As I pointed out they also route all of their traffic through Cloudflare. They also have been caught red-handed logging the IP of an activist despite having previously advertised that they didn't keep any logs.
Now they are using misleading terms such as "privacy by default" which according to them means that by default they won't log you but that they can be "forced" to log a user if a law enforcement agency asks them to do so...
Not sure why you didn't mention the law ruled heavily in favor of protonmail as a result of that massive fight between Protonmail and the authorities after that happened( they had to comply, while fighting back) - so as a result, they now have legal law BACKING for privacy even more and cannot be compelled like that again-
when they got that court order that wanted them to retain logs, they , challenged it immediately- and the rulingcame down - and they won.
They can no longer be compelled to cooperate in cases of crimes in other countries that match crimes in Swiss laws, as happened here- and this happened because they fought back -it just took time for the ruling to come down.
As a result of this, Apple released a series of tools such as iCloud Advanced Security where they don't even have the keys (but causes user support issues, users can now "lose everything" with no recourse, which is why this isn't on by default; most users' "threat model" is more risk from deleting themselves accidentally than of nation state disclosure), along with the new feature that a phone not being actively used turns itself, off, and a few more things.
There exist different laws for different services. There VPN for example is exempt from the court order that got the IP while using there mail service.
Yup. Unless you're providing a truly zero-access encrypted service such as chat (e.g. Signal), there truly is no way of avoiding it while staying afloat as a private company. It seems people don't understand that email, which is Proton's bread and butter, CAN'T be fully anonymous and private in relation to the provider unless the provider severely limits functionality by only allowing PGP.
Framing the question a bit differently could help: The aim should be to engineer the system so that you don't (and can't) have access to the information, so you minimize vulnerability to legal attacks.
A strawman mod to protonmail could be to mandate the use of a VPN
> The aim should be to engineer the system so that you don't (and can't) have access to the information
So when law enforcement and/or a three-letter agency rocks up with the legal paperwork (whether it be a National Security Letter or a local equivalent) and demands that "the system" be changed to start collecting the information they require, how should managers and engineers respond?
Generally, in my experience, people want to help "catch the criminal" -- note these are usually the worst of the worst at first. Then you start getting less and less information and starts becoming a process rather than an event/discussion.
By pointing to your repo and inviting them to make a PR. Because your system is open source, uses reproducible builds, and attestation so users can directly verify the binaries you're running come from the open code they can audit. This is the same reason a three-letter agency approaching Linux and asking for a backdoor won't work.
> https://signal.org/bigbrother/
> "When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication here"
Sure, except if there's a nondisclosure provision...
"A national security letter is an administrative subpoena issued by the United States government to gather information for national security purposes. NSLs do not require prior approval from a judge. NSLs typically contain a nondisclosure requirement forbidding the recipient of an NSL from disclosing the FBI had requested the information."
In a perfect world? The same way Apple did in ~2015. Argue that code is equivalent to speech, compelling them to write code to change the way the system works is compelling speech, and making that demand is unconstitutional.
Apple gets lots of shit for a multitude of reasons, but their stance of "We built it to be securely encrypted from everyone but the owner; if you want to change that then fuck you, make me" is something everyone involved with should be proud of
Realistically, we can't all be one of the richest companies in the modern era. Not every corporation has both morals, and pockets deep enough to pick a fight with not just a government, but the government of the country they're headquartered in. Frankly, shutting down like Lavabit is one of the better realistic scenarios if you're making promises of guaranteed privacy
I think this is easier: there isn't a single corporation on the earth with morals. Morality and profit-chasing are not generally coherent principles. Nobody doing any good on this earth has a need for an LLC.
I generally agree with your posts/comments, but anyone trying to "do good" in the USA absolutely needs to have liability protection, such as an LLC or a corporation shell of some kind. The moment one starts to make a difference in this corporate controlled nation, the full legal power of both the corporations and their owned government minions will rain down on you. I've seen it. If you're trying to make any kind of a difference, get liability shells around your activities, or you'll be ended the moment you gain traction.
Calling them "morals" was meant flippantly, though I suspect should have used quotation marks to call that out a bit more. "Multiple ad campaigns and a marketing posture based around privacy" is probably better.
The aim should be to engineer the system so that you had over every piece of information that you have and that it is totally useless to anyone, either through encryption (that you don't have access to) or through not collecting it in the first place.
Service has to follow the law more breaking news at 11....they even before this have always advocated to use a VPN or Tor if your threat model is law enforcement.
Proton is still very much worth recommending, you can ignore the noise. The article you linked was debunked in this article which provides overwhelming evidence pointing to the org being liberal: https://www.reddit.com/r/Anarchism/comments/1id5v21/does_pro...
Not that it matters though, since I assume all of us here know how encryption works.
Proton also suffers from a pathology similar to the LavaBit problem. Better off using some other email service that doesn't insist on keeping GPG keys on its servers and using something like Mega instead.
