Proton Meet Isn't What They Told You It Was
https://www.sambent.com/proton-meet-isnt-what-they-told-you/
Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.
Most of the privacy claims (of all type of apps) are essentially garbage anyway because realistically, if a website or an app can be compelled to push an update to a specific user, then they can intercept anything they want.
It doesn't even have to be a specific binary, it can be "just turn on this A/B testing / debug flag for that user" or a piece of javascript
Yes? A/B testing flags, auto-updates, server-side re-routing, etc are just some mechanisms from the top of my head that can do that.
The ways to avoid it is by having locked and cryptographically verified software and connections.
Not sure if that counts as proper evidence, but I have seen some logs[0] albeit with encryption but from my understanding, they control the encryption keys or atleast certainly have the ability to change (if they get hacked themselves for example)
Would you like to see a proper evidence of the logging policy? I feel like I can try finding that again if you/HN community would be interested to see that.
Edit: also worth pointing out that keeping logs with time might be a form of meta-data, which depending on your threat-vector (journalism etc.) can be very sensitive info.
[0]: my another comment here: https://news.ycombinator.com/item?id=47624960
That's evidence for the mechanism, as asked
The evidence that it's being actively used in the US is in the secret proceedings of a secret court. I kid you not, look up FISA warrant
bundie