Mastodawn

For all the Proton fans

@skinnylatte i've had Proton for over a year now and like them. Anyone who is disappointed about this shouldn't be surprised. They have to obey Swiss law after all.

If you want a privacy-focused email provider, there aren't a lot of choices and Proton is still one of the best.

Show thread

FreediverX Mar 5

@boojum @skinnylatte
What's the point of paying for a privacy-focused email provider that doesn't provide privacy?

Show thread

taylor Mar 5

@freediverx @boojum @skinnylatte That they will protect your privacy to the limit that they legally can, perhaps? A privacy-focused email provider that doesn't abide by the laws of the country they operate in stops existing pretty quickly.

Show thread

FreediverX Mar 6

@taylor @boojum @skinnylatte

If they can't structure their service in a way that avoids the collection and storage of personally identifiable customer data, then they have no business claiming they offer privacy. This is like charging a premium for the world’s most secure door lock when a burglar can easily enter your house by breaking a window.

Show thread

taylor Mar 6

@freediverx @boojum @skinnylatte How do you charge somebody's credit card regularly on a subscription basis without storing any PII or working with a third party that stores PII?

This is like charging a premium for the world’s most secure door lock when a burglar can easily enter your house by breaking a window.

In which case it would be ridiculous to blame the door lock company when somebody breaks your window.

I think a more apt analogy is that it's like a hotel charging a premium for a high-privacy room, but still giving their card records to the FBI when they come with a warrant for those records, telling them what credit card paid for which room.

Show thread

The Fedilore Otter 🦦Mar 6

@taylor @freediverx @boojum @skinnylatte The company does not actually need to store the connection between the payment information and the email account.

Show thread

taylor Mar 6

@fedilore How would that work for recurring payments? For one-off payments, sure, you can take payment, mark the account as paid for a time period, and not keep that connection, but for a subscription, the card has to be associated with the account to be scheduled to pay it in the future.

Show thread

The Fedilore Otter 🦦Mar 6

@taylor Service One sells subscriptions and verifies subscription status using the hashed version of a key.

Service Two is the encrypted email service. It also stores an encrypted version of the unhashed key.

Service Two verifies your subscription with Service One the first time you check your email each month.

I'm sure there are easier or more secure ways to do it, but that's one way.

And this service already exists? Get me right: This sounds (from my amateurish point of view) like a great solution, but is there a service that can already be uses? Or is the idea that proton also creates this service? (Not sure if "timing attacks" could leave a track).

If you need anonymity most services can't help you and it depends on your OpSec.

Show thread

The Fedilore Otter 🦦

@dexternemrod @taylor Signal already uses something similar.

https://signal.org/blog/introducing-secure-backups/

Introducing Signal Secure Backups

In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet messages, important documents, or anything else you don’t want to lose forever. This explains wh...

Signal Messenger