Be careful when companies market themselves as Swiss or that due to them being located in Switzerland means there is some extra layer of security or privacy.
Sure, it's a more stable country than many other countries in the world, but not much different from most EU countries for example. And privacy wise there is no difference.
Be also aware of the fact that many companies market themselves as Swiss, but all it means is they have a head office in Switzerland due to tax reasons. In one example, it's a cloud storage company, they say on their marketing page and their about page that they are based in Switzerland and under Swiss law, but if you look at the legal pages the company you sign up with are actually based in Bulgaria. Their servers are based in Texas, USA and Luxemburg, Europe and their development team in Bulgaria.
What, you mean those landing pages with that majestic snowy mountain doesn't automatically mean robust security and unparalleled privacy? My life has been a lie...
China-Email: Would be interesting to buy email hosting from a super secure email service based out of China. Basically a "trust in math" approach where they operate despite adversaries. With huge claims on the website:
- No physical security: our offices don't even have locks
- Pro-crime-CEO: our CEO is a known (and future) criminal
- Political: we seriously try to read your email for the cops but we cant :(
- None of that matters because our protocol is open source, blockchain enabled, and it doesn't matter if you trust us at all.
Seems like a joke but you get my point. In God we trust, for everyone else use math.
> - Pro-crime-CEO: our CEO is a known (and future) criminal
Best to not have employees if they know the CEO is pro-crime. I mean why not eBay all of the company's equipment on my personal account? Just towing the company line.
Even people who are pro-crime tend the be anti-being-a-victim-of-crime, and extent that to organizations they lead unless they are the perpetrator of the crime.
I kind of figure that since I don’t live in the Chinese sphere of influence I might be better off using a Chinese service if I had really sensitive communications.
Yeah I also bought a lifetime plan from that cloud storage company few years ago, scammed by the marketing page, only to find out somewhere in the settings page that my data were never in switzerland or even in EU but were physically in US, and had to pay to move them to EU, just deleted my account, I guess the swiss thing is just a marketing scam
Gotta love the rsync.net marketing.
Good company, best support I have ever had with any internet firm. Can only recommend their product if it fits your use case.
>> In one example, it's a cloud storage company, they say on their marketing page and their about page that they are based in Switzerland and under Swiss law, but if you look at the legal pages the company you sign up with are actually based in Bulgaria. Their servers are based in Texas, USA and Luxemburg, Europe and their development team in Bulgaria.
> Yeah I also bought a lifetime plan from that cloud storage company few years ago, scammed by the marketing page, only to find out somewhere in the settings page that my data were never in switzerland or even in EU but were physically in US
I'm confused on the lack of naming names. It's not libel if you show the pages being discussed as evidence. So I'm not sure what the cause for the pussyfooting around name and shame.
I bought it from pCloud, and the person I replied to also said in another reply that he was talking about pCloud, so I think we both have had the same experience and it should be ok to name names as one person could be lying but if 2 people who never met each other say the same thing I guess that would make it at least believable
I am fairly happy with pcloud though. Didn't buy for privacy (i use encryption for that), but for cheapness. I am not aware of any violation of trust like what is mentioned here.
But to be honest i have had my files there for few years unencrypted and in US without realizing, so it's not that encryption was needed or anything special, but it just sucks to be a victim of marketing practice advertising "your files are under the jurisdiction of Switzerland" and find out that they never been, then it's a good service? It's debatable, it's cross platform and has good client support for Linux OSes, but from mobile for example i have never been able to show to friends pics and videos, always timed out, and i have good connections, i.e. TMobile and Vodafone for mobile (I'm Italian living abroad)
But whether or not you need encryption, is that ok to advertise something that you don't have?
In that case... I get it. But yeah... Everybody did/does it and it's stupid. And i knew it was stupid back then (even my current mail provider does the same; Belgium yada yada, but have been honest about cooperating with police). I even figured the lifetime option was a sign that they would collapse years ago. But i took a risk, and I have very cheap storage online.
Also. Yes. The Android app is very bad compared to e.g. drive/photos
Great, so to get the full picture of your point, one must read the entire thread.
My actual point, was why in the world would you not post the name of the company in the original post? What thought processes occurred that suggested you shouldn't provide the name in the first place?
> always read the fine print, no matter how long it may be.
I think it’s time we stop doling out this advice and acknowledge that it’s entirely unrealistic. I’m a lawyer. I read the fine print a lot. Sometimes just for fun. But even I don’t “always” read it. Usually I don’t even read it so much as I give it a skim. If I read the fine print each and every time I came across it during the day I would literally do nothing else. Not even sleep.
And that’s to say nothing of the average person’s hope of actually understanding what the fine print even means!
But even for someone very well-suited (a retired lawyer, for example, with all the time in the world) the suggestion to always read the fine print is absurd.
These are contracts of adhesion. As consumers we usually don’t have any leverage to change the terms or even much of a choice to take our business elsewhere. It makes far more sense to regulate consumer contracts and force businesses not to screw people over than it does to ask millions of people to waste hours of their lives reading pages and pages of legalese they don’t understand and couldn’t change even if they did.
I agree with you, but i also think as i wrote before in another reply, another issue i would like to submit to you as a lawyer with experience in law, reading the TOS to me seems something to make you feel relatively good on the moment but most of it retain the right to change those after you've bought something, what do you think about that?
It's been a year since i bought anything, so i solved it like that, the issue is not even the fine print anymore is that anything retains the right to change the terms and conditions without explanation or warning, in Italy we have a law that if a company change the terms and conditions it has to communicate it to you and has to give you 30 days in order to stop the contract without any penalty, it works for services and software but we don't have anything to protect people from hardware to force company to buy back devices in case of unilateral TOS changes, so it sucks a bit, on the other hand in the rest of EU there isn't even the protection for software
True, the swiss government has bent over in all directions imaginable regarding the banking secret once a powerful enough entity pressured them.
Forget hosting, VPNs or email providers from Switzerland.
It's exactly true, companies incorporate there due to tax laws, even Phillip Morris is there.
"Bent over in all directions" is a bit of an exaggeration, most countries nowadays abide by various conventions to prevent money laundering & terrorism funding, since the G7 founded the FATF https://en.wikipedia.org/wiki/Financial_Action_Task_Force
Ironic since the US is more or less the world leader for money laundering and tax evasion. It also bothers me that the US has spent billions of dollars over the past several decades fighting narcotics just to turn around and make them legal. They must have passed the "It's Ok When We Get Our Cut" Act when I wasn't looking.
THC is still illegal at the federal level, if that's what you mean. The federal government is just being dragged kicking and screaming into sanity by individual states that are legalizing it.
The company you’re mentioning in the end is Tresorit, right? If so, they still do get some kudos for running a pretty solid end to end encrypted storage service. Their whitepaper checked out to me and their heavy focus on business users instead of consumer seems to attract less of the advocate types of users that ended ProtonMail in this weeks situation to begin with
As far as I know Tresorit has actual offices and staff in Zurich, Switzerland. They also appeared clear to me in the past that they have multiple offices around the world (I listened to a presentation from them recently at a conference).
I was referring to pcloud and pcloud also have an office in Switzerland. But similar applies to Tresorit I believe, thy just have it for tax and marketing reasons.
The issue is both Tresorit and pcloud store the data outside of Switzerland. If you start using pcloud on the expectation that it's stored in Switzerland you are wrong, it will be stored in Texas or in Luxemburg. So, how can Swiss law really apply once it really matter? And secondly, who cares if it's Swiss law, it's nothing special with that.
