[HN Gopher] Climate activist arrested after ProtonMail provided ... ___________________________________________________________________ Climate activist arrested after ProtonMail provided his IP address Author : kdunglas Score : 383 points Date : 2021-09-05 19:59 UTC (3 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | S_A_P wrote: | Also a ProtonMail user. While I would prefer that ProtonMail | never captures or divulged my ip and or logged my access I pay | because I was a long time gmail user and am trying to ween myself | off of alphabet in general. I don't want my mail skimmed for ads | or worse. | leipert wrote: | Happy user of posteo here which claims to strip IP addresses and | there IS no relation between accounts and payments. All | government requests are transparently documented. | | The web interface is roundcube, but if you just use IMAP, it | could work for you. | | No custom domains though for sending stuff, catch all redirects | obviously work. | | https://posteo.de/en/site/transparency_report | elmo2you wrote: | I don't think that ProtonMail complying with the law here is in | any way the problem. They simply have to. | | However, in this case just as in a few other ones before this | one, it has become pretty clear to me that ProtonMail's marketing | is deceptive at best an in a few cases some of their claims just | blatantly not true. | | What surprised me most is that when I pointed this out in the | past, I was immediately attacked by what appeared to be like | Apple-style fanboys, whole would not stand by anyone criticizing | ProtonMail. | | To this day I'm not so sure if that was just the genuinely | zealous behavior of a few deranged individuals, or if it might | have been a concerted commercial effort at damage control. | | Either way, to me ProtonMail certainly is not what it claims to | be (if not explicitly than at least implied). To me it's just | another commercial entity trying to make a profit by tapping a | relative niche market while convincing gullible people they are | something they actually are not, in any way that will make them a | bigger profit. Nothing really shocking about that, and mostly | just standard behavior for any other modern commercial entity | operating within a capitalistic economy. | istingray wrote: | Disclaimer: Paying Protonmail customer | | I wanted to test how Protonmail is doing for new users I created | an account from scratch just now over Tor. | | 1. Am asked to verify new account by entering a cell phone | (bogus) | | 2. Upon login, "Basic" logs are selected which do not display IP. | You can enable "Advanced" logs to log IP. I would suggest | Protonmail make it crystal clear that these "Basic" logs do not | store IP. In 2021, lies by omission are not good enough. Get rid | of the soft language. | | 3. Their help page [1] says that "Advanced" (IP stored) logs are | enabled by default. However, I created the account and it's just | the Basic (no IP) logs. https://protonmail.com/support/knowledge- | base/authentication... | chrononaut wrote: | > 1. Am asked to verify new account by entering a cell phone | (bogus) | | Interestingly the sentence on their front page, right before | the most commonly quoted snippet in this thread, is: | | > No personal information is required to create your secure | email account. | | A phone number is quite a personal, unique identifier. | gtsop wrote: | Paying customer | | I do not trust protonmail with my privacy. I only use them to | sign up for various services, trying to escape the data mining | google does. | | Not sure I want to support a company that is dishonest however. | I'm reaching the bye-bye point myself slowly but surely. | [deleted] | gigel82 wrote: | So with FastMail under Australian privacy-bashing laws and now | this, what are our options for secure, private e-mail? | Youden wrote: | Honest question, because I've been asking it of myself: what do | you expect from such a service? | | I basically decided to just give up. Email is an insecure | protocol and there's not much that can be done about it. | Choosing a "secure" email provider feels like choosing a | "secure" VPN provider: it's impossible to verify the provider's | claims so it's a kind of security theatre. | cartoonworld wrote: | It's impossible to choose a "secure" email provider, | unfortunately. | | Email can't guarantee E2EE without a block cipher tool like | GPG. Even if your provider stores and transmits _only_ | encrypted email data, once sent it does not maintain that | guarantee while being passed by another entity 's MTA. | | If you email google, google gets to do whatever googly stuff | it would like to do with its algorithm. If you email | exchange, roundcube, ISP, hotmail, it could wind up being | archived to tape, or simply be sitting for a long time in | some unencrypted mail spool, maybe in a public cloud. If you | selfhost, you would be forgiven if you find you have made a | mistake or simply got pwned. | | I've never selfhosted email, but I understand it is a lot of | work to set up if you aren't familiar, and while maintenance | is okay once you get rolling, there are occasional | emergencies or hiccups that require intervention. | | Aside from being _much_ slower, regular mail is quite better | since you can easily inspect the envelope for evidence of | tampering, while email will be imperceptibly copied. | chrononaut wrote: | > I basically decided to just give up. Email is an insecure | protocol and there's not much that can be done about it. | Choosing a "secure" email provider feels like choosing a | "secure" VPN provider: it's impossible to verify the | provider's claims so it's a kind of security theatre. | | Notionally, I would imagine something that looks like "email" | and acts like "e-mail" (to the end user) could eventually | exist that provides the same (conceptual) security that the | Signal protocol provides (and perhaps a hosting provider | option that's the same level of user confidentiality that we | get the Signal foundation), although you're correct that | foundationally it would be a different protocol. Backwards- | compatibility would be required, at least for seamless | transition (perhaps represented as "secure" and "plaintext") | | Wasn't Ladar Levison (the individual behind Lavabit) working | on something like this? https://darkmail.info/ | skitter wrote: | One option not mentioned yet is Posteo. They don't keep your IP | and strip it in case your mail client sets it in the headers. | They also don't take any personal identification for signup or | billing (you can even send them letters with money to pay for a | mailbox). | luckylion wrote: | I don't know what came of it, but they've been told by the | German constitutional court that their approach ("we're using | NAT, we don't know the IP on the actual server") doesn't fly | and does not protect them from complying with a court order. | kazen44 wrote: | This is correct. | | This also applies to ISP's and wiretaps. They need to | provide NAT mappings when doing a wiretap if i remember | correctly. | Saris wrote: | I say don't use email, it's not a good choice for private | communications. | uuidgen wrote: | Anything that you access using thunderbird with GPG configured? | | It gives no worse privacy guarantees than protonmail and | possibly way better - because if you use protonmail through a | web client and