Mastodawn

Well, this is unfortunate.

"Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the [US] government when asked. Proton hid them from their privacy policy."

#proton #protonmail #digitalsovereigty #opensource

https://www.sambent.com/proton-meet-isnt-what-they-told-you/

Proton Meet Isn't What They Told You It Was

Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.

Sam Bent

Latte macchiato

ablobcat_longlong

@Gina will people ever learn proton is a massive fed honeypot or will this continue

Troed Sångberg

Tell us more about these "feds" that break the encryption the linked article says is perfectly fine.

Latte macchiato

ablobcat_longlong

@troed @Gina
You don't need to break any encryption when E-mails arrive at your mailserver in perfect plain text lol
You are one swiss court order away from getting all of that stuff intercepted as it arrives.

Troed Sångberg 11h ago

I assume you think that "lol" somehow makes your post true?

Tell me more about how the Swiss privacy laws enable this "fed" honeypot. You know, for them to actually intercept they'll need a whole lot more than "someone wants to".

Or maybe you're simply posting FUD on a subject you have absolutely no knowledge of?

Latte macchiato

ablobcat_longlong

@troed @Gina
There is more than enough documentation on Proton sharing extensive metadata with authorities leading to arrests, multiple times. Do one search. At that point it doesn't matter whether you share message content, metadata is just as important.

Troed Sångberg 11h ago

I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.

Latte macchiato

ablobcat_longlong

@troed @Gina Okay bro. I'm sure you believe that.

Troed Sångberg 11h ago

Absolutely everyone who has any knowledge about the Swiss legal system and Proton's ownership knows they by definition cannot be a "massive fed honeypot" - which were your words.

"bro"

Latte macchiato

ablobcat_longlong

@troed @Gina Yeah, because no Swiss company has ever turned out to be a front.

Oh wait, Crypto AG. Whoops. How convenient too that Protons entire backend is fully closed source.

Troed Sångberg 11h ago

If we're just throwing out random accusations I guess you're FBI? I mean. Persons have been, before.

Latte macchiato

ablobcat_longlong

@troed @Gina Last I checked I don't offer an email service offering privacy guarantees you cannot possibly keep while being based in a nation that has an MLAT agreement with the US. But I see this is going nowhere, so I guess we'll disagree forever.

Troed Sångberg 11h ago

Nah, this is not disagreement. You're simply wrong on the facts and the "massive fed honeypot" statement was incredibly stupid and you got caught out.

Take it as a lessons learned.

Latte macchiato

ablobcat_longlong

@troed @Gina
Uh-huh.

@troed @privateger @Gina

I moved my wife and I to Proton last year to avoid contributing to a company that builds systems for ICE and US Mil right before they started bombing school children

They may be able to figure out who I'm speaking to and when given any number of hazardous indicators of using the web, but are they actually able to intercept me via Proton? I expect that somebody, preferably Proton, would cross reference the article's claims. Google isn't welcome to my data any longer.

grrl_aex 9h ago

@privateger @Gina @troed

"while being based in a nation that has an MLAT agreement with the US"

What encrypted service, based where, do you suggest then?

(List of countries with MLAT with the US for reference) https://www.justice.gov/criminal/criminal-oia/file/1498806/dl

@troed @privateger @Gina

https://web.archive.org/web/20210123101755/https://eprint.iacr.org/2018/1121.pdf

https://web.archive.org/web/20210907033657mp_/https://protonmail.com/blog/transparency-report/

Upon receiving a judicial order, ProtonMail is obliged to provide any user information readily available that would help identify a user that is subject to a criminal investigation that has been validated by Swiss authorities. In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.http://web.archive.org/web/20210907022818/https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/?guccounter=1So, in the specific case, it looks likely that ProtonMail was either under legal order to delay notification to the account holder — given what appears to be up to eight months between the logging being instigated and disclosure of it — or it had been provided with information by the Swiss authorities which led it to conclude that delaying notice was essential to avoid a risk of “injury, death, or irreparable damage” to a person or persons (NB: it is unclear what “irreparable damage” means in this context, and whether it could be interpreted figuratively — as ‘damage’ to a person’s/group’s interests, for example, such as to a criminal investigation, not solely bodily harm — which would make the policy considerably more expansive).It’s that IP monitoring component which has caused such alarm among privacy advocates now — and no small criticism of Proton’s marketing claims as a ‘user privacy centric’ company.It has faced particular criticism for marketing claims of providing “anonymous email” and for the wording of the caveat in its transparency disclosure — where it talks about IP logging only occurring in “extreme criminal cases”.

Wayback Machine

Troed Sångberg 11h ago

@puppygirlhornypost2

"that has been validated by Swiss authorities"

Yes?

@privateger @Gina

@troed @privateger @Gina i feel like offering an anonymous mail platform and then handing le people's ip addresses is a bit sus.

Troed Sångberg 11h ago

@puppygirlhornypost2

1) They have never claimed anonymity.

https://proton.me/blog/switzerland

2) Tell me more about how you run a company without obeying the laws in the jurisdiction where you are based. Please go into as many details as you wish.

@privateger @Gina

Why is Proton based in Switzerland? An analysis of Swiss privacy laws | Proton

Switzerland has a strong reputation for privacy, dating back over 100 years, but is this reputation actually backed up by strong laws?

Proton

grrl_aex 9h ago

@troed @puppygirlhornypost2 @privateger @Gina

Troed, your points here aside... using info from the same company whose information is already in dispute (as to bias and reliability) seems problematic/self-referential. an analysis of swiss privacy laws, as applied to services like proton's, would carry much more weight from a source that's *not* Proton.

Troed Sångberg 7h ago

Proton is owned by a Swiss non-profit. They would be closed down very quickly if they didn't adhere to their charter.

There's no "information in dispute" anywhere here - besides a lot of people who seem to believe that their own fantasies are somehow valid arguments in a debate. And use the blocking function when they're called out on it, since they're unable to handle their feels not being relevant.

@puppygirlhornypost2 @privateger @Gina