People seem to believe there is some kind of banking secrecy that applies to data storage. On top of that, the Swiss banking secrecy does actually not exist anymore.
And looking at the Terms & Conditions from pcloud, it says:
"If a European Union user of the Site or Services is located outside of Switzerland, then, for the purposes of any claim or action relating to these Terms, the Privacy Policy, the Site, or any Services, the applicable jurisdiction will be the courts that are located in the territory of residence of such European User."
So what is the point to highlight they are in Switzerland, if Swiss laws do not apply if you do not live in Switzerland? It's just false marketing.
I got you - I was just replying to kylehotchkiss. Either way, if the data is properly client-side encrypted, it shouldn't really matter much where the data is stored, since they would need access to your device to decrypt the data. So I don't see how this is an issue.
My expectation here would typically be that the company itself is governed by a stable, democratic government. It matters, because different legislations can impose different requirements (see recent changes in Australia for example).
Yes, banking secrecy has nothing to do with this and doesn't really apply, since that is more about someone not spilling your information, while here you already ensure on your device that the data is not visible to anyone.
I think you are right - it's a marketing element, but most companies do that, don't they? See for example Apple with "Designed in California", which is really just trying to not only say "Made in China". People have known associations with certain countries (such as Switzerland), which are used for marketing, yes.
The funny thing is, while advertising all of that, they're not providing free SMTP service that actually allow you to send properly GPG encrypted emails to protect your privacy.
So for me, ProtonMail is basically a web email service, a nice web email service to be completely fair, but without perks. I will never call them an "encrypted email" service.
I don't understand this part. ProtonMail does not offer a burner address service. Are you referring to the ability to create aliases on a ProtonMail account? If you are, that's possible with most other hosts too.
A proper burner address service would be SimpleLogin or Anonaddy.
> USA broke their back. They opened their private banking
If you've ever been to a really large American city, you'll notice all the logos of the large Swiss banks on big tall shiny office towers. The USA said that if they want to keep doing that, then they have to follow American laws. The Swiss banks decided that running their businesses in America was more profitable than secrecy.
"Follow our laws or get out" is not even remotely controversial.
> USA broke their back. They opened their private banking.
This sounds like you think this was a bad thing. But a not insignificant amount of swiss bank holdings, and profit, stemmed directly from dormant accounts of holocaust victims, purposely withheld from their heirs under the guise of "privacy"; and from plunder deals with the Nazis.
> In one example, it's a cloud storage company, they say on their marketing page and their about page that they are based in Switzerland and under Swiss law, but if you look at the legal pages the company you sign up with are actually based in Bulgaria. Their servers are based in Texas, USA and Luxemburg, Europe and their development team in Bulgaria.
Just out of curiosity, in this kind of situation what laws actually apply? Wouldn't that be the Bulgarian laws?
"If a European Union user of the Site or Services is located outside of Switzerland, then, for the purposes of any claim or action relating to these Terms, the Privacy Policy, the Site, or any Services, the applicable jurisdiction will be the courts that are located in the territory of residence of such European User. "
I also dislike companies that use the label 'Made in [country]' as a prominent hook to promise users they will get enhanced privacy - which may or may not be true. I'd rather they be honest and say: these are the examples when we must comply with the law and must hand over the following details.
We all need to make our own evaluation of the privacy promises of those services and whether they actually provide privacy above and beyond what other companies offer. We shouldn't rely on vague impressions that privacy is strong in company X merely because of their presence in a particular country (and which the company uses heavily for promotion).
Yes but Australia, especially recently is becoming for totalitarian and surveillance oriented. Not really sure why people there are not voting those people and laws out while they still can, but I guess it's tribalism and limited number of parties just like here in the USA.
Made in Switzerland has strict rules as to what percentage (at least 50% for most items, 80% for certain food items) is actually made here. Unlike "based" which just means there is an office or mailbox.
Agreed, it's unsustainable for ProtonMail. They should operate out of China, and then build credibility from there. "Trust us" is not viable long term. In God we trust, for everyone else use math.
> Their servers are based in Texas, USA and Luxemburg, Europe and their development team in Bulgaria
I don't believe it means anything. They form a company in Switzerland, which makes them compliant to the Swiss laws, they rent infrastructure from a provider where these services are most favourable for their business(which in this case could be USA and Luxembourg) and they do their tech dev work in Bulgaria(Which is in EU) because they get the most bang for their buck in this country.
What I see is simply business as usual. Are there even single origin tech companies? Even if everything is Swiss, if you have your app on the Apple App Stor or Google Play, you would be required to comply with US laws. You came up with an interesting encryption? Well, you will be asked to document it as part of you export compliance if you are going to make the app available outside of the US.
As I understand it it is actually not a issue as they have strong enough privacy laws that EU have said good for it. Though when doing business with EU citizens they of course still have to follow the rest of gdpr.
I have 2 friends that worked for pCloud in Sofia, but don't know anyone who has worked for proton in Bulgaria. I can't find anyone from Bulgaria working crently for proton via linkedin
Last time there was a protonmail discussion on HN I brought up the point that they save Metadata and of course got downvoted to the oblivion and had to remove my comment....
Got any proof of that? Can you decrypt my email that is sitting on their servers? If you are communicating something so precious that not even the sender/receiver and subject line shouldn't be seen then you best not be using ANY EMAIL at all without a couple more layers of security on top of it.
The whole clarification they wrote was "As a Swiss company, they must comply with Swiss law when it relates to a Swiss citizen."
So if you're not a swiss citizen, you've got nothing to worry about. The only thing they did different was notify the person they were being investigated and then began tracking. That's the major difference.
It's not like some random company can just skirt all laws globally for the sake of privacy.
If the swiss have a vested interest in pursuing a french person for a specific reason, the Swiss can and will exert that power. No clue why HN for some reason thinks a tech company can just skirt the law here for the sake of some crusade of 100% privacy. Newsflash, it doesn't exist.
I remember being fooled by the whole "We're Swiss, isn't that great?" marketing at the beginning. It was disappointing, to say the least, when I learned that Switzerland is part of the N-eyes agreement(s).
Truth is that Email is almost a dead protocol now, anyway. As much as that hurts me to say. It was never able to meet the moment- PGP is complicated and easy to mess up, it's pretty damn hard to host your own Email server and not end up in everyone's SPAM or blocked, and if they person on the other end is using GMail, your shit's being read, analyzed, and archived anyway.
Email is going to be a business-only (as in "companies"/"corporations"/etc) protocol soon.
I agree in that, for me, e-mail is almost solely used for business communications and newsletters. However, I don't know of a "timeless", or otherwise decentralized, communication technology so ubiquitous that can be secured like e-mail. Signal seems to be the hip thing, but it's centralized. "Blockchain" communications, perhaps?
That is something I doubt I'll ever sign up for is my email on a blockchain lol unless it's just a hash of the email text or something for "proof" of it's origin/association.
Actually, a blockchain might work as the basis for a distributed email server reputation system. If every provider published their opinion of all the providers they've received emails from, it should be possible to reach a consensus about who the spammers are.
Hopefully this system would provide a useful signal even if it was only adopted by a few big mail providers, and they could pressure newly-registered mail domains to adopt it or face delivery delays. Long-established mail domains would be grandfathered in, so most providers wouldn't have to change anything.
The ProtonMail guys always said that unless they were 20 miles from the littoral, in the sea side, they had to abide by national laws. So it was bound to happen.
