Mastodawn

lefthandmonki 2d ago

Well, this is unfortunate.

"Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the [US] government when asked. Proton hid them from their privacy policy."

#proton #protonmail #digitalsovereigty #opensource

https://www.sambent.com/proton-meet-isnt-what-they-told-you/

Proton Meet Isn't What They Told You It Was

Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.

Sam Bent

Darkas Vim 2d ago

@Gina I was considering moving over to Proton's services. I'll have to look more in depth at this decision. Thank you for pointing this out.

@Gina Irrelevant question, but is there an actual private video-call platform and if yes which is it?

@JakeKb I'd recommend #Jitsi for individual users.

Cassandrich 2d ago

@Gina @JakeKb Seriously, Signal. I switched from Jitsi to Signal for meetings on the project I'm working on now, because of minor technical issues, and it's worked better anyway.

Now, Signal might not meet your needs for this if participants don't want to disclose their Signal usernames/phone-numbers, since Signal doesn't really do "multiple accounts" like they should. But if it does work, it's great, and actually private.

⠠⠵ avuko 2d ago

@dalias @Gina @JakeKb

There’s Wire too:

https://wire.com/en/

Wire – Collaborate without Compromise

Collaborate without compromise with Wire, the trusted platform for millions worldwide. Stay in control with end-to-end encryption that's invisible, flexible collaboration, and intuitive user interface. Join now for free and boost your productivity.

@Gina @JakeKb where do you host your Jitsi server? Would it maybe be a cloud hosting provider who is also vulnerable to a subpoena? The way I read it is: video relays for P2P by video suck. I know this because I can consider myself lucky if I spin up a Jitsi and have it go without incident. I once tried the FSF Jitsi instance and it was down right broken.

@trevdev @Gina @JakeKb Signal group calls can be started by sharing a link with up to 75 people. https://signal.org/blog/call-links/

Improving Private Signal Calls: Call Links & More

If you love group calls on Signal, but don’t want to create a group chat for every combination of your friends or colleagues, you’re in luck. Today we’re launching call links: Share a link with anyone on Signal and in just a tap or click they can join the call. No group chat required.

Signal Messenger

Regendans 2d ago

@JakeKb @Gina If you have 75 or less video call attendees then Signal can be your E2EE video-call choice.

https://support.signal.org/hc/en-us/articles/360052977792-Group-Calling-Voice-or-Video

Group Calling - Voice or Video

Like all Signal messages, group voice and group video calls are private too. You will be prompted to grant the Camera and Microphone permissions the first time you make or receive a Signal call. G...

Signal Support

Lucas Bentley 2d ago

@regendans @JakeKb @Gina
Signal works for those who have a cell phone only I believe.

I use @hostpoint and KMeet from Infomaniak for individual video calls (ex. My Mom).

terminal_blinker

@bentley_lucas @regendans @JakeKb @Gina @hostpoint Now I believe you can have accounts that are not tied to a phone number.

@Kyebr @bentley_lucas @regendans @JakeKb @Gina @hostpoint (someone please correct me if needed, I would love to be wrong but)
You still need that phone number to set up or (IIRC) log back into an account from scratch on a new device. What changed is that you no longer have to *reveal* that phone number so people can contact you (usernames), and you can disable "people can contact me by phone number" (forcing only the username).

ĞÖKÜ👻👻™2d ago

@JakeKb @Gina signal

Bleistifterin 2d ago

@JakeKb @Gina we use BigBlueButton. It sometimes glitches, but usually it works fine

errorbody 2d ago

Hey. I've been using digitalsamba recently. It's a platform from Spain.

https://www.digitalsamba.com/

They have a free version. I hope it fits your needs.

Free Video Conferencing from Europe | Digital Samba

Enjoy free, secure video calls with no sign-up, no tracking, and no bloat. 100% European-hosted. A privacy-first alternative to Zoom, Teams, and Meet.

Robert Sander 2d ago

@JakeKb @Gina https://opencloud.eu

Excellent file sharing - secure, simple, reliable. Start now.

Discover excellent enterprise cloud services with flexible, secure and scalable infrastructure that optimize efficiency and business processes.

__Miguel_2d ago

@Gina Ever since their CEO's position a few years ago it has been clear Proton is not really aligned with consumers' interests.
I'm glad things like these are coming to the light.

__Miguel_ Yes, their CEO’s behaviour has been a significant red flag, and I think we’re going to continue finding out that they’ve been lying for years as they’ve moved to comply in advance on this wave of anti-privacy bills being tossed around the world.

someguyonmastodon 2d ago

Cassandrich 2d ago

@Gina Of course they did. Because Proton is owned by a fan of fascism.

Troed Sångberg 2d ago

Only if you don't know the meaning of the words "own" and "fascism".

