Mastodawn

Joachim Heistinger 🌶️14h ago

Well, this is unfortunate.

"Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the [US] government when asked. Proton hid them from their privacy policy."

#proton #protonmail #digitalsovereigty #opensource

https://www.sambent.com/proton-meet-isnt-what-they-told-you/

Proton Meet Isn't What They Told You It Was

Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.

Sam Bent

Darkas Vim 15h ago

@Gina I was considering moving over to Proton's services. I'll have to look more in depth at this decision. Thank you for pointing this out.

ImaCrea 15h ago

@Gina cc @protonprivacy ....

Michela Marie 🇨🇦15h ago

@imacrea @Gina @protonprivacy #Jitsi is actually fairly straightforward to install and operate. It’s definitely worth considering instead of Proton Meet or one of the ‘big tech’ products.

Cassandrich 14h ago

@imacrea @Gina Did you seriously just snitch-tag? 🙄

ArcaneChat 13h ago

@dalias coming soon (AGAIN!!):

ProtonMail official announcement: due to lack of resources we will be discontinuing our account here (not because you all are too woke and expose bad publicity about us) so please follow us on X and Reddit from now on to keep up to date, ok??? and remember: we really care about your privacy!

Cassandrich 13h ago

@arcanechat @imacrea @Gina Sadly the fedi has no shortage of people who keep stanning for discredited "private email" and "private messenger" scammers. 😫

ƧƿѦςɛ♏ѦਹѤʞ 12h ago

@arcanechat @dalias @imacrea @Gina
😬

@Gina Irrelevant question, but is there an actual private video-call platform and if yes which is it?

@JakeKb I'd recommend #Jitsi for individual users.

Cassandrich 14h ago

@Gina @JakeKb Seriously, Signal. I switched from Jitsi to Signal for meetings on the project I'm working on now, because of minor technical issues, and it's worked better anyway.

Now, Signal might not meet your needs for this if participants don't want to disclose their Signal usernames/phone-numbers, since Signal doesn't really do "multiple accounts" like they should. But if it does work, it's great, and actually private.

⠠⠵ avuko 5h ago

@dalias @Gina @JakeKb

There’s Wire too:

https://wire.com/en/

Wire – Collaborate without Compromise

Collaborate without compromise with Wire, the trusted platform for millions worldwide. Stay in control with end-to-end encryption that's invisible, flexible collaboration, and intuitive user interface. Join now for free and boost your productivity.

@Gina @JakeKb where do you host your Jitsi server? Would it maybe be a cloud hosting provider who is also vulnerable to a subpoena? The way I read it is: video relays for P2P by video suck. I know this because I can consider myself lucky if I spin up a Jitsi and have it go without incident. I once tried the FSF Jitsi instance and it was down right broken.

Regendans 15h ago

@JakeKb @Gina If you have 75 or less video call attendees then Signal can be your E2EE video-call choice.

https://support.signal.org/hc/en-us/articles/360052977792-Group-Calling-Voice-or-Video

Group Calling - Voice or Video

Like all Signal messages, group voice and group video calls are private too. You will be prompted to grant the Camera and Microphone permissions the first time you make or receive a Signal call. G...

Signal Support

Lucas Bentley 13h ago

@regendans @JakeKb @Gina
Signal works for those who have a cell phone only I believe.

I use @hostpoint and KMeet from Infomaniak for individual video calls (ex. My Mom).

terminal_blinker

@bentley_lucas @regendans @JakeKb @Gina @hostpoint Now I believe you can have accounts that are not tied to a phone number.

@Kyebr @bentley_lucas @regendans @JakeKb @Gina @hostpoint (someone please correct me if needed, I would love to be wrong but)
You still need that phone number to set up or (IIRC) log back into an account from scratch on a new device. What changed is that you no longer have to *reveal* that phone number so people can contact you (usernames), and you can disable "people can contact me by phone number" (forcing only the username).

ĞÖKÜ👻👻™13h ago

@JakeKb @Gina signal

Bleistifterin 12h ago

@JakeKb @Gina we use BigBlueButton. It sometimes glitches, but usually it works fine

errorbody 12h ago

Hey. I've been using digitalsamba recently. It's a platform from Spain.

https://www.digitalsamba.com/

They have a free version. I hope it fits your needs.

Free Video Conferencing from Europe | Digital Samba

Enjoy free, secure video calls with no sign-up, no tracking, and no bloat. 100% European-hosted. A privacy-first alternative to Zoom, Teams, and Meet.