What makes me sad is how flimsy their entire premise (not necessarily "promise") turned out to be: all it took was some minor rascal in France to hug the wrong tree (so to speak), and ProtonMail is in the open saying they can't even protect the IP address of their customers. From there, all it takes is for somebody to change a law in Switzerland and end-to-end encryption of the messages themselves will only be "by default."
I think there is a market for datacenters in open seas.
The premise of "we'll never log your IPs" is something that no company can hold.
- Local law enforcement can force the to do so.
- Locals laws can change.
- Guys with guns might barge in and demand it.
Mostly, you can understand that they don't _intend_ to log IPs, and aren't in the business of collecting and redistributing data. But that doesn't mean you can count on absolute and unconditional secrecy.
Indymedia UK didn't log the IPs of website visitors. They used an Apache module that stripped IPs from Apache log messages. I know this, because I had root on the server.
Indymedia was widely infiltrated, I think; certainly there were some infiltrators, and they often trolled that Indymedia loggeed IP addresses.
There was a tool we could use to capture addresses; they were captured to memory only, and the tool could only be switched on for a limited time; it usually got switched on for less than an hour - long enough to find and block the addresses of particularly egregious spammers and trolls.
An SMTP server could be run without address logging; but a commercial SMTP server would be damned hard to administer without IP addresses in the logs.
[Edit] Indymedia had two servers seized in the UK; one was the property of Bristol Indymedia, and didn't run Apache. The other was run by Indy UK, and didn't log addresses. There was therefore no fallout from the seizure, except that the cops hung onto it for about 5 years. When we finally got it back, we retired it - we couldn't trust it, and it was by then obsolete kit anyway.
> Indymedia UK didn't log the IPs of website visitors. They used an Apache module that stripped IPs from Apache log messages. I know this, because I had root on the server.
I believe you're confusing "is not actively logging" with "will not log, even when law enforcement takes over the server" (which a court order essentially comes down to, if you don't comply). The former is what ProtonMail also does. The latter is what no company can offer.
Our server was seized by the police. Nobody was arrested (well, they didn't really know who we were). We weren't even asked to make the server start up for them; we certainly weren't asked to circumvent the logging suppression; and had we been asked, we would have declined.
But then we weren't a corporation. Between us, we had little to lose. We didn't have to help the cops. Protonmail is a business, so I suppose they are much more likely to roll over. Still, I'm pretty disappointed; their whole sctick is security, and they pitch to the likes of whistleblowers. It looks pretty bad to me.
The IndyUK server was seized from Rackspace, under the directions of the FBI (this was in Manchester, UK; I guess Rackspace US were leaned on by the feds, and HQ leaned on the Manchester datacenter). I think the feds kept the disks, which were encrypted.
I don't know, it looks fine to me. Switzerland isn't a super push-over state and has a reputation for valuing privacy (which is worth much more money than doing small favors for the US, RU or CN), so I don't expect them to go for "yeah sure that person leaked evidence of war crimes, we'll get right on getting you their IP". At the same time, to do business, you need to comply with the absolute minimum of laws.
If Rackspace just flat out refused to follow court orders, they wouldn't be able to run a data center. A DC that will comply with a court order is better than no DC imho.
Perfect is the enemy of good, and PM is definitely good at doing email with a high degree of privacy. Should you use it from your home dial-up while leaking the definite proof that reptilians are running the show? Probably not, but that doesn't make them unusable. For a lot of other threat models, they're perfectly fine, at least until proven otherwise.
Virtually no one (besides a few trained super spies) will resist and not comply once the first finger nail is coming off. Court orders are just the friendly foreplay, and they'll escalate from there depending on how important it is for them to get them to comply. If you're betting your safety on anyone withstanding that and not giving up their password, you're setting yourself up for disappointment (and pain!).
Not sure this would be a solution. In this case it seems like Protonmail wasn't logging IP but then was compelled to by law. So my assumption here is even if they stripped IPs, law enforcement could compel them to unstrip them going forward for an account. And that's what happened in this case.
That said, if there was a third entity that removed IPs for Protonmail, maybe that could get away with it. Kind of like how Tor is functioning.
We don't know what jurisdiction this happened in - Belarus, Switzerland, or the USA. I doubt that Switzerland or the USA empower the police to force a private company to put up a bogus service on the internet - especially on behalf of China.
We also don't know whether the activist was taking advantage of Protonmail-to-Protonmail security, or whether one end of the connection was non-Protonmail.
My guess: they were logging IP addresses, at least for SMTP, and the activist was using SMTP.
>"we'll never log your IPs" is something that no company can hold.
Four words: The Intercept, Secure Drop. A one-way mail (content submission) system that runs exclusively on Tor, and thus can't be supboenated for users' IP address.
While I get your premise due to concerns of law, I think it is entirely feasible - and hinges on execution, marketing ability. We already have IP-hiding technology, whether Tor or Freenet or other such. The concern is "are we good enough yet to make it a sustainable business?"
For sake of example: if a hypothetical competitor to ProtonMail was to offer sign-up and email access only over Tor protocol, it would effectively be safe from police's demands to start logging IPs - thanks to technical measures. The actual difficulty is in the business side: getting enough paying customers to install & enable relevant browser or browser plugin.
Granted, the police could try to force the hypothetical competitor to install malicious JavaScript that would try to gather & leak users' IP address or other identifying information through other means, but that's solvable in the longer run just as well.
I also have to wonder if the market size for this a truly anonymous email truly is. Who would go out of their way to pay for more expensive email that was untraceable? How many reporters? How many "freedom fighters"? How many large-scale criminal organizations? And does the very fact of using it bring unwanted attention?
Excellent contention, and I don't have a ready-made answer yet.
Curiously enough, we've seen anonymous services succeed for results unrelated to privacy-from-government: places like Omegle & ChatRoulette use anonymity for fun; places like 4chan use anonymity both for fun and also to avoid certain problems common to name-posting. Anonymity has long been a viable alternative put to good use in literature, arts, and entertainment. Perhaps the proper marketing would be along those lines?
Not just no company: no person can make such a promise. There is no one who is outside the reach of government power, should a government develop sufficient interest in that person's doings. The only way to really avoid this is to remain completely anonymous throughout the development process, and that's a tall order.
Of course they can, at least in the US, however if someone asks for my ID while paying cash I will say "fuck that" and turn around and leave their brick building.
Eh it was more about the affront than security. I know there are eyes in the sky just about everywhere :) . Especially with things like cops tapping into porch cameras.
Well, yes and no. Currently, Swiss law doesn't support this and providing the IP is based on specific requirements for telecommunication providers as far as I know. But yes, the law could be changed. However, keep in mind that Switzerland is a direct democracy and people here frequently actually vote on such issues directly (if one can gather enough support from the public).
Bingo. And if the stakes were high enough many jurisdictions have laws that allow for it to happen under wraps. i.e. being forced to lie about collecting data.
Signal uses an OTR variant (I believe OTR masks the identity of the sender/receiver) -- not sure how thorough their implementation and protocol are[1]. Although if authorities already have the IP of one user they might gather a list of contacts.
That's good though, no? They're collecting the information from you. I know it's a joke, but it's the difference between watching my home insides without me knowing - and showing up to my home with a warrant.
The joke is made at the expense of people who are naively saying that you can't be forced to turn over something you don't have, as if that's a defense that will work. They can mandate that you collect the thing they want you to turn over, then put you in prison and seize your assets if you don't comply.
>I think there is a market for datacenters in open seas.
The idea of having a isolated sovereign floating platform in the ocean doesn't doesn't really solve the problem of escaping the rules of national governments because it still needs network connections into those countries.
