• HiddenLayer5@lemmy.ml
    link
    fedilink
    arrow-up
    17
    ·
    edit-2
    3 years ago

    Interesting how it was a climate activist that they used this on first. Not a sexual predator, bomber terrorist, human trafficker, or drug kingpin, the genuinely undoubtedly horrible kinds of people that the State tries to convince the public these surveillance legislation are targeting.

    • poVoq@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      3 years ago

      I don’t think it is a first at all… just the first time it has caused sufficient outrage that we get to hear about it.

      Which is precisely why I think ProtonMail should actively fight those requests even if they are likely to lose. By staying quiet and complying the majority of people will never hear of such legal over-reach and just think all is fine.

    • Jeffrey@lemmy.ml
      link
      fedilink
      arrow-up
      11
      ·
      edit-2
      3 years ago

      Sort of. My understanding is that they do not start keeping logs until they’re formally compelled to. So, they can’t go back and see everything a user has done up to that point, but they can start tracking the user from that point forward.

        • ProfessorYakkington@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          3 years ago

          I think this is probably true for most providers. They could add logs if they were legally required but don’t actively keep them. I think there is way too much stock put in the ‘we don’t log’ comments that are common amongst privacy tools. Most VPN providers can log if they have to and often do log some data for service abuse and load monitoring but quibble over the definition of what ‘we don’t log’ means. I used to work for a VPN provider where we kept statements in our privacy policies about some logging and users ripped us apart despite these comments being truthful + other providers being dishonest ( or at least confusing ); but since so many providers provided false confidence via slamming all over their site that they don’t log the user base buys into these statements as 100% true ( and unchangeable ) and providers that try and provide a realistic view of what can happen get slammed. I am happy to see that proton put the statement up. I would have preferred they had statements up already but just because another provider says they don’t log I wouldn’t trust these statements. For me, I am not too worried if the provider can log some data like ip when they receive a non-avoidable court order ( https://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court ) as I generally expect this to be true for all services and my threat model isn’t to avoid three letter agencies. If your threat model requires avoiding three letter agencies then trusting almost any service provider is going to be difficult. Obviously you should be using tor to connect to anything but you would have to assume almost everything with a server is either compromised or can be given certain court orders. Using services like briar seem like your best bet ( https://briarproject.org/ ).

    • blank_sl8@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      But without the key feature of Protonmail, e2e encryption at rest. Almost all protonmail alternatives (tutanota being the exception) talk about “privacy” but don’t actually take this critical step.

      If posteo is served a warrant or whatnot in whichever country it’s based, do you really think they’ll do anything differently than Protonmail anyway?

      • ysu@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        Protonmail only has e2e if you email another protonmail email. It’s impossible to have it across domains, if you actually care about security just use pgp.

        • blank_sl8@lemmy.ml
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          3 years ago

          Correct me if I’m wrong, but I believe Protonmail stores emails encrypted on disk. So yes, Protonmail could store the unencrypted messages as they arrive, but as long as they don’t have a warrant at the time the message is received, they can’t access it later.

      • Graveyard Leprechaun@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        I cannot ask any mail service to break the law (and jeopardize their own families, businesses, etc) just to protect my data. If Posteo is legally served a warrant, I expect them to comply with the legally authorized authorities. HOWEVER, all they can turn over is my encrypted data, because my account is set to automatically encrypt all saved data. Period. If the authorities want to waste their time and energy trying to decrypt that data (of which, only I posses the encryption keys), then have at it - they’ll be super disappointed (and really bored) by whatever they find, but whatever.

    • carbon_dated@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      I’m also a posteo user and recommend their service. They are paid however, but it’s ony 1 € per month, cash payments being accepted.

  • LemonWedge@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    I was pretty shocked at this. They seemed to be the most privacy focused (And the most expensive).