I saw this on my twitter and was kind of surprised that this was patented and had an expensive API to go with it. I don't see why this couldn't be on-device processing. Why utilize a cloud API for an accessibility feature?
I remember someone telling me one time that they were really excited that Twitter, Discord, etc. were making moves to support the blockchain because it meant they believed in a decentralized internet and were going to use their platforms to make it happen.
This is exactly what baffled me about people saying "I'm cancelling my PM subscription" as if they didn't make this abundantly clear. In their transparency report, they state very clearly that they "may also be obligated to monitor the IP addresses" being used to access accounts engaged in criminal activity.
Privacy activists, for some reason, don't take the time to read transparency reports.
> This is exactly what baffled me about people saying "I'm cancelling my PM subscription" as if they didn't make this abundantly clear.
We are on a thread talking about them removing claims on their marketing material... that's abundantly clear to you?
Have we reached that level of expectation? That it's abundantly clear when marketing material are not saying the same thing as reports?
> In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.
This is what the Transparency Report say too. In EXTREME criminal cases. Is it abundantly clear to you this case is an EXTREME criminal cases too? This was someone that manifested by squatting a building... is that extreme to you? My definition of extreme is a tiny bit higher, I would expect risk of life or at least a pretty large amount of money involved... not a bunch of kids manifesting gentrification.
> We are on a thread talking about them removing claims on their marketing material... that's abundantly clear to you?
As a Protonmail customer, thanks for saying this. There seems to be this idea that a blog post Proton made in 2014 is being "up front" about their policies.
I agree that Protonmail has been dishonest in their marketing, but marketing =/= policies.
If you're storing any kind of information you'd rather keep private on a server you do not control and not diving into the policies and blog posts of said provider to make doubly sure they're all they say they are, it's no one's fault but your own when something inevitably happens. Either do your due diligence or blindly accept the risk. People took the second option and look what happened.
And yes, I would say an order from Swiss courts that was unappealable is an extreme criminal case. Anything that could threaten Protonmail qualifies.
> And yes, I would say an order from Swiss courts that was unappealable is an extreme criminal case. Anything that could threaten Protonmail qualifies.
So before this case, if I told you is someone in France trespassing enough for ProtonMail to log and provide IP, you would say sure?
My point is that this is not what most people would expect by reading extreme criminal case. If it's not what they expect, it is thus misleading.
I also wouldn't even agree that this is an extreme criminal case. What an non extreme one then? This is not an exception, this is simply a criminal case. It clearly doesn't need to be extreme to allow them to get the IP.
Protonmail was forced by Swiss courts, period. Protonmail will not risk themselves for you. No client of Protonmail is worth fighting the Swiss courts over. Protonmail bowed down to the laws of the country they operate in, a smart move if they wish to continue legal operations.
If you still do not understand this fact, or that I am speaking strictly about the repercussions that a Swiss company could face by ignoring a court order from Swiss courts in Swiss law in Switzerland, then we have nothing else to discuss.
> If you still do not understand this fact, or that I am speaking strictly about the repercussions that a Swiss company could face by ignoring a court order from Swiss courts in Swiss law in Switzerland, then we have nothing else to discuss.
Where did I say they shouldn't have done this? I do understands that fact.
The issue isn't on what they did, it's on how they said they were protected against this but actually wasn't. We are talking about their marketing materials promising anonymity that they can't legally provide.
If that was a mere misunderstanding from their parts and they thought they could actually get away from providing the IP but couldn't actually, sure it was a simply mistake from their part to say that, I would agree with you, but you provided the proof that they knew, and you even said it was "abundantly clear" that it was the case.
I'll say the same as you, if you don't understands that part, we have nothing else to discuss. Even more so if you believe that it's fine to promise stuff that you can't legally provide.
What about the perception they gave that state if you were being monitored you would be notified? The part not made clear was that they could delay notifying you for months.
They did make it clear and did so before this outcry:
> Swiss law requires a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. However, in certain situations, notification can be delayed. This includes the following cases [...]
I think he is talking about the CEOs blog post, where he does not make that clear and absolutely creates the impression that the French activist received a notification. It even sounds like that you get a notification as soon as somebody just requests it, even if PM declines / fights it. [0]
> Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding.
People will read this and the majority will think there is some kind of notification as soon as that happens. I mean, users here on HN thought that.
Only if you click the link, the one that you shared, then you'll know that there are multiple situations where that notification will be delayed.
I think that is actually the worst part about the whole situation so far. One can argue that they should've made the potential logging more clear right under their no logs marketing. But pretty much doing the same stunt again with the notification, does feel a bit like intent... or stupidity.
Something else that has happened since the mid 2000's is that the internet isn't a separate, mysterious black box anymore. The internet is now merging with real life and all the negative parts of it are the ones spreading like wildfire. This creates a responsibility issue where now that websites can host more content and connect with the real world in more ways, they need to cover their own backs.
I would say Linux works well for...70% of end user computing. Browsing the web, watching videos, reading the news, and playing low-intensity games. The newer your PC is or the more specialized work you have to do, gaming being a good example, the more tweaks you have to do.
Windows, unfortunately, just works. Games I play work fine, streaming doesn't require a workaround, and I don't have to hunt down a guide to tweak something that I wouldn't normally have to.
Apple's notification management has to be the worst I've ever seen. For a company that has made some serious advances in UI/UX and is single-handedly responsible for Android not being a Blackberry clone, their notifications are absolutely atrocious.
iOS 15 is introducing some welcome changes that I wouldn't mind Android copying in the future, such as notification summaries, but that does little to fix the core issues of iOS notification management.
For me, that was the one gripe that I didnt agree with in the article.
I pretty aggressively manage notifications on my phone. And will selectively disable either the entire thing or the little red bubble depending on their use case.
Also you can clear individual notifications by selecting them or swiping them off. Or you can en-mass delete them, theres an X at the top right of the main banner
For example:
By default most are off. I really dont need notifications from say...Pandora or Zoom or Youtube.
For things that i check, work email, phone calls, texts or chat apps or even TOTP/push like DUO I allow the banners and badges but generally disable sounds.
My kids daycare app that is largely required for basic communication, absolutely abuses the communication feature. Every time a picture is posted you get one, and if they post say...10 you get 10. They ONLY get the bubble, so i know theres something i should check.
This makes it look like theres more work than I put into as well. In general i deny notifications. For those that I want it I allow them and if they abuse it, i simply trim down what is bothering it. Its actually a pretty solid system imho.
Is there a conversation that needs to be had around the security of voting machines? Yes. Is America's electoral system fundamentally flawed? Yes. Should election machines be audited and held to the highest possible standard of information security? Yes.
Does this achieve any of that? No.
A lot of people had open minds about this whole situation, and I commend them. But it was obvious from the beginning this was going to go nowhere. It's the same with every conspiracy theory, someone claims to have proof but won't or can't show it for some reason. Whatever reason that is changes with the wind. The claim that the elections were hacked to give Biden the victory has now boiled down to con men conning other con men.
There's no evidence that the voting machines or that voting is fundamentally broken. It's probably not that hard to fake a single vote, but it's exceedingly difficult to fake them in bulk, in a systematic manner.
I shriveled up a little bit when I saw that electronic machines were becoming commonplace for voting. The more complicated you make a machine, the more it can be manipulated and the less resistance it has to public trust erosion.
All of that being said, I would love to know what the end goal was here. This (along with other things connected to the symposium) could be linked to massive security breaches if they're legitimate. I hope this was worth it to them.