Whether it's underseas fiber optic cables or bouncing signals off of satellites, the datacenter will be rendered useless if nations' citizens get a "This site can’t be reached. [...] ERR_CONNECTION_TIMED_OUT"
It addition to the physical network topology challenges, the ip address space allocation is controlled by IANA ... which is a government entity.
>Whether it's underseas fiber optic cables or bouncing signals off of satellites, the datacenter will be rendered useless if nations' citizens get a "This site can’t be reached. [...] ERR_CONNECTION_TIMED_OUT"
Not if Elon succeeds with Starlink:
>>@thesheetztweetz:
How does transmitting into a country without a local downlink work on the regulatory side?
>@elonmusk:
They can shake their fist at the sky [0]
For context, certain countries like India have quite strict regulation of satellite comms, requiring special permission[1] even to use plain consumer tech like Iridium. I presume EU would also try to tightly regulate consumer satellite comms, just like it requires real (government issued) ID to use cell phones - specifically to register locally purchased SIM cards, again for national security reasons.
[1] https://www.osac.gov/Content/Report/9db45731-1eec-477a-a7af-... >There are multiple instances of authorities confiscating undeclared satellite phones from foreign travelers upon arrival in India. The official notice states: "All foreigners travelling to India are hereby informed that it is illegal to use/carry Thuraya or other such satellite phones in India. Custom authorities in India may seize such phones and legal action may be taken against the passenger concerned."
You can't expect Elon Musk to solve your woes regarding your being under the jurisdiction of your government. Elon and his companies, sattelites, etc. are subject to regulation, despite his marketing.
> right up until the UK cut their supply and comms links.
So if a referendum in Switzerland passed tomorrow which changed the law so that the Swiss government had to refuse to process any foreign warrants requesting IP addresses of email users, would France cut their trade and comms links to Switzerland?
you start with a military force that is enough to prevent another sovereign nation from doing something bad like cutting off your comm link, or forcing or freezing your bank account...
A small and geographically distributed nuclear arsenal would also be a good starting point if you wanted to avoid having the large standing army needed for conventional deterrence.
Still doesn’t solve the banking issues, but one problem at a time I suppose.
There is a limit to that. North Korea does a lot of things that no government likes, but so far they are okay. There are a lot of bigger countries that have even more immunity to targeting.
I find Sealand fascinating. Imagine founding an off-grid location as a data haven, and it got popular. What would happen? I can see covert operations from foreign governments happening for example, driven by copyright lobbyists. Would they then need to hire security forces or train their own armed forces? Would it eventually join global political organizations to influence and protect its position? It gets really interesting to think about.
There's no doubt in my mind there would be huge demand for such a thing. People hate that the government can spy on anything you do. The chilling effect is exhausting.
It was just outside, that was the point, but yes destroyed and the size of internationally recognised territorial waters was expanded to prevent it happening again - so yes, it was inside today's Italian territorial waters. (Note the info box thing says 'preceded by: international waters', not Italian.)
Another major challenge is communication. Even when you have a data haven, how do you plug into the Internet backbone? How do you get Tbps bandwidth to serve the world? The Cypherpunks did some related research in the 90s, nearly all communication lines are controlled by the major ISP or the state, and they are extremely expensive to build.
> The dot-com crash not only cut the bottom out from colocation pricing, but also took out HavenCo's fiber-optic link when the company providing it went bankrupt. That left the entire operation with a pokey 128 Kbps satellite link, which staggered badly under denial-of-service attacks.
In Neal Stephenson's novel Cryptonomicon, the data haven is a main theme in its plot.
Let us suppose for a moment that you could put a ship out in the sea, using solar panels and wind power, and satellites, you could provide a service. It might not be a service that’s always available, or all that fast, but it is technically feasible.
A ship is way too easily intercepted by any country with a navy. And your flag bearing country probably won't care, if you even have one. You need to go to space!
> I think there is a market for datacenters in open seas.
That's what the Sealand [1] dudes thought.
Until a bunch of boats showed up loaded with men carrying rifles who simply took over the country.
And when that happens, who/where do you turn to to whine that someone took your thing?
That's what sovereignty means: you're on your effing own. For real this time.
One thing most people tend to forget about governments: they have the monopoly on physical violence.
That's the first, most important and probably only useful thing you pay taxes to your government for: physical security.
If you want to run a DC in open seas:
- buy a bunch of gunboats
- hire a small army to provide physical security
- try and not piss off any of the real countries lest they be the one showing up with many more gunboats than you may muster and take over the "open sea DC".
- your services won't be cheap: gunboats must be maintained, armies paid and fed.
The problem is that someone always controls that service. So they can always go after that person (irrespective of where the service is) and force them to modify it.
I was thinking you could have some sort of satellite service with data stored on the satellite. Allow multiple authorised ground stations to connect and store/retrieve emails for users. But again, the person that controls the software and operation would be a target.
One would need to operate the service as a Tor Location Hidden service and have no presence on the Clear Net. They would also need, very good operational security and careful configuration in order to stay hidden.
> can't even protect the IP address of their customers.
Why even the IP address is both technically and law-wise on of the hardest thinks to protect. The only way to get anywhere close to it is by using a VPN, Tor or similar additionally to whatever protection the service provides, and surprise, they do have a onion site (I think).
Their Tor have issues as i understand it.. eg redirecting to clearnet anf Old version and requiring phone number. But they say vpn would have solved it…
To quote
“ There's an important distinction here. Under Swiss law, email providers fall into a category which requires us to comply with certain legal requests. Swiss law does not have a provision which could force a VPN provider to log.”
“ With VPN the legal principle is different. Thousands of users might be using the same server, logging them all would be assuming everybody is guilty until proven innocent. This is considered to be disproportionate. In the email case, it is possible to request information on a specific user, and that is considered to be proportionate.”
And this was quite obvious for someone who actually looked into staying anonymous (or gave the Protonmail threat model page a deeper read).
> What makes me sad is how flimsy their entire premise (not necessarily "promise") turned out to be: all it took was some minor rascal in France to hug the wrong tree (so to speak), and ProtonMail is in the open saying they can't even protect the IP address of their customers.
That's a big simplification. It took quite a few authorities to wave through a very draconian request for (what appears to be) a minor crime. As Protonmail themselves pointed out, they never promised to protect the IPs and they could explicitly not promise that. In fact, they even stated very clearly that they could not. Expecting them to print that on the frontpage is quite unreasonable when their marketing has to compete with shady VPNs that promise the sky.
> From there, all it takes is for somebody to change a law in Switzerland and end-to-end encryption of the messages themselves will only be "by default."
While this is a reasonable threat, it's not like one could do this in an afternoon.
Or you protect your own IP, I wonder if ProtonVPN could have done that? Would have been a nice test of those claims as well.
All in all, I still trust ProtonMail, they are handling this quite well and transparently. Their original messaging was probably a compromise between getting the message out there and leaving some room for things like this. Arguably that was a mistake, or maybe with the whole truth in bold on the front page, people would have flocked less to ProtonMail? I still don't agree with that original messaging though, as they don't themselves anymore.
Still pretty great free service if you ask me. If a family plan was cheaper I'd have migrated everyone there a long time ago.
I agree that they are a great email provider, the lesser evil, and I myself use a paid plan. But I believe that, as a society, we are rolling down a slippery slope where digital privacy becomes more difficult everyday.
A couple of weeks ago, it was Apple announcing that they will spy by default in all of their customers via the iPhones because of child pornography. Apple has spent galleons of gold marketing itself as a privacy-first company and they are not a pushover; for them to do that, whatever is going on behind the curtains must be grim.