Robert Sander 7h ago

@JakeKb @Gina https://opencloud.eu

Excellent file sharing - secure, simple, reliable. Start now.

Discover excellent enterprise cloud services with flexible, secure and scalable infrastructure that optimize efficiency and business processes.

__Miguel_15h ago

@Gina Ever since their CEO's position a few years ago it has been clear Proton is not really aligned with consumers' interests.
I'm glad things like these are coming to the light.

__Miguel_ Yes, their CEO’s behaviour has been a significant red flag, and I think we’re going to continue finding out that they’ve been lying for years as they’ve moved to comply in advance on this wave of anti-privacy bills being tossed around the world.

someguyonmastodon 14h ago

Cassandrich 14h ago

@Gina Of course they did. Because Proton is owned by a fan of fascism.

Troed Sångberg 12h ago

Only if you don't know the meaning of the words "own" and "fascism".

Morgan ⚧️4h ago

@troed @dalias @Gina are you misinformed or choosing to die on the "Donald Trump is not a fascist" hill that collapsed for most of the world at least a year ago?

Simon Dückert 14h ago

@Gina Das ist ja mal ein riesiger Schuss in den Fuß ... warum?

Latte macchiato

ablobcat_longlong

@Gina will people ever learn proton is a massive fed honeypot or will this continue

Patrick 14h ago

@privateger @Gina Proton products have always been snake oil. I think people *want* to believe they’re the good guys, for lack of easy alternatives.

Poloniousmonk 12h ago

@privateger @Gina

I need to get off their email. I assume the feds get everything anywhere, but I read Proton's now using my inbox to train AI. No thanks. Do you have any recommendations?

Troed Sångberg 12h ago

Proton don't have access to your inbox. Don't trust everything you read on the Internet.

@privateger @Gina

Poloniousmonk 11h ago

Thanks!

What about my sent folder?

Troed Sångberg 11h ago

@Uair All your email on Proton's servers are stored client side encrypted. They don't have the information needed to decrypt it.

Also, being owned by a Swiss non-profit means they can't lie about what they do or don't do since they would be shut down immediately by European - thus functioning - legal system.

Poloniousmonk 11h ago

Thank you!

Troed Sångberg 12h ago

Tell us more about these "feds" that break the encryption the linked article says is perfectly fine.

Latte macchiato

ablobcat_longlong

@troed @Gina
You don't need to break any encryption when E-mails arrive at your mailserver in perfect plain text lol
You are one swiss court order away from getting all of that stuff intercepted as it arrives.

Troed Sångberg 11h ago

I assume you think that "lol" somehow makes your post true?

Tell me more about how the Swiss privacy laws enable this "fed" honeypot. You know, for them to actually intercept they'll need a whole lot more than "someone wants to".

Or maybe you're simply posting FUD on a subject you have absolutely no knowledge of?

Latte macchiato

ablobcat_longlong

@troed @Gina
There is more than enough documentation on Proton sharing extensive metadata with authorities leading to arrests, multiple times. Do one search. At that point it doesn't matter whether you share message content, metadata is just as important.

Troed Sångberg 11h ago

I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.

Latte macchiato

ablobcat_longlong

@troed @Gina Okay bro. I'm sure you believe that.

Troed Sångberg 11h ago

Absolutely everyone who has any knowledge about the Swiss legal system and Proton's ownership knows they by definition cannot be a "massive fed honeypot" - which were your words.

"bro"

Latte macchiato

ablobcat_longlong

@troed @Gina Yeah, because no Swiss company has ever turned out to be a front.

Oh wait, Crypto AG. Whoops. How convenient too that Protons entire backend is fully closed source.

Troed Sångberg 10h ago

If we're just throwing out random accusations I guess you're FBI? I mean. Persons have been, before.

Latte macchiato

ablobcat_longlong

@troed @Gina Last I checked I don't offer an email service offering privacy guarantees you cannot possibly keep while being based in a nation that has an MLAT agreement with the US. But I see this is going nowhere, so I guess we'll disagree forever.

Troed Sångberg 10h ago

Nah, this is not disagreement. You're simply wrong on the facts and the "massive fed honeypot" statement was incredibly stupid and you got caught out.

Take it as a lessons learned.

Latte macchiato

ablobcat_longlong

@troed @Gina
Uh-huh.

@troed @privateger @Gina

I moved my wife and I to Proton last year to avoid contributing to a company that builds systems for ICE and US Mil right before they started bombing school children

They may be able to figure out who I'm speaking to and when given any number of hazardous indicators of using the web, but are they actually able to intercept me via Proton? I expect that somebody, preferably Proton, would cross reference the article's claims. Google isn't welcome to my data any longer.

grrl_aex 8h ago

@privateger @Gina @troed

"while being based in a nation that has an MLAT agreement with the US"

What encrypted service, based where, do you suggest then?

(List of countries with MLAT with the US for reference) https://www.justice.gov/criminal/criminal-oia/file/1498806/dl

@troed @privateger @Gina

https://web.archive.org/web/20210123101755/https://eprint.iacr.org/2018/1121.pdf

https://web.archive.org/web/20210907033657mp_/https://protonmail.com/blog/transparency-report/

Upon receiving a judicial order, ProtonMail is obliged to provide any user information readily available that would help identify a user that is subject to a criminal investigation that has been validated by Swiss authorities. In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.http://web.archive.org/web/20210907022818/https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/?guccounter=1So, in the specific case, it looks likely that ProtonMail was either under legal order to delay notification to the account holder — given what appears to be up to eight months between the logging being instigated and disclosure of it — or it had been provided with information by the Swiss authorities which led it to conclude that delaying notice was essential to avoid a risk of “injury, death, or irreparable damage” to a person or persons (NB: it is unclear what “irreparable damage” means in this context, and whether it could be interpreted figuratively — as ‘damage’ to a person’s/group’s interests, for example, such as to a criminal investigation, not solely bodily harm — which would make the policy considerably more expansive).It’s that IP monitoring component which has caused such alarm among privacy advocates now — and no small criticism of Proton’s marketing claims as a ‘user privacy centric’ company.It has faced particular criticism for marketing claims of providing “anonymous email” and for the wording of the caveat in its transparency disclosure — where it talks about IP logging only occurring in “extreme criminal cases”.

Wayback Machine

Troed Sångberg 10h ago

@puppygirlhornypost2

"that has been validated by Swiss authorities"

Yes?

@privateger @Gina

@troed @privateger @Gina i feel like offering an anonymous mail platform and then handing le people's ip addresses is a bit sus.

Troed Sångberg 10h ago

@puppygirlhornypost2

1) They have never claimed anonymity.

https://proton.me/blog/switzerland

2) Tell me more about how you run a company without obeying the laws in the jurisdiction where you are based. Please go into as many details as you wish.

@privateger @Gina

Why is Proton based in Switzerland? An analysis of Swiss privacy laws | Proton

Switzerland has a strong reputation for privacy, dating back over 100 years, but is this reputation actually backed up by strong laws?

Proton

grrl_aex 8h ago

@troed @puppygirlhornypost2 @privateger @Gina

Troed, your points here aside... using info from the same company whose information is already in dispute (as to bias and reliability) seems problematic/self-referential. an analysis of swiss privacy laws, as applied to services like proton's, would carry much more weight from a source that's *not* Proton.

Troed Sångberg 7h ago

Proton is owned by a Swiss non-profit. They would be closed down very quickly if they didn't adhere to their charter.

There's no "information in dispute" anywhere here - besides a lot of people who seem to believe that their own fantasies are somehow valid arguments in a debate. And use the blocking function when they're called out on it, since they're unable to handle their feels not being relevant.

@puppygirlhornypost2 @privateger @Gina

@Gina disappointing, but not entirely unexpected

ĞÖKÜ👻👻™13h ago

@Gina from 1 cloud trap (Google) to another cloud trap (Proton). ☺️

ArcaneChat 13h ago

@Gina I can't believe in 2026 people still trust Proton, can't people realize by now it is really a bad idea to put your trust in a centralized provider?

@arcanechat @Gina I still don't know what the realistic alternative is for electronic communications. it sucks... but without worldwide regulations, it's just always going to find ways to suck for people outside the inner circle of beneficiaries

and I very much want to pay a company that can avoid that, but... they are competing with companies with near monopolies, so how _can_ they compete? (and even the regulations would have to be like, morally guided and principled, but they wouldn't be...)

ArcaneChat 13h ago

@caitp to be honest, I don't think there is a solution for streaming of video to huge groups of people (ex. twitch-like)

but if it is just a meeting with a few people maybe some p2p calls like using webrtc could work, it would be all end-to-end encrypted and without needing to trust any company and also near zero server costs for them

Lucas Bentley 13h ago

@Gina
No bueno.
This stinks.