Morgan ⚧️2d ago

@troed @dalias @Gina are you misinformed or choosing to die on the "Donald Trump is not a fascist" hill that collapsed for most of the world at least a year ago?

Troed Sångberg 1d ago

It is you who don't know what Proton's CEO actually said.

Cassandrich 1d ago

@troed @raphaelmorgan @Gina I read it when he said it.

Troed Sångberg 1d ago

So, besides a CEO being an employe of the company and not the owner, tell us more about how what he said means he's a "fan of fascism".

It's easily citeable if you're correct, right?

@raphaelmorgan @Gina

Cassandrich 1d ago

@troed @raphaelmorgan @Gina No, I am not doing your homework or debating with a fascist apologist asshole who's up in my mentions. You don't get to demand things of me. Bye.

Troed Sångberg 1d ago

Generally in society the onus is on the one making a claim to be able to support it.

Your feels don't carry any weight.

@raphaelmorgan @Gina

Troed Sångberg 1d ago

Since Cassandrich chose the option "I'll block those who point out that I'm wrong" I'll guess I'll have to do their work for them:

https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e

Does Proton really support Trump? A deeper analysis (and surprising findings)

Recently, allegations surfaced on Reddit that Proton (or at least Proton’s CEO) supports Trump. Hillary Keverenge from Tech-Issues Today…

Medium

Morgan ⚧️11h ago

@troed @dalias @Gina he said exactly what I remembered him saying. Sure, from the article linked it seems he's maybe not an outright fascist but rather a liberal who has seen how horribly the Democrats are handling things and naively assumes that means the Republicans are going to represent the rest of politics, rather than seeing that both parties in the US work only for the best interests of capitalism and fascism

What do we call people who praised the Nazis for naive perceptions of progress?

Troed Sångberg 11h ago

Nah, he didn't say anything of the sort. Try again, this time without lying outright. He mentioned _one specific appointment_. Not anything at all that has to do with republicans and democrats in general.

Morgan ⚧️8h ago

@troed “10 years ago, Republicans were the party of big business and Dems stood for the little guys, but today the tables have completely turned.” what does that last part mean to you? Because to me it reads as "Republicans are now the party that stands for the little guys", a naive and fallacious leap from the true statement of "Democrats are (now*) in the pockets of big business"
*they always have been, but I'm glad he can at least see they are now

Troed Sångberg 3m ago

@raphaelmorgan Exactly the quote that you know has context. It's specifically about the one appointment and it's big tech vs little tech.

You know this, of course, since you read the article.

Simon Dückert 2d ago

@Gina Das ist ja mal ein riesiger Schuss in den Fuß ... warum?

Latte macchiato

ablobcat_longlong

@Gina will people ever learn proton is a massive fed honeypot or will this continue

@privateger @Gina Proton products have always been snake oil. I think people *want* to believe they’re the good guys, for lack of easy alternatives.

Poloniousmonk 2d ago

@privateger @Gina

I need to get off their email. I assume the feds get everything anywhere, but I read Proton's now using my inbox to train AI. No thanks. Do you have any recommendations?

Troed Sångberg 2d ago

Proton don't have access to your inbox. Don't trust everything you read on the Internet.

@privateger @Gina

Poloniousmonk 2d ago

Thanks!

What about my sent folder?

Troed Sångberg 2d ago

@Uair All your email on Proton's servers are stored client side encrypted. They don't have the information needed to decrypt it.

Also, being owned by a Swiss non-profit means they can't lie about what they do or don't do since they would be shut down immediately by European - thus functioning - legal system.

Poloniousmonk 2d ago

Thank you!

Troed Sångberg 2d ago

Tell us more about these "feds" that break the encryption the linked article says is perfectly fine.

Latte macchiato

ablobcat_longlong

@troed @Gina
You don't need to break any encryption when E-mails arrive at your mailserver in perfect plain text lol
You are one swiss court order away from getting all of that stuff intercepted as it arrives.

Troed Sångberg 2d ago

I assume you think that "lol" somehow makes your post true?

Tell me more about how the Swiss privacy laws enable this "fed" honeypot. You know, for them to actually intercept they'll need a whole lot more than "someone wants to".

Or maybe you're simply posting FUD on a subject you have absolutely no knowledge of?

Latte macchiato

ablobcat_longlong

@troed @Gina
There is more than enough documentation on Proton sharing extensive metadata with authorities leading to arrests, multiple times. Do one search. At that point it doesn't matter whether you share message content, metadata is just as important.

Troed Sångberg 2d ago

I don't need to "do a search" since I know the subject. That's why I'm calling out your FUD.

Latte macchiato

ablobcat_longlong

@troed @Gina Okay bro. I'm sure you believe that.

Troed Sångberg 2d ago

Absolutely everyone who has any knowledge about the Swiss legal system and Proton's ownership knows they by definition cannot be a "massive fed honeypot" - which were your words.