I thought it would be a few years before somebody wanted to use something like that technology for something less serious. Then yesterday the news broke that courts had forced ProtonMail to break their business just so the French police could find a climate activist.
In my view, we are heading to a world where our electronic devices and services will be used to prosecute petty crimes, like drinking alcohol in Arab countries or even parking over the line anywhere else.
Their intentions are good, the law is vague and easy to abuse and we slide down that slippery slope. Don't blame PM for having to adhere to the law. In their latest announcements they advise you to use TOR, then you won't have this problem and your emails will be encrypted beyond anyone's reach. Well... [0]
Why would anyone trust ProtonMail? If you're not doing anything shady you don't need E2E. If you're doing something that attracts police attention - and relative triviality is clearly not a factor - what they're offering won't protect you.
Saying "Well, you could also use our VPN as well" is more marketing. Of course they'll have to comply with legal requests for that too.
This is a political issue. What's missing is the legal oversight which prevents overreach. Demanding logs to catch a mass murderer is one thing. Demanding logs to catch someone who is being financially and politically irritating is on a completely different level and much harder to justify.
ProtonVPN or a similar service would have helped that.
They are only required to provide the IP Addresses from ProtonMail but ProtonVPN gets different treatment legally speaking, were they cannot (currently) force logging [0][1].
I would assume you'd also need to have some sort of armed forces too, otherwise whichever country wants you data can sail over with their Navy and take it.
If you have a navy capable causing halt to EU, CN, US, AU, etc you should go ahead and claim an entire island. Maybe collect some taxes, try to get UN recognition…
Operating outside of national protection requires either extremely small scale and high risk or it requires becoming a quasi-nation.
> all it took was some minor rascal in France to hug the wrong tree (so to speak), and ProtonMail is in the open
We must be living on alternate time lines - try reading their transparency report. This is not even the first time this week, let alone the first time ever.
>I think there is a market for datacenters in open seas.
This will never happen. There are too many clandestine ways for this to suddenly no longer be there in ways that would be totally deniable for anyone doing the deed. Whether it's just "cut a cable" supplying the data streams or physical destruction of the vessel housing the data center.
> I think there is a market for datacenters in open seas
You might escape the laws constraining you, but you will also escape the laws protecting you.
So if there is a datacenter in the open seas either:
- It's operated by some government, potentially indirectly through some straw mans.
- It's undermined by some goverment using it as a honypot or similar.
- It's so small that no-one cares about it.
- It's gone.
So IMHO, realistically speaking there is no such marked, if you want to escape the law it's properly easier to do so inside of an country instead of escaping onto the sea and then trying to somehow connect internet.
The expectation that Proton would be able to disobey the legal requests of their local authorities with impunity is unrealistic. Protonmail makes certain claims about privacy, particularly about encryption. They don't make any claims that they have the intention, or ability for that matter, to defy local authorities at their peril. Like Grugq said in one of his presentations (paraphrased): "Don't expect your VPN company to do your jail time for you". I'm neither for nor against Protonmail. I don't think they've been dishonest. I think people have an unrealistic expectation of the service they offer. They offer additional privacy, not legal indemnity.
This is exactly what baffled me about people saying "I'm cancelling my PM subscription" as if they didn't make this abundantly clear. In their transparency report, they state very clearly that they "may also be obligated to monitor the IP addresses" being used to access accounts engaged in criminal activity.
Privacy activists, for some reason, don't take the time to read transparency reports.
> This is exactly what baffled me about people saying "I'm cancelling my PM subscription" as if they didn't make this abundantly clear.
We are on a thread talking about them removing claims on their marketing material... that's abundantly clear to you?
Have we reached that level of expectation? That it's abundantly clear when marketing material are not saying the same thing as reports?
> In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.
This is what the Transparency Report say too. In EXTREME criminal cases. Is it abundantly clear to you this case is an EXTREME criminal cases too? This was someone that manifested by squatting a building... is that extreme to you? My definition of extreme is a tiny bit higher, I would expect risk of life or at least a pretty large amount of money involved... not a bunch of kids manifesting gentrification.
> We are on a thread talking about them removing claims on their marketing material... that's abundantly clear to you?
As a Protonmail customer, thanks for saying this. There seems to be this idea that a blog post Proton made in 2014 is being "up front" about their policies.
I agree that Protonmail has been dishonest in their marketing, but marketing =/= policies.
If you're storing any kind of information you'd rather keep private on a server you do not control and not diving into the policies and blog posts of said provider to make doubly sure they're all they say they are, it's no one's fault but your own when something inevitably happens. Either do your due diligence or blindly accept the risk. People took the second option and look what happened.
And yes, I would say an order from Swiss courts that was unappealable is an extreme criminal case. Anything that could threaten Protonmail qualifies.
> And yes, I would say an order from Swiss courts that was unappealable is an extreme criminal case. Anything that could threaten Protonmail qualifies.
So before this case, if I told you is someone in France trespassing enough for ProtonMail to log and provide IP, you would say sure?
My point is that this is not what most people would expect by reading extreme criminal case. If it's not what they expect, it is thus misleading.
I also wouldn't even agree that this is an extreme criminal case. What an non extreme one then? This is not an exception, this is simply a criminal case. It clearly doesn't need to be extreme to allow them to get the IP.
Protonmail was forced by Swiss courts, period. Protonmail will not risk themselves for you. No client of Protonmail is worth fighting the Swiss courts over. Protonmail bowed down to the laws of the country they operate in, a smart move if they wish to continue legal operations.
If you still do not understand this fact, or that I am speaking strictly about the repercussions that a Swiss company could face by ignoring a court order from Swiss courts in Swiss law in Switzerland, then we have nothing else to discuss.
> If you still do not understand this fact, or that I am speaking strictly about the repercussions that a Swiss company could face by ignoring a court order from Swiss courts in Swiss law in Switzerland, then we have nothing else to discuss.
Where did I say they shouldn't have done this? I do understands that fact.
The issue isn't on what they did, it's on how they said they were protected against this but actually wasn't. We are talking about their marketing materials promising anonymity that they can't legally provide.
If that was a mere misunderstanding from their parts and they thought they could actually get away from providing the IP but couldn't actually, sure it was a simply mistake from their part to say that, I would agree with you, but you provided the proof that they knew, and you even said it was "abundantly clear" that it was the case.
I'll say the same as you, if you don't understands that part, we have nothing else to discuss. Even more so if you believe that it's fine to promise stuff that you can't legally provide.
What about the perception they gave that state if you were being monitored you would be notified? The part not made clear was that they could delay notifying you for months.
They did make it clear and did so before this outcry:
> Swiss law requires a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. However, in certain situations, notification can be delayed. This includes the following cases [...]
I think he is talking about the CEOs blog post, where he does not make that clear and absolutely creates the impression that the French activist received a notification. It even sounds like that you get a notification as soon as somebody just requests it, even if PM declines / fights it. [0]
> Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding.
People will read this and the majority will think there is some kind of notification as soon as that happens. I mean, users here on HN thought that.
Only if you click the link, the one that you shared, then you'll know that there are multiple situations where that notification will be delayed.
I think that is actually the worst part about the whole situation so far. One can argue that they should've made the potential logging more clear right under their no logs marketing. But pretty much doing the same stunt again with the notification, does feel a bit like intent... or stupidity.