they get a court order to serve you a "special" | client that forwards your certificate you won't notice it. | CameronNemo wrote: | Protonmail and fastmail are different offerings. Proton offers | encryption features, while fastmail makes no effort to promote | encryption. | | So tutanota would be a good alternative to protonmail. And | mailbox.org is a good alternative to fastmail. Both are based | in Germany. | superflit wrote: | Occupied Germany is worse[1] | | Germany will handle your data as fast as you can order an | hans schnitzel. | | [1] - https://militarybases.com/overseas/germany/ | merb wrote: | well posteo didn't. they tried to fight it as long as | possible. | superflit wrote: | There is no fighting. | | When you have 21 bases in your land. | krono wrote: | Email from any serviceprovider can be considered as secure and | private as public conversations. | keewee7 wrote: | If you're doing subversive activities against a Western country | you should probably use some Russian or Chinese state-owned | service. | glitcher wrote: | Part of the issue is that the bar for subversive activities | in the eyes of western law enforcement seems to be getting | lower and lower. I don't know the specifics of this case, but | it seems many authorities are also not shy about using these | methods to identify and track peaceful protesters as well. | kazen44 wrote: | while i agree this is a problem, this is something that | isn't to blame on protonmail (or any other company | following the law). This is something that should be | changed through politics/lawmaking. | rakoo wrote: | For this specific issue, find a provider that can be accessed | through Tor. | | But if you want truly private and secure communication, you'll | have to forget about email. Even with encryption there's still | way too much metadata floating around that can identify you. | blacklion wrote: | Your own self-hosted service on rented server / cloud instance? | AFAIU (IANAL!!!) you can refuse to give evidences against | yourself in most jurisdictions. | | I don't thinks that dedicated server provider (like Hetzner) or | cloud provider (like Digital Ocean or Vultr) stores traffic | logs with enough details to be useful in such case. | | But payment will be a problem... | upbeat_general wrote: | It's certainly possible that they store IP addresses. | | Even if they don't, as long as they have the email address | then they can probably find the mail server even if the | payment is anonymous. | ta988 wrote: | They absolutely keep who used which IP at what time. And | they do not allow anonymous purchases. | Sebb767 wrote: | You can't be compelled to incriminate yourself, but your | server provider can very much be compelled to give access to | the server. And once the server is physically compromised the | battle is lost, anyway, but in that case probably with a | larger papertrail leading to you. | | One expensive but possible option would be to build a server | yourself with sufficient traps to shut off when it's tapered | with. Then set it up with full disk encryption and put it in | a shared rack. | CraneWorm wrote: | I read here ProtonMail were compelled to log the IP by the | authorities... Could they have done anything else? Could any sort | of malicious compliance have been an out? Like: "if we hear there | is an investigation on you then we want nothing to do with your | shit and we'll delete your account"? | | I suppose this would land them in hot water, but there might be | something else really clever? | josephcsible wrote: | Has ProtonMail done anything wrong themselves, or is this just a | case of them existing in the wrong country? If they refused to | cooperate, could the government have just seized their servers | and collected the data they wanted themselves? | goldcd wrote: | Legally nothing wrong - but they've maybe been a bit | disingenuous to their users. | | However, better than most (both by jurisdiction and their own | rules) than other email providers - and I'd have thought any of | their users who were serious about anonymity would have used | Tor/Tails etc to connect anyway and used pgp for their | messages. | | Details of connections to the account (IP and connection | fingerprint) shouldn't matter if you were taking your privacy | seriously. | | Basically just signing up for protonmail doesn't make you | secure and there's nothing they could do to help if you just | rely on that. | bawolff wrote: | I think the argument is that their advertising is misleading | (i.e. if they really didn't keep logs, there would be nothing | to hand over) | [deleted] | [deleted] | dogma1138 wrote: | They never advertised that they don't keep logs they just | said they aren't permanent, in fact you can view your own | connection logs if you enable it in which case they are | maintained forever. | | https://protonmail.com/privacy-policy | | They also provide a report of all warrants received | https://protonmail.com/blog/transparency-report/ | tromp wrote: | That begs the question which of the warrants listed there | relates to this climate activist. | kdunglas wrote: | They claim that they don't keep logs on their French | homepage. The climate activist is French: https://twitter.c | om/onestlatech/status/1434596410977030155?s... | | And even on their English website, the marketing is | misleading. They say that the service is "anonymous" and | also: "By default, we do not keep any IP logs which can be | linked to your anonymous email account". | kafkaIncarnate wrote: | REALLY misleading. They created this feature for Mr. | Robot, the TV show, too: | | https://protonmail.com/blog/protonmail-mr-robot-secure- | email... | | Scroll down to comment: | | > Liam, October 14, 2015 at 10:30 PM | | > But https://protonmail.com/security-details page says | "No tracking or logging of personally identifiable | information. Unlike competing services, we do not save | any tracking information. We do not record metadata such | as the IP addresses used to log into accounts." So, now | it turns to be that you introduced tracking and logging? | Is this data encrypted as well? | | > Admin, October 17, 2015 at 9:14 PM | | > We don't save any of this data by default, the user | must explicitly turn it on for us to save it. | | There should be a reasonable assumption that given they | have end-to-end encryption for the service, they just | encrypt the logging for the user and store it encrypted | without the key themselves like they do the emails. | | Also to note, they at least have an onion link to use | their email service. | gregsadetsky wrote: | The CEO's position on Twitter is that "by default" (from | the sentence you're quoting) means when there is no | criminal investigation, but when there is a legal order | in place, Protonmail will collect the IP... | | https://twitter.com/andyyen/status/1434600373059297284 | | "As described in the link above, under Swiss law, we can | be forced to collect info on accounts belonging to users | under criminal investigation. This is obviously not done | by default, but only if we get a legal order." | | Activists beware. | civilized wrote: | "We won't keep logs on you, except if you're in trouble | with The Authorities, then we'll definitely keep logs on | you and rat you out" | | Weird definition of privacy we've got going these days | istingray wrote: | "We don't keep IP addresses. (we