not gonna pretend like I didn't know which of the 3 platforms I posted this on would have a bunch of people deeply personally offended by criticism of a corporation
-
@kallisti @silhouette @malwaretech I mean you could just use an ol' boring ship if you want to have a lot of computers in international waters. The hardest part would be to transfer energy and data, but cooling would be easy af.
@jnk Wouldn't it still need to fly the flag of some country, and be under that country's legal jurisdiction?
If I recall correctly ships which don't fly the flag of any jurisdiction, or fly the flag of a country they aren't registered in, exist in legally ambiguous territory where some of the normal protections afforded to vessels might not apply. -
@kallisti @silhouette @malwaretech I mean you could just use an ol' boring ship if you want to have a lot of computers in international waters. The hardest part would be to transfer energy and data, but cooling would be easy af.
@jnk @kallisti @silhouette @malwaretech I think power is the easier of the two, considering how much power is used on ships.