1. Their homepage stated ""By default, we do not keep any IP logs...". Due to complaints about this being a lie, they have today removed this statement
2. Their website also stated "No personal information required to create an account". However, for creating an account through Tor a phone number is required. This has been an issue for 4 years [1]
How could I expect Proton to disobey legal requests? That's crazy.
There are 180 countries and not one will let you create a company that doesn't have to log IP addresses?
Proton should change their description to: "We don't really care so much about your privacy and make fake marketing claims because we are just another tech company trying to make as much money as possible"
> The expectation that Proton would be able to disobey the legal requests of their local authorities with impunity is unrealistic.
Untrue.
There are many way to resist authority without being seen as blatantly disobeying the law.
In this particular case, they could have gone with the standard: "can't technically do it, we don't have the infrastructure". Or: "the guys who manages the logs just quit, we can't recover the information". Or: "we don't have the budget to implement that, it'd bankrupt us" ... etc ... make as many lame excuses as the day is long.
Drag things into court and just bog the effing big brother machine down in technicalities long enough until they simply give up or the French activist has had ample time to skedaddle.
The ways you've listed would work only once (each). With several hundreds of requests per year PM would pretty quickly run out of plausible excuses to not start storing the requested info.
Also - what is so precious about this particular request compared to 700 requests PM received last year (if we trust PM on that)?
Also - the purpose of any commercial activity (which surely PM email service is) is to make money for their owners. How much money and for how long would come from PM if they constantly would be resisting authorities (or from authorities point of view - obstructing justice)?
This. If you pay ProtonMail, you don't have your emails automatically scanned by some company to show you advertisements, and you have encryption at rest. That's all.
I see many comments here that seem to be uninformed. Please, make sure to ProtonMail's official statement first. It includes a lot of important background info: https://protonmail.com/blog/climate-activist-arrest/
For example, this paragraph is important:
> Unlike other providers, we do fight on behalf of our users. Few people know this (it’s in our transparency report), but we actually fought over 700 cases in 2020 alone. Whenever possible, we will fight requests, but it is not always possible.
They also say that they had no idea about the identity of the activist and the charges against them. That means that the information was not provided in the warrant/police request, and thus that they can’t or don’t want to look into the merits of any requests. My hypothesis is that the 700 cases they mention are requests from _foreign_ authorities, to whom they answer that they need the request to come through Swiss authorities. More like a template email than a “fight”
> My hypothesis is that the 700 cases they mention are requests from _foreign_ authorities, to whom they answer that they need the request to come through Swiss authorities.
They can also fight against Swiss authorities, unless they come with a court+gag order.
Anyway, I believe them that the do their best to protect their customers, but it's simply not an option to break the law. And they never promised to do so; in fact, they quite clearly state that they don't.
This comment should be at the top, half the comments here either haven't read the article or just don't have a technical understanding of how the internet and servers work.
I don't see why it's AS big a scandal given what CEO stated and reading accounts from reputable news sources.
My quick take: France tells Switzerland who then compels PM to START tracking account holder(s) and prevented PM (by law from what I've read) from telling account holder. Per PM CEO this type of Swiss order could not be disputed with the way PM has disputed other claims.
To me, it's not logging of the IP; it's when did it start and from my reading they started after being compelled to do so over a period of time between compelled to and this coming to light.
To me, strong pushback (for those who feel passionate about it) should be directed to Switzerland for complying with France for what many think is not a high enough bar to compel all this tracking. Maybe they did scrutinize it and maybe they didn't.
Any meta-data saving isn't secure but sharing that after being compelled to track account holders isn't surprising.
There's a line in their agreement that says " If a request is made for encrypted message content that we do not possess the ability to decrypt, the fully encrypted message content may be turned over.".
I guess ProtonVPN also is not an exception to such "undeniable" requests. Bad day for company who bank on "no log" policy. Their marketing division will have a ton of work to fix reputation :)
I assume what they mean is that - they might have to log connections to their service (like with ProtonMail), but they won't have to provide what data that user account has accessed through the service, same as they didn't provide the actual emails of the account in question, but "just" the connecting IP.
> stated: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first."
And it still holds!!
What it didn't stat is that while _by default_ no such information is logged, but if they are legally compelled to they will log such the neseccary information for the email (account?) they are required to log them for.
Its honestly surprising for me that anyone though that a fully legally (in Swiss)operating service would protect their privacy beyond the point they are allowed to by Swiss law. But luckily for us Swiss law is pretty neat wrt. privacy, at least currently.
In Sweden you can get a prepaid phone number completely for free: Comviq literally gives away SIMs and to pre-pay you can still use cash. So from this point of view PM is not lying, not one bit.
Either you are confusing Switzerland and Sweden (which were two quite different countries last time I checked) or I'd be very much interested in data on why you see my words about Comviq giving away SIM cards as lie.
As you probably know, there are no roaming charges in EU, so if you have a swedish SIM card - you can use it (to receive SMS at least, sometimes answer calls) in any EU country. If you put some cash on it - you can even make calls. Still without providing a single bit of your PI (assuming you bought/stole a burner phone).
EDIT: clarification regarding SIM usage.
Isn't a phone number personal information as well? And what about countries where it is mandatory to register your SIM card? ProtonMail can't just reply to this part by saying "Just move to a different country bro". A phone number is personal information and should be treated as such.
A phone number is PI as long as it is tied to your ID. If you managed to get a SIM that is not in any way tied to your ID - then you are fine. This is assuming that nobody tracks your calls etc... but if you use Tor to register a PM account, then you probably know all the do's and dont's of both Tor and prepaid SIMs. As for the second part - yes and no. Yes, PM cannot answer suggesting to move. No, PM is not to blame for that. As it has been pointed out (in one of other threads about PM) this serves as a (not so high) hurdle for spammers, otherwise PMs free tier will turn into spam machine overnight. And paying customers still have to disclose their identity.
Also, if one values their privacy _that much_ then that person should be able to expend some effort to protect it, and not just make a couple of clicks on the webpage.
I support providers that believe this as well, and act in accordance.
Your model more treats privacy as something to be earned or attained through technical knowledge. No thanks. Journalists and whistleblowers need others looking out for them when no one else will.
If Protonmail doesn't solve this by the time my account is up for renewal, I will not be renewing.
They marketed themselves as a safe, secure platform away from prying eyes. As a platform for dissidents. Turns out it was bullshit (as many already expected).
Why don’t they use surveillance in anti-corruption squads to make sure no back room deals are being made inside the government?
This tool is turned against the poor and marginalized and used to eliminate opposition but not for making the system work better as it was supposed to.
In a sense society is being hacked by those in power using surveillance.
I’m not that surprised that ProtonMail folded; as someone else said they’re not going to do jail for you. What’s concerning is the nature of this warrant and arrest. As far as I can tell all the articles haven’t mentioned any actual crimes; is France just straight up arresting climate activists now?
For secure communications it’s much better to use Signal than e-mail. (Preferably with disappearing messages.)
I understand that people desire the UX of an e-mail client such as Thunderbird, Mail.app, Gmail or whatever. Nothing wrong with wanting that. But there is currently no good way to send e-mail securely.
It‘s really tiresome how it‘s become the normal to market all kind of fantasy interpretations of your value proposition and banish all nuance to legalese documents. ProtonMail has enough to justify itself, it doesn‘t need all the over the top claims of Swissness or blunt statements about privacy that are only half truths. They could also do without their spintastic, content marketing blog.
This is not surprising to me. I will still continue to use ProtonMail. I never signed up because of the "no IP logging" thing. In fact, if I had seen it before I just plain wouldn't have believed it, and still used ProtonMail. But hindsight is 20/20
I see it the same way. For me it always meant that the default mode is not to log. It's normal that they have to enable logging if a valid request to do so comes from the authorities.
Same goes for any of the German mail providers like mailbox.org or posteo.de ("We do not save your IP address when you visit or use our website. [...] To protect your privacy and for security reasons, we also delete any potential IP address entries made by local email programs from the email headers. Emails sent using our webmail interface or using email programs therefore contain neither your local nor your public IP address."). If the authorities can prove that they have a legitimate reason to expect them to log the IP addresses, then they must do it. They are all normal companies which need to abide by the law if they want to conduct business.
If you can make sure you and your relatives and your friends never cross Russian (or for that matter Russia-friendly state) border and/or you never write anything remotely resembling criticism of Russian regime - then maybe yes.
ProtonMail has always said that they would comply with Swiss law. Your IP will not be logged unless you commit a crime in Switzerland and the swiss police hands in a request.
So... if they receive valid swiss court order they can be forced to log user passwords on demand and their entire service is then useless? As when you have password you can decrypt entire mailbox content.
They market their service to journalists and activists, which are often targetted by their own governments. Seems that they cannot protect any of them.
Be real for a second: if a government targets you, you have no way of escaping it. If you're targeted by a small country, with not much power, so your only real options are kidnapping you if you are ever in said country. So, moving away does keep you safe. Should be, say, a Chilean journalist reporting on wrong deeds in your own country, you can safely assume that ProtonMail is safe for you. (That is, unless the government knows who you are).
But a first world country ? They have laws, they have international influence, they have technical means and the ability to intervene wherever you are.
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN’T REAL. When it rains, it pours." - https://www.schneier.com/blog/archives/2015/08/mickens_on_se...
This applies to ProtonMail too. What do you think happened with Lavabit ? They were pretending full security too, and we all know what happened.
Stop thinking this is a problem technology can fix.
Note that the recent case involved a crime in France.
So really, it's more like 'unless you commit a crime in a country that cooperates with Switzerland and the Swiss legal system decides to hand in a request'
Their actions were illegal in Switzerland too. As much as I can criticize France's recent actions against protesters, in this case, it's the Swiss justice system that ultimately decided to comply with the request.
Yeah, I understand that it was illegal in Switzerland, and the Swiss authority was not a passive participant, but your wording 'unless you commit a crime in Switzerland' implies that the crime itself is committed in Switzerland, not that it could be an action contrary to Swiss law in any cooperating country.
Maybe I missed it in all the kerfuffle, but what was the crime that was allegedly committed by the French climate activist that required ProtonVPN to comply with this request for IP information?
ProtonMail has been fraught with problems for a long time, and it's good that serious issues are being brought to light. Their marketing is very good and critics of them have struggled to communicate to users for a while.
The most important thing a serious privacy-minded service provider can do is be forthright and honest with users about the limitations of their privacy guarantees, particularly with respect to what hinges on math and what hinges on trust. ProtonMail has failed in this respect. It has always been the case, for example, that they could log these IPs, or that any incoming plaintext emails can be recorded before being encrypted at rest - and the fact that they're encrypted at rest is another thing we have to take on faith. Their proprietary components have always been a problem, and we also trust that they won't silently add key exfiltration to their webmail UI on the demands of a court. They don't explain any of this, they just pose themselves as experts on privacy and let vulnerable users stumble into law enforcement's hands because they care about their money more than their security.
Good privacy systems do not rely on trust or faith, they rely on math. Where some trust is required, in the case of a commercial service provider, it is their solemn duty to be honest with users and explain to them what promises they can and cannot make, and to make sure users understand which of these claims are backed up by math, which are backed up by law, and which are backed up with thoughts and prayers, so that these users can make informed decisions about how they use a service they're relying on for their personal liberty.
In my opinion, email is the wrong medium for highly confidential communication. Especially, if someone's personal freedom or safety depends on it. Even if E2E works correctly, you still have to worry about meta data. Maybe Matrix over TOR would be a better alternative?
I would not go so far as to day that email cannot be used privately, but I would say that it is very very difficult to use email privately. I agree that most people with highly confidential needs would be better served by another system, though I don't know what to recommend - Matrix over Tor seems viable, perhaps.
Encrypted email over an onion router (might even be TOR) would be no worse than Matrix over TOR for someone that needed anonymity on top of privacy. Since email can be done entirely offline, chances are that it would be better for the privacy:
Why? What if they're working for a drug manufacturer trying to find a cure for cancer when they discover that one of the other drugs their employer creates is killing people, but that's being covered up because money. Should those people stop trying to cure cancer or just keep quiet about unnecessary deaths?
What happens if your job is to be a watch dog for oil rigs to make sure they're not polluting local waters or covering up spills? Some rough looking men tell you that you should forget some of what you saw in your last inspection? Should these types of jobs not exist?
What happens if you're just out for a walk late at night because you have insomnia? You just happen to see the chief of police up to some less than ideal actions at 3 in the morning in the park. How would changing your job even help in this scenario?
Sometimes people need to communicate something that could be a problem for their personal safety. And the rest of us as a society dearly need them to do it. And personally, I would like them to be able to do it while also costing them as little as possible. Because otherwise people tend to be quiet about things that should be known by all.
Some people try to make the world a better place. Your message is personal freedoms matters more than my beliefs. That is not true for everyone. Many will turn in their own mother to save themselves others will put their lives on the line to save your mother.
That's the fair point among the objections here, re: HK, because you've identified a state actor doing arguably a wrong thing, but would such a state actor be able to satisfy Swiss law to compel the email vendor here to act?
The other objections are about whistleblowing on private parties, discrimination or in one case a corrupt petty politician/magistrate. None of them would generate a safety concern to someone protected by Swiss law.
Seriously, the folks working the privacy angle on this story need to distinguish themselves from gangsters and organized crime syndicates. One person doing the wrong thing is bad; an organization doing it is a serious public concern and everywhere and always will generate a public response.
If you substituted Substack or a public-facing communication medium I'd be more sympathetic to the outrage at an email vendor complying with Swiss law. Here, however, we're talking about discovery of the identity behind private communications of an undetermined nature in compliance with the law of a mature Western democracy. Sorry folks, you've sometimes got to work within the democratic system to achieve your goals.
It's not like corruption and organise crime doesn't exist in Western countries or governments. For example, the Maltese
journalist Daphne Caruana was killed after reporting on government corruption in Malta, an EU member state.
You really live in a marvelous world, where your communications reflect on your safety only due to career choices and not, let's say, gender, religious, political, or ethnicity related problems.
Well, if that matters, nothing stops _any_ email service provider from doing those things. And I would prefer a provider that at least tries to be clear about what to expect. One thing that PM failed to account for is how many people live in an imaginary world where it is possible to run a business that is stable, profitable on one hand, on the other hand fights for other people's freedom at own expense and is constantly in conflict with local authorities.
My day to day life is pretty boring, but occasionally I'll imagine what I would need to do if I ever had to get out a secret message out where it was important that it couldn't be traced back to me.
It always ends up being something like, "Well, I could buy a bunch of raspberry PIs with cash and then go to a coffee shop that I never go to and upload the message to a gmail account that I'll only ever use once. Throw the PI away afterwards in a random trash can in town and make sure to wear gloves every time I touch it. Finally use some sort of encryption scheme or something so I can identify myself for repeated correspondences because each time will be with a different one shot email account."
It turns out that this isn't some fanciful paranoia, but is in fact the bare minimum of what I should be doing if something like that ever came up.
Tor from a coffee shop should be sufficient shouldn't it? If the browser cannot be finger printed and the IP is not yours, it shouldn't be possible to identify you.
CCTV Cameras are everywhere. To get to point B, you will leave a nice trail. It should not be that difficult to assemble the necessary identifying data. And when the biosecurity state comes online in its robust form, your movements will be fully traced.
I think a distinction must be made between a service that will protect your privacy historically and a service that will continuously protect your privacy.
If I sign up with protonmail today using a vpn like mullwad, since I'm probably not currently be targeted, I can reasonably be sure that it will be difficult to track things back to me.
However, once I'm targeted and there's a warrant against me, any activity I have on such services is going to be logged going forward.
So, using the service once to receive some data or do something anonymously is reasonably secure... This is very different from services like gmail which will have kept any logs in the past about me and that will always be able to track me without any further logging.
It's imperfect but I think that given the current environment and the current laws, this might be the best we can have.
Wasn't this a form of fraud? I don't know what the Swiss law is but in the United States, fraud is both a civil tort and criminal wrong. The elements of a fraud are:
1) the making of a statement
2) the falsity of the statement
3) an intent to deceive
4) reasonable reliance on the statement by the injured party
5) injury sustained as the result of the reliance
ProtonMail knowingly told this activist 'we don't log your IP' in order to attract their business. ProtonMail did log the IP address. The activist believed this and got arrested.
Reasonable people are assumed to know that the obligation of a service provider to obey the law of its jurisdiction has a higher legal priority than their obligation to oby contract terms with customers.
#2 likely fails because the statement was at worst ambiguous or incomplete, not false. The statement that they do not keep logs by default combined with what reasonable people are expected to know as mentioned above should have led a reasonable person to see through the ambiguousness.
And if not PM went in to more detail in the TOS. Yes, it is well known that most people don't read the TOS. Heck, I often do not read the TOS.
But when you are using a service as part of some criminal endeavor or for something for which there is a reasonable chance will be mistaken for a criminal endeavor you really do need to read the TOS. To not do so is unreasonable.
#3 probably fails because there is likely no way to prove intent to deceive.
#4 likely runs into problems similar to those of #2. A reasonable person using a service for furthering some illegal activity would be expected to put some care into checking out the service to see if it is safe for such activity, and in doing so should have discovered that PM is not safe against Swiss law enforcement obtaining some meta data.
2. was missing when the activist started using PM.
3. also missing (unless there is strong evidence of presence).
So no, no fraud. PM has to follow Swiss law and they have stated this long before the incident pretty clearly.
When did the activist start using ProtoMail? Also, if they say roughly, we will not follow Swiss law for you and they follow Swiss law, that is still lying.
Maybe for you that's clear. But I use Protonmail to advocate for journalists, whistleblowers, and teachers, many of which are not security experts and not familiar with the twisted language used by Protonmail's marketing team.
If their marketing team can't come up with something better, just take text from the privacy policy verbatim.
ProtonMail has an official TOR page, there hardly is a reason for those performing activities illegal under relevant jurisdictions (I support the notion of illegal non necessarily being evil - in many countries many good things like fighting corruption, loving a same-sex partner or responsibly using psychoactive substances for genuine medical reasons can be illegal) to use it the way exposing their actual IP address.
I also don't understand why does ProtonMail record the device type - I doubt there is a law requiring this.
Agreed, that's why I've asked Protonmail to promote their Tor page. Before yesterday the only mention was in their footer under "Onion site" and in a single blog post from 2017. They need to do better at promoting and supporting users through Tor. Heck, add it to their transparency report "40% of users connected through Tor, our goal is 90%"
If they really cared about anonymity ProtonMail would ship their mobile app with bundled TOR. Especially the mobile version, since plenty of non-tech savy people use mobile only.
I am no lawyer, but there are over 180 countries in the world, and there is not one that will let you open a company that don't have to log user IP addresses?
I call this complete BS.
Protonmail has just become one of those providers that is only about making money and is probably getting money kickbacks from law enforcement under the form of legal processing fees or even something else, who knows..., really sad...
The homepage has always been misleading, since their TOS does mention that they can keep your IP address, for law-related purposes or spam prevention. Additionally, once they receive a request from Swiss police, they _have_ to comply and log those addresses. You can fight tooth and nail and pretend that your entire service is built to never see any IP, but in the end, you will still be made to log it.
Your service is connected to the internet, isn't it ? An IP is a fundamental component of it. It's impossible for you to say that you cannot have the IP. Even if it involves you going to your edge server and reading everything with Wireshark to find out the IP, you will still have to comply.
EDIT: To add to this, this is why ProtonMail recommends using a TOR node to protect your address.
Similar to Apple, Protonmail seems poised to redefine privacy as "privacy from advertisers" rather than "privacy from us too".
I for one am now only using Protonmail through Tor. Recommend Brave users enable "Automatically redirect .onion sites". If a site has an onion service, it will automatically redirect in case you forget.
ProtonMail is my main e-mail, so I am positively biased in their favor.
I think their advertising copy about not logging IP addresses was poorly done, but their service is private enough for me. It probably doesn’t much matter or make much difference, but I feel OK with using their service, and tweaking my account settings for Google and Apple to the minimum amount of data retention.
I feel that people who let corporations easily have all of their data put themselves at a disadvantage when it comes to any interaction between yourself and any large company (insurance, retail, etc.). Governments will always have our private information so the real purpose of privacy is economic value.
Imagine playing poker with your friends and you had to have your cards face up on the table and they could keep their cards hidden from you. In this example, your friends are corporations.
EDIT: Carissa Véliz, author of Privacy is Power, was interviewed recently on the ProtonMail blog, and I think the interview does a good job of summarizing her excellent book: https://protonmail.com/blog/carissa-veliz-data-privacy/
Nothing special about ProtonMail, except it seemed like an "easy choice" after reading the Surviving Surveillance Capitalism book a couple of years ago.
Everyone just needs to make their own decisions on privacy. I feel fairly comfortable with my practices. For me, it is the economic motivation of wanting to reduce the advantage companies I deal with have over me that convinced me to take extra precautions.
Ah got it. I support Protonmail because I believe in easy to use privacy tools for others like journalists, whistleblowers, and teachers. That's why I want Protonmail to be a leader in this space with clear marketing and communications.
My trust in them had been broken as soon as they asked me to honour a bill when my vpn subscription ended, instead of notifying me to renew. Respectable companies don't use such asshole design/wording. They're a fraud.
So they lied ... not surprising companies promise things just to betray their customers in a second. I still remember when Facebook won the social media war by promising to never allow advertisement.
Well yes, which is why we should always beware of outlawing things "because criminals". Criminals won't stop using VPNs or other tech because they're not legal, and as you say, most things have legitimate uses too.
I agree, but that's also why I don't think 100% anonymity is something we should strive for. I'm fine with anonymity until the provider is obligated to comply by law... but that's mostly because I'm in Canada and I have a relative trust in laws. Wouldn't feel safe with anonymity guaranteed by US law at all.
question... why did they have this information readily available for them? couldn't they not retain logs and delete this sort of information right away? is there some legal aspect that makes them have to retain it for a certain amount of time or something?
i know there are some Protonmail guys reading this thread... people choose your service exactly for this very same reason, good luck trying to regain people trust
Well, at least they own their mistakes and change accordingly.
All email is shit. Nothing is encrypted and many company's simply try to sell you on better productivity (hey.com). Already having my email be encrypted so that the host can