keep PI addresses which | are tooooootally different and you didn't ask about | those)" | rossdavidh wrote: | If you thought that Protonmail (or any other company) was | going to go to break the law in order to avoid keeping | logs on you despite a Swiss-backed warrant saying they | had to do so, then you had the wrong impression. But I | never got the impression Protonmail was saying that. | civilized wrote: | I have never used the service and don't know or care a | thing about it. But their advertising is laughably | inconsistent with the reality of the service provided. | | If it's illegal to provide a completely anonymous email | service, then you should not claim to provide a | completely anonymous email service. | freshhawk wrote: | I think everyone has gotten used to this particular lie, | because it's so widespread and all the "privacy" email | providers say things like this. | | Except maybe Lavabit, that guy apparently shut everything | down to avoid doing something along these lines. So maybe | he wasn't actually lying. | salawat wrote: | Once again: if you can't see their server software, you | should assume they are FOS, and are capable of recording | anything. | | Also: One more reason NAT was a good thing over IPv6. The | closer we get to the platonic ideal of "UUID per person" | the more likely justice systems will use it that way. | | The day everyone learns how to self-host mail on | ephemeral compute instances is the day law enforcement | starts requiring MX domain logs to be maintained in a | historical manner. Work around that magically, and some | law'll go on the books to try to tame the super spooky | criminal communicators hiding from law enforcement. | | This is why we can't have nice things. | CraneWorm wrote: | doesn't the amount of available IPv6 mean you can get a | new one every time? | kemotep wrote: | Theoretically yes but if your ISP assigns your home a /64 | you can use 2^64 different addresses to access the | internet. | | This still doesn't protect your privacy because your ISP | knows what prefix they gave you and will likely provide | that to the authorities if you broke the law while using | that address. Just like they would even if you used NAT | and ipv4 so I don't get where the parent comment thinks | that is protecting their privacy at all. | jrochkind1 wrote: | "obviously"? | u_r_dumb wrote: | Literally on their front page: | | > No personal information is required to create your secure | email account. By default, we do not keep any IP logs which | can be linked to your anonymous email account. Your privacy | comes first. | bombcar wrote: | Privacy comes first. Then comes the warrant. Then comes | the IP in the report printout. | chrononaut wrote: | > No personal information is required to create your | secure email account. | | Except your phone number? That's highly personal. | https://news.ycombinator.com/item?id=28428092 | | (I recall encountering this too when creating an account | a few months ago.) | feu wrote: | I've created around 10 accounts in the last fews months, | and a few more previously. I have never once given (or | been asked to give) my phone number. | ramesh31 wrote: | Anyone who ever says "we don't log" is _definitely_ logging, | and that statement alone should tell you that they are | untrustworthy. No one is stupid enough to take on that kind | of liability. The same applies for VPNs. | | If you need trust, theres no way around rolling your own | service. | drexlspivey wrote: | Logging is the liability not the other way around. You | can't be forced to hand over something you don't have | kazen44 wrote: | expect you need to have the infrastructure in place to | gather data for police investigations in many countries. | If you don't have this infrastructure in place, you are | breaking the law as a company which could have enourmous | consequences. | | This does not mean you need to log everything all the | time. (usually that is actually quite illegal too) but | you need to have infrastructure in place to allow for | police investigations. | | I don't get how people don't understand this. companies | need to operate according to the law of the land, this | being one of them. | Raed667 wrote: | You can be forced to log though. | | I'm not sure how your tech-stack has to look like for you | to claim that you can't log IP addresses and user-agents | etc... | drexlspivey wrote: | Some VPN providers run their servers without hard drives. | luckylion wrote: | Thank god their servers aren't on a network where they | could simply send the log entries to a different server. | | That's a cute idea, but it won't get them out of | complying with a warrant. | chrononaut wrote: | Yeah, that seems more a mechanism to prevent forensics | analysis of a hard disk to retrieve transient logs that | might've been briefly written to disk (?). I hope it | isn't being as a means to prevent the means to log for | future connections, for the reasons you state. | kazen44 wrote: | for those who are curious, | | this seems to be the reply from protonmail on reddit[0] | | >Hi everyone, Proton team here. We are also deeply concerned | about this case. In the interest of transparency, here's some | more context. | | In this case, Proton received a legally binding order from the | Swiss Federal Department of Justice which we are obligated to | comply with. Details about how we handle Swiss law enforcement | requests can found in our transparency report: | | https://protonmail.com/blog/transparency-report/ | | Transparency with the user community is extremely important to us | and we have been publishing a transparency report since 2015. | | As detailed in our transparency report, our published threat | model, and also our privacy policy, under Swiss law, Proton can | be forced to collect info on accounts belonging to users under | Swiss criminal investigation. This is obviously not done by | default, but only if Proton gets a legal order for a specific | account. Under no circumstances however, can our encryption be | bypassed. | | Our legal team does in fact screen all requests that we receive | but in this case, it appears that an act contrary to Swiss law | did in fact take place (and this was also the determination of | the Federal Department of Justice which does a legal review of | each case). This means we did not have grounds to refuse the | request. Thus Swiss law gives us no possibility to appeal this | particular request. | | The prosecution in this case seems quite aggressive. | Unfortunately, this is a pattern we have increasingly seen in | recent years around the world (for example in France where terror | laws are inappropriately used). We will continue to campaign | against such laws and abuses. | | to me this seems like they did all the could in regards to | handling this request. | | [0]https://www.reddit.com/r/ProtonMail/comments/pil6xi/climate_.. | . | Kenji wrote: | If you're a criminal and use email, especially email paid for in | your name, you're an idiot. Switzerland has been tightening its | laws just like every other country, all of them are fascist. | m-p-3 wrote: | For those using Tor, the Onion v3 address is | protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion | blondin wrote: | okay. | | so today we are redefining what "not logging data" means. it | changes meaning when used in the same sentence as the expression | "by default". so by default, not logging data is not really not | logging data. | | we've redefined quite a few things in the past few months. will | be interesting to see where we go from here. | throwawayswede wrote: | It has not really changed meaning. Asshole companies blatantly | lying and using dark patterns only means one thing: that the | company is a piece of trash and does not respect their | customers. | rad_gruchalski wrote: | Question: is it possible they do not log any of the data but were | required to capture it on the next login? All the talk here | implicitly assumes ProtonMail provided historical information. | kazen44 wrote: | As far as i understand from the article, this is roughly what | happened. Protonmail got a warrant, and thus enabled logging | for the user (as is required by law). | regnull wrote: | The only good answer to this is end-to-end encryption, keys held | by the individuals, and full decentralization. You must not put | your private communications into the hands of any company, as | great as they are. | newbie789 wrote: | I'm aware that this is a very silly sounding question, but I'm | very confused about what's going on here. | | If the subject of this investigation had been using ProtonVPN to | connect to ProtonMail, would this have (in a marginal way) | protected their anonymity? If Proton _Mail_ can be compelled to | begin logging, surely the same must be said of Proton _VPN_ | right? | | It's interesting how many "privacy focused" companies tout being | based in Switzerland as some big badge of honor, which a layman | consumer such as myself is supposed to be really impressed by due | to the overall reputation of "Swiss privacy laws." | | In practice, I've never been to Switzerland. I don't know any | person that has had any legal issues there, let alone someone | that's litigated a digital privacy case there. I do not speak | German or French, and don't know where to start when it comes to | looking up specific cases or court proceedings, so I'd be | extremely slow on the uptake of the actual ins and outs of how | the Swiss privacy model works from a practical standpoint. | | The "based in Switzerland" thing strikes me as a bit of a black | box bit of marketing speak. How much time, energy and money did | ProtonMail expend fighting this surreptitious logging mandate? | Does "Swiss privacy" actualy mean anything if ProtonMail is happy | to hand over your IP address when spooked? | H8crilA wrote: | Shhh, the entire country runs on similar myths, most | prominently banking. But then, all that the common man is | capable of understanding is myths, sooo ... | llampx wrote: | > It's interesting how many "privacy focused" companies tout | being based in Switzerland as some big badge of honor, which a | layman consumer such as myself is supposed to be really | impressed by due to the overall reputation of "Swiss privacy | laws." | | I believe it comes about due to the old trope of Swiss banks | being the most secure places to hide money, which of course is | not true and hasn't been for a long time. Even in that period, | I am sure they complied with Interpol/Europol requests to | divulge account details of evil masterminds with a beeellion | dollars hidden away in a Swiss vault. | shantara wrote: | I used to work for a now defunct Swiss company that had "Swiss | quality, security and privacy" plastered all over the website | and marketing materials. The number of actual Swiss people on | the team could be counted on one hand, the rest of developers | being from every European country out there, with the most | represented ones being Ukraine and Romania. And from talking | with my coworkers, the situation is the same across other Swiss | IT companies. | | I would not pay any attention to the "Swiss X" marketing. | FpUser wrote: | Proble is not with ProtonMail. Problem is with the government | arresting people for this type of action. | dredmorbius wrote: | Also mentioned in another submitted tweet: | | https://nitter.eu/OnEstLaTech/status/1434575322465382404 | | Translation: "The company @ProtonMail delivered IPs of climate | activists to the police, after which the activists were arrested | and searched. ProtonMail claims on its website, however, that it | does not store the IP addresses of its users." | | Source (in French): https://secoursrouge.org/france-suisse- | securite-it-protonmai... | | Translation (via Google Translate): | | _The year 2020 and 2021 was marked by the establishment and | repression of a series of occupations in the district of Place | Sainte Marthe, in Paris, in order to fight against its | gentrification. Some 20 people were arrested, three searches were | carried out and several people were sentenced to suspended prison | sentences or to fines of several thousand euros (more info here | and here). In addition, seven people are on trial in early 2022 | for "theft and degradation in assembly and home invasion" | following the occupation of a with a file of more than 1000 | pages. During the investigation, the police focused on the | collective "Youth For Climate". In particular, they were able to | use photos published on Instagram, even if they were blurred | because of the clothes._ | | _The police also noticed that the collective communicated via a | protonmail email address. They therefore sent a requisition (via | EUROPOL) to the Swiss company managing the messaging system in | order to find out the identity of the creator of the address. | Protonmail responded to this request by providing the IP address | and the fingerprint of the browser used by the collective. It is | therefore imperative to go through the tor network (or at least a | VPN) when using a Protonmail mailbox (or another secure mailbox) | if you want to guarantee sufficient security._ | | (Disclaimer, Protonmail user.) | throwawayswede wrote: | This is seriously messed up. Purely because their marketing has | been very aggressive to promote total and complete anonymity, | directly sometimes and mostly indirectly. If it's true that the | French wording makes it seem like they don't keep logs at all | whatsoever, then I believe the person arrested has grounds to sue | them, and I would hope they do. But even if not, I consider their | marketing is a total and complete dark pattern from now on imo. | | Tremendously disappointed. | | What's next? Is ddg selling search data to google? | skarz wrote: | We know that PM saves all kind of metadata and happily provides | it to any kind of agency. You have to use an anonymous VPN | service (obviously not ProtonVPN) in combination with ProtonMail, | if you want to avoid exposure by PM. | | ProtonMail lost it's essence to be honest. As soon as my | subscription runs out I'm gonna host my own mailserver instead. | There are no advantages in using ProtonMail snymore. | londons_explore wrote: | Cryptographers and developers need to step up their game... | | There needs to be a messaging service where as well as the | messages being encrypted, the graph of who is talking to who and | when must be encrypted. | | I'm imagining a system where your device forwards hundreds of | messages for _other people_ , hiding your own message flow. | | I perhaps send a few hundred messages per day, and even | multiplying that by 1000, and the typical message length of a few | words, it's still a tiny amount of data transfer. | bickeringyokel wrote: | Interesting idea, but is that not a liability to yourself if | nefarious or illegal messages are passing through your device? | dlvktrsh wrote: | I knew they were snitch | doc_gunthrop wrote: | It seems the lesson here is to always use a VPN (or Tor) if | you're under such threat. | vmception wrote: | and the lesson here is that everyone who called out Protonmail | for being sus (suspect) on signup was correct. | | try using Tor to create a protonmail account and they require | both javascript and a phone number. | | yeh yeh client side encryption requires javascript, but seems | better to just have an unlinked email that can be read server | side and there are plenty of Tor-only email providers for that. | | phone number under an "anti-spam" guise is just suspect. | istingray wrote: | Protonmail customer here. Sigh. This is why I keep my own domain | and can point it wherever I need. Dear Protonmail, email is | fucking cheap and easy, I pay you $58 a year to solve stupid shit | like this. | | Vendors really need to figure out how to thread the needle of "No | don't trust us" but still encourage customers to buy. Protonmail | failed here. Apple's still very much in the "trust no one but | us!" vibe, and it's just not sustainable. | | I'll be switching my Protonmail use to default to Tor now. Open | to Tor-first vendors...are there any? | | I like how Brave has "open in Tor" displayed on Tor-mirrored | sites. There's even an option for "Automatically redirect .onion" | sites too. Makes it easy to switch over. | | What if Protonmail pushed their Tor services more? "Guide to | using Protonmail as privately as possible", have a switch for | "Private Mode" that kicks you over to Tor/download Tor. | pphysch wrote: | Tor is a State Dept/DARPA project, so at best a sidegrade from | Proton if your concern is being surveilled by Western | governments. | sneak wrote: | Tor is open source. Point to the vulnerability you are | claiming, or stop spreading FUD. | arglebarglegar wrote: | it's been known for a while that the NSA runs tor nodes, | right? | cortesoft wrote: | https://nusenu.medium.com/tracking-one-year-of-malicious- | tor... | acheron wrote: | Where "this" in "solve stupid shit like this" is "hide you from | police with a legally authorized warrant"? | | If you were relying on Protonmail to conceal evidence of | criminal activity for you, you may not have thought that all | the way through. | istingray wrote: | Where "this" is using soft language like "by default" to hide | shortcomings. I expect Protonmail to do more to educate users | to be aware of how surveillance happens, whether a rogue | employee enables the function on their end, warrant, etc. | 1vuio0pswjnm7 wrote: | Is Javascript required to sign up or use ProtonMail. | | https://www.wired.com/2015/10/mr-robot-uses-protonmail-still... | codetrotter wrote: | No, you can use any SMTP/IMAP/POP3 capable client instead of | using their web interface. | | https://protonmail.com/support/knowledge-base/imap-smtp-and-... | | But you are still making an IP connection. JS/no JS is not | relevant to this discussion. | [deleted] | [deleted] | SavantIdiot wrote: | Do we still like Runbox? Based in Norway. They claim to be the | most secure email provider due to Norwegian laws: | | https://runbox.com/why-runbox/privacy-protection/email-priva... | mikl wrote: | I guess there isn't much Protonmail can do if the prosecutor | shows up with an ~Interpol~ Europol warrant. | | I wonder what this "activist" did to earn himself Europol | attention. At least before the world went insane, that would only | happen for serious crimes. | ficklepickle wrote: | The terrible crime of squatting, according to some comments in | that thread | BrandoElFollito wrote: | Has your home in France been squatted? No? Or maybe you do | not own a house in France? | | If so, on which basis do you ironically call squatting a | "terrible crime"? | | Squatters in your house in France means that you you have | zero rights on this place until a lengthy process gives it | back to you, ruined. You are then expected to be grateful and | can forget about any reimbursement from the poor people who | stole your property. | [deleted] | folmar wrote: | Interpol warrants are widely used for fighting political | opponents [https://stockholmcf.org/wp- | content/uploads/2017/09/Abuse-Of-...] | [http://www.opinione.it/societa/2017/08/29/claudia- | candelmo-e...] | [deleted] | keewee7 wrote: | The Climate Action youth movement is sometimes explicitly anti- | capitalist in a very "direct action" way. | | Vandalising banks is stupid and also an efficient way to make | powerful people dislike you. | mytailorisrich wrote: | They do seem to be a far left group using the "climate" | umbrella. This squatting 'action' has nothing to do with the | environment, it's class struggle. | | Unfortunately this sort of extremist group is harmful to | people and organisations genuinely trying to do something for | the environment. | freshhawk wrote: | Probably the movement to squat in empty buildings and | organize more of the same in response to pandemic evictions, | that's been getting the kind of attention its very dangerous | for left wing groups to get. | [deleted] | nicce wrote: | If you don't collect data, you can't give it even if you | wanted? | MattGaiser wrote: | I suspect that you can order to collect it going forward. | dheera wrote: | If they order to collect someone's data, can't ProtonMail | just say "we've been ordered to collect data for a user" on | the front page? | danuker wrote: | Certain organizations can compel you to start gathering data. | kazen44 wrote: | expect you are legally required to actually gather this data | if a warrant is issued. | vmoore wrote: | You can disable the recording of login sessions in Protonmail's | settings dashboard. I do that, not only to avoid Protonmail | learning of the logs, but by a hacker who, once upon breaching | your account; also gets to learn the IP you use to login with. | istingray wrote: | Thanks, I had "Basic" on and turned it completely off. This | should be Disabled by default. I created a new account to see | what the default is (it's Basic): | https://news.ycombinator.com/item?id=28428092 | alfiedotwtf wrote: | I'm looking forward to the day where email is not mistakenly used | for clandestine communication. | | Why hasn't there been made a Tor-only, store-and-forward, text- | only communication app? You'd think this would be a no-brainer | for communities that need _real_ private communications. | blub wrote: | If you think that's bad, Tutanota was forced by the court to | change their SW, so that all incoming e-mails for a specific | account would be intercepted before encryption: | https://news.ycombinator.com/item?id=27303712 | freshhawk wrote: | Hushmail had a similar warrant, they changed their login form | so it would send the password in the clear to the server, which | they used to decrypt the mail and logged all the traffic to | help trace the user. If you get targeted these "anonymous" | email services aren't going to be good for much in practice. | istingray wrote: | Disclaimer: Paying Protonmail customer | | Their homepage says "By default, we do not keep any IP logs" | | In 2021, any soft language like this should be a red flag for | anyone who is against surveillance. Maybe in 2018 it was good | enough. But in 2021 it's not. Come on, Protonmail, you're | supposed to be leading the way -- don't make me figure it out | myself. | | Replace immediately with "By default we don't log IP, but may be | required to by local law enforcement. We recommend everyone | connect through Protonmail through Tor. This month, 60% of our | users connected through Tor". | sigmoid10 wrote: | People really don't seem to understand that Protonmail is a | western company in a western country with pretty generous | surveillance laws. Yes, your email text may be encrypted, but | everything else is free game to the authorities unless you use | additional protection. | istingray wrote: | Protonmail should be pushing more of this messaging in their | branding. "Don't trust us further than you can throw us. | We're doing our best, and here's what we recommend, use Tor, | etc." | winrid wrote: | This is just not realistic, though. | pseudalopex wrote: | Why not? | umvi wrote: | "we aren't much better than Gmail from a privacy | standpoint, but please still give us money" | Barrin92 wrote: | I wonder how long the 'Swiss privacy' brand, which seems to | be fairly valuable will hold if these things keep happening, | I had to immediately think of Crypto AG | | https://en.wikipedia.org/wiki/Crypto_AG | znpy wrote: | In the US companies can make canary statement... | https://en.wikipedia.org/wiki/Warrant_canary | dredmorbius wrote: | The canary is dead, and the fact is widely publiscised, if | not necessarily well known. | istingray wrote: | Those canary things seem so 2018. | | In 2021 the most powerful canary statement should be "Don't | trust us. Seriously, treat us as an adversary. We still want | you to be our customer of course, but here's how we really | recommend you use our service, Tor, semi-anonymous payments, | etc. In God we trust, for everyone else use math." | cabalamat wrote: | I wonder how many TOR nodes are run by the NSA? | calvinmorrison wrote: | Doesn't matter if you are going to an internal onion address | ivan_gammel wrote: | TBH in 2021 people engaging in potentially dangerous activities | should be literate enough to understand, that no business will | guarantee them full security and decline all requests from | authorities to disclose their identity. The wording you suggest | is equivalent of ,,do not dry your cat in microwave" | instruction - a legal protection from dumb customers, that does | not contribute meaningfully to safety. | | For the non-Swiss customers working with a Swiss provider can | be a good enough protection to avoid inconvenience of Tor. | After all, even in the mentioned case it required review and | approval of 3 agencies before request came to Proton - from | French police, from Europol, and then from Swiss authorities. | If this is not enough barriers to protect from politically | motivated prosecutions and corruption, then we have much bigger | problem in Europe. | Thorrez wrote: | Sure, the wording istingray suggested is a bit over the top. | But the existing wording "By default, we do not keep any IP | logs" is misleading. Why even say it? They should simply | delete it. | ivan_gammel wrote: | How do you understand ,,by default" and ,,keep" in this | phrase? Does it actually mean that they do not _collect_ | the logs? | lelandfe wrote: | My first reading of "by default" here is that I can | optionally enable it through my account. | | Really, it's a phrase that means 3 things: I can enable | it, ProtonMail can enable it[0], or the authorities can | compel ProtonMail to enable it. | | Saying _any_ of that, or at least linking to a page that | does, would be a smart move. | | [0] https://protonmail.com/privacy-policy - "IP logs may | be kept temporarily to combat abuse and fraud, and your | IP address may be retained permanently if you are engaged | in activities that breach our terms and conditions" | akimball wrote: | It's not protection FROM your customers. It is protection FOR | your customers. Most customers are not technically astute | shadowgovt wrote: | A corporation is a power centralization, and government | authority can lean on power centralization. | | In general, regardless of what their TOS say, never believe | that a corporation can't be compelled by the law to do | anything they could physically do. CEOs can be jailed; | when's the last time we heard of one _actually_ going to | jail over user privacy? | pessimizer wrote: | The point being made agrees with you, and is just saying | that since protonmail can't help but obey sometimes, they | should make the effort to educate their customers about | that fact and whatever their customers can personally do | to mitigate the risks of that fact. | ivan_gammel wrote: | A customer that specifically chooses Proton for privacy, | must read and agree to privacy policy, which explicitly | states, that Proton may in fact keep temporary IP logs and | that user may opt in for login IP logs. Requests from | authorities may ask for this kind of information and Proton | will have to provide it. | | The ,,opt-in" part for login logs is particularly | interesting, because in fact Proton recommends this as a | security best practice. Whether it's in the best interest | of the customer or not, it's an open question. I would say, | in a risk model, where threat of human rights violation by | Swiss government is much lower than risks of unauthorized | party accessing the account, it makes sense. Tough luck for | the criminals that followed this advice. | | https://protonmail.com/privacy-policy | keewee7 wrote: | Why is a "Climate activist" being arrested? | jokoon wrote: | I don't really know but eco terrorism is something that is more | than likely to increase, with all the floods, forest fires, | hurricanes, Greta thunberg, ipcc reports, and recently Biden | authorizing some oil contract thing. | | Something is going to move. | mytailorisrich wrote: | In this case it seems that they are a far left group that has | decided to squat a restaurant for good old 'class struggle' | reasons and vowed not to back down... | | It also seems that it is not any restaurant but one of the | 'victims' of the 2015 terrorist attacks [1] | | Basically political extremists trying to disguise themselves as | environmental activists. Not interesting people, to say the | least. | | [1] https://www.tellerreport.com/news/2021-01-04-%0A--- | justice-o... | [deleted] | AdmiralAsshat wrote: | "We won't store your IP, except when its sought by the | government, which is the only reason you'd ever realistically pay | for a service that doesn't store your IP." | | Brilliant! | COGlory wrote: | Disclaimer: I have a ProtonMail account that I pay for. | | I have seen a ton of disturbing pieces about ProtonMail. Every | time I've looked into them, they seem to be maliciously motivated | and usually not true, or otherwise twisting of the truth. This | has been a confusing thing for me because why is there a small | subset of people so vehemently against them? | | In this case, I'm not surprised. They say quite clearly they can | be compelled to collect IP addresses - including in the linked | tweet. This seems like a pretty clear cut case of them being | compelled to provide an IP address. What the authorities can't | do, is read that person's email. And that's what I and others pay | for. | | I'm not sure what there is to be upset about here? Other than | perhaps France prosecuting this individual to begin with? If we | had faith that ProtonMail wouldn't hand over anything to the | government, why would anyone even care about having encrypted | emails? | istingray wrote: | I'm also a Protonmail customer. | | Tor solves this. Protonmail's Tor support is lukewarm. They | have a Tor based login without captchas. It's mentioned on | their homepage in the bottom menu under "Onion Site", (/tor). | And there's one blog post from 2017 that still promotes their | v2/shorter onion address. | | I expect Protonmail to push its users to login through Tor. | "Don't trust us, trust math". Embed Tor support in their apps | as well. Rebuild their iOS app to offer to drive all | connections through Tor. | | And frankly, for $50 a year for email, I expect Protonmail to | be thinking ahead about this, rather than me coming up with | dumb ideas on a forum. Protonmail was neat in 2018 but 3 years | later it's stagnant. | Aachen wrote: | How is that lukewarm? Sounds like first class support if they | have a dedicated onion address and not just let you connect | to the regular clearnet. Or is that address _only_ in that | old blog post and not mentioned in places you 'd usually | look? It's a bit unclear to me. | istingray wrote: | It's lukewarm because what _less_ could you do besides not | support Tor? | | Tor is mentioned on their homepage in the bottom menu under | "Onion Site". However, this menu link redirects to their | Tor placeholder page, rather than directly to the Tor | service: https://protonmail.com/tor | | There's one blog post from 2017 that still promotes their | old v2 onion address: https://protonmail.com/blog/tor- | encrypted-email/ | | Protonmail's Tor service is located at: https://protonmailr | mez3lotccipshtkleegetolb73fuirgj7r4o4vfu7... | cortesoft wrote: | What does using Tor have to do with trusting math? | istingray wrote: | "What makes Tor different from the usual thesaurus-full of | government projects is that Tor is essentially a very | elaborate math trick, using layers of math puzzles to | create a network-within-the-network. That math is being | implemented in front of a global audience of millions of | sophisticated watchers. It is likely the most examined | codebase in the world. It has been subjected to multiple | public audits. The math, well known and widely | standardized, will work for everyone, or it will not, | whoever pays the bills." | | from https://pando.com/2014/12/09/clearing-the-air-around- | tor/ | polote wrote: | One of the first sentence on their website is "By default, we | do not keep any IP logs". If as soon as police show up (Which | is almost the only case that people would want their IP hidden) | they give IP logs, it is clearly false advertising. The fact | that only the anonymous feature is important to you will not | change the fact that they do the opposite of what they | advertise regarding IP logs | COGlory wrote: | >If as soon as police show up (Which is almost the only case | that people would want their IP hidden) they give IP logs, it | is clearly false advertising | | Is there any evidence this is what happened? | | An alternate scenario is that they were not keeping logs, and | were then compelled by the authorities to start keeping them | on that user. | bdibs wrote: | Wouldn't "any" include authority compelled logging? | COGlory wrote: | Perhaps, but I'd imagine that semantically, "by default" | negates that since this is clearly not a default | situation. | hh3k0 wrote: | Stop trying to defend indefensible behavior by getting | hung up on semantics. | | I, for one, will not renew my ProtonMail account if | that's their status quo. | kazen44 wrote: | what other status quo do you expect from them? Having to | provide IP logs after a warrant has been issued is the | law in switserland (and most if not all of the EU). | | Sure, the law would (hopefully) be changed, but at the | moment, this is the best they can legally do? | ipaddr wrote: | Tell users you are being logged on website. | | Put alert warning that account has logging enabled | | Change the service so collecting logs is not possible | | Stop adding captcha to tor users login because you want | to identify users | polote wrote: | The end result is the same either way | Sebb767 wrote: | No. With on-demand logging, they can find the owner of | the account (assuming he doesn't take further measures), | but you can't retroactively prove someone used that | account to do something at a specific time. For example, | you could not prove that the individual was logged in at | internet cafe xy near the time of the crime. Also, an | opsec mishap (such as logging in without protection) will | not be fatal unless you're already under surveillance. | COGlory wrote: | No, if they were not collecting logs by default, then it | is clearly not false advertising. | polote wrote: | So the default is when nobody ask for the logs? What the | point of not collecting IP unless for the time it is | useful? | Aachen wrote: | I mean it's either this or traffic analysis. If you use | your clearnet IP address to do illegal things, it's | nothing more than reasonable that you can get in trouble | for it. | | This is also why I don't get protonmail in the first | place. Unless you use pgp or equivalent, you'll always be | subject to law enforcement. Just that protonmail cares | more and caters more to activists and so might not give | it out without checking that the asker is really legit | and then give the minimal amount possible. But they'll | always be able to turn over your emails and log IPs, it's | not protonmail's fault the laws were voted into action | like this. | Sebb767 wrote: | No history of when you logged in from where and, | possibly, plausible deniability about about you being the | only user of that account (through you'd probably need to | prepare for this to be believable). | lelandfe wrote: | Technically correct but misleading. | | They tout that off-by-default statement on their | homepage, underneath the header of "Anonymous Email," | with the closing sentence of "Your privacy comes first." | | So why even market that? It provides no meaningful | security. | IlliOnato wrote: | Were _you_ mislead by this? Did you really expect a | Switzerland-based company not to comply with law of the | land? | | There is a difference between "available to police, not | retroactively, and only with a valid warrant" and | "available to any government agency constantly and in | bulk, as well as to data-collecting commercial entities, | Russian and Chinese hackers, and their dogs". Don't you | agree? | lelandfe wrote: | Fair point. I still don't think they've worded that well | enough. I would probably not have read "By default" to | have the context of "Unless asked to do so by | authorities." | | They're not being as transparent as possible in their | marketing, which is at odds with their allure of | security. | kylehotchkiss wrote: | Really solid explanation of what you're paying for as a | proton customer - and despite this unfortunate situation | for the French advocate is why myself and others will | continue their paid ProtonMail plans | fsckboy wrote: | no, the end result is not the same either way. | | I'm not taking sides on privacy or the threat of govt (or | other sourced) tyranny, I'm just explaining the logic to | answer your question: | | Let's say you engaged in a long history of using | protonmail innocently, then one day you decided to start | commiting crimes for the first time and attract police | interest. You would know that your historical logs were | not kept, and it was only after you started attracting | police attention that you would be at risk of | incriminating yourself through proton mail. Maybe, on the | run from the law, it would be safe for you to hide at | your old friends house because there was no log to link | you to him. | | Yes, it is also the case that you may not have realized | that ordinary behavior had been criminalized by an evil | govt all along blah blah blah... I'm just pointing out | that there is a difference where you saw none. | polote wrote: | I said the end result is the same. Not that it is the | same. In both case they give the IP when the police ask | for it | fsckboy wrote: | In both cases they don't give the IP. | | in the case where they receive a court order, they first | log your IP and then they give it. | | but you know this from their terms of service. | | if you stop using protonmail when you start your criminal | career, they will not give your IP because they didn't | save it. | | it's different in the end, not the same. | ipaddr wrote: | If you knew this, couldn't you login from someone's ip | you want to frame the crime on? | tephra wrote: | So also a proton customer here. "By default we do not keep | any IP logs" and this case does not seem like the default? | Seems like they were required to by law to log and turn over | this specific IP? (Of course I haven't seen the actual case | but I would assume that meant a warrant.) | jonas21 wrote: | As a user, I'd take that to mean that they wouldn't keep | any IP logs unless _I_ turned logging on. I wouldn 't | expect that _they_ would enable logging on their own. | | Interestingly, ProtonMail's privacy policy lists a number | of cases in which they may log your IP address permanently | (including if you breach their Terms and Conditions). But a | request from law enforcement is not one them. | polote wrote: | We do not kill people except the people we kill | | I see that you want to protect Protonmail, but if they want | to stop being misleading they can just remove the IP log | sentence | istingray wrote: | Put "By default we don't keep IP, but may be required to | by local laws. We suggest you connect through Protonmail | through Tor". | | I would much prefer this, as a Protonmail paying | customer. | dredmorbius wrote: | Tor helps, but is not especially robust against state- | level actors / APTs. An actor running a sufficient number | of entry/exit nodes could perform at least some traffic | analysis. | | Tor is an improvement. It's still a limited tool. | s1artibartfast wrote: | It's not misleading in that many services do keep records | by default. If people don't understand what default | means, they should grow their understanding, not be | outraged that their uninformed opinion was wrong. | istingray wrote: | Default means "we do whatever the fuck we want, any | assumptions are your fault" | tephra wrote: | I mean they are misleading in so far you want them to... | | I'm a privacy activist and certainly think that a company | should be able to not keep logs. If the law in the | country they are in (or area, see for example the data | retention directive in the EU) we should of course (and I | am) work to change those laws. | | It should come as no surprise to anyone who is privacy | minded and actively seek out privacy focused services | that are located within the EU or Switzerland that your | IP (or other information) can be requested with a warrant | and that a company is required to hand that over. | istingray wrote: | If this doesn't matter, what's important for you about | being a Protonmail customer? | | (also a paying Protonmail customer) | tephra wrote: | I never said it didn't matter. I think the data retention | laws and for what crimes the police are able to get | certain warrants in the EU and Switzerland can be better. | | But that is not a proton issue that is an issue with our | current governments. | neltnerb wrote: | That your emails are supposedly stored encrypted, that if | other services support it end-to-end email encryption | supposedly can be enabled easily, and that supposedly you | cannot be served targeted ads because they cannot read | the contents of your email (not that they have ads | anyway). | | Of course Protonmail is accessible via Tor. Not that you | should need to do that to remain private. | vntok wrote: | > That your emails are supposedly stored encrypted, that | if other services support it end-to-end email encryption | supposedly can be enabled easily, and that supposedly you | cannot be served targeted ads because they cannot read | the contents of your email (not that they have ads | anyway). | | Gmail does all of this for free though, right? | rileyphone wrote: | The last point very much not so - having my email | provided as a free product by the world's largest ad | company isn't a relationship I want to pursue. | aborsy wrote: | >> What the authorities can't do, is read that person's email. | | What if authorities ask, serve this user this malicious | JacaScript code to obtain their encryption key? | | PM has to obey and the result is the same. | pgalvin wrote: | They claim this is not possible under Swiss law, fwiw. We've | recently seen that it is possible under German law, with a | competitor (Tutanota) building a server-side backdoor for one | user. | caeril wrote: | ...but we know it's possible under Swiss law, from this | case, for them to be compelled to _start_ logging specific | account accesses, that they by default _were not_ | previously. | | How is that any different from them being compelled to | disable or weaken clientside encryption? | | In both cases they're being compelled to make changes to | their service. | | The camel's nose is clearly already under the tent. | Everybody needs to start diffing javascript served by them. | feu wrote: | >...but we know it's possible under Swiss law, from this | case, for them to be compelled to start logging specific | account accesses, that they by default were not | previously. | | You're claiming that we know X is possible under Swiss | law because they were compelled to start doing Y, there | is no connection between those two things. Unless you can | cite specific laws which do allow compelling injection of | malicious JavaScript this seems like the spreading of | FUD. | c7DJTLrn wrote: | I am also paying for ProtonMail. | | They come off as a very dodgy company willing to twist the | truth themselves. They claim that they can provide E2EE for | email, being careful not to give away the fact that this is | impossible for regular emails to non-PM customers. | | Frankly I only use them because they're the biggest "private" | email service and that provides a kind of safety in numbers. | Sebb767 wrote: | As a business in that space, you probably need to have dodgy | marketing in order to convince mainstream users. I'm not | disagreeing that it's bad, but it's probably necessary | business-wise. | JohnJamesRambo wrote: | What does Youth for Climate do that required arrest? I'm | unfamiliar with them. ___________________________________________________________________ (page generated 2021-09-05 23:00 UTC)