"bro"

Latte macchiato

ablobcat_longlong

@troed @Gina Yeah, because no Swiss company has ever turned out to be a front.

Oh wait, Crypto AG. Whoops. How convenient too that Protons entire backend is fully closed source.

Troed Sångberg 2d ago

If we're just throwing out random accusations I guess you're FBI? I mean. Persons have been, before.

Latte macchiato

ablobcat_longlong

@troed @Gina Last I checked I don't offer an email service offering privacy guarantees you cannot possibly keep while being based in a nation that has an MLAT agreement with the US. But I see this is going nowhere, so I guess we'll disagree forever.

Troed Sångberg 2d ago

Nah, this is not disagreement. You're simply wrong on the facts and the "massive fed honeypot" statement was incredibly stupid and you got caught out.

Take it as a lessons learned.

Latte macchiato

ablobcat_longlong

@troed @Gina
Uh-huh.

@troed @privateger @Gina

I moved my wife and I to Proton last year to avoid contributing to a company that builds systems for ICE and US Mil right before they started bombing school children

They may be able to figure out who I'm speaking to and when given any number of hazardous indicators of using the web, but are they actually able to intercept me via Proton? I expect that somebody, preferably Proton, would cross reference the article's claims. Google isn't welcome to my data any longer.

Troed Sångberg 1d ago

Yeah I'm somewhat worried about the claims in the article - I would've expected Proton to be a bit more careful regarding where metadata ends up.

It seems to rely a lot on Livekit, and that's where I'm thinking the article might be assuming a bit too much. The French government are running their own open source project to replace Teams' video conferencing, named Visio, and they're also using Livekit. I doubt very much that the French aren't keeping all data inside the EU.

@privateger @Gina

grrl_aex 2d ago

@privateger @Gina @troed

"while being based in a nation that has an MLAT agreement with the US"

What encrypted service, based where, do you suggest then?

(List of countries with MLAT with the US for reference) https://www.justice.gov/criminal/criminal-oia/file/1498806/dl

@troed @privateger @Gina

https://web.archive.org/web/20210123101755/https://eprint.iacr.org/2018/1121.pdf

https://web.archive.org/web/20210907033657mp_/https://protonmail.com/blog/transparency-report/

Upon receiving a judicial order, ProtonMail is obliged to provide any user information readily available that would help identify a user that is subject to a criminal investigation that has been validated by Swiss authorities. In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.http://web.archive.org/web/20210907022818/https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/?guccounter=1So, in the specific case, it looks likely that ProtonMail was either under legal order to delay notification to the account holder — given what appears to be up to eight months between the logging being instigated and disclosure of it — or it had been provided with information by the Swiss authorities which led it to conclude that delaying notice was essential to avoid a risk of “injury, death, or irreparable damage” to a person or persons (NB: it is unclear what “irreparable damage” means in this context, and whether it could be interpreted figuratively — as ‘damage’ to a person’s/group’s interests, for example, such as to a criminal investigation, not solely bodily harm — which would make the policy considerably more expansive).It’s that IP monitoring component which has caused such alarm among privacy advocates now — and no small criticism of Proton’s marketing claims as a ‘user privacy centric’ company.It has faced particular criticism for marketing claims of providing “anonymous email” and for the wording of the caveat in its transparency disclosure — where it talks about IP logging only occurring in “extreme criminal cases”.

Wayback Machine

Troed Sångberg 2d ago

@puppygirlhornypost2

"that has been validated by Swiss authorities"

Yes?

@privateger @Gina

@troed @privateger @Gina i feel like offering an anonymous mail platform and then handing le people's ip addresses is a bit sus.

Troed Sångberg 2d ago

@puppygirlhornypost2

1) They have never claimed anonymity.

https://proton.me/blog/switzerland

2) Tell me more about how you run a company without obeying the laws in the jurisdiction where you are based. Please go into as many details as you wish.

@privateger @Gina

Why is Proton based in Switzerland? An analysis of Swiss privacy laws | Proton

Switzerland has a strong reputation for privacy, dating back over 100 years, but is this reputation actually backed up by strong laws?

Proton

grrl_aex 2d ago

@troed @puppygirlhornypost2 @privateger @Gina

Troed, your points here aside... using info from the same company whose information is already in dispute (as to bias and reliability) seems problematic/self-referential. an analysis of swiss privacy laws, as applied to services like proton's, would carry much more weight from a source that's *not* Proton.

Troed Sångberg 2d ago

Proton is owned by a Swiss non-profit. They would be closed down very quickly if they didn't adhere to their charter.

There's no "information in dispute" anywhere here - besides a lot of people who seem to believe that their own fantasies are somehow valid arguments in a debate. And use the blocking function when they're called out on it, since they're unable to handle their feels not being relevant.

@puppygirlhornypost2 @privateger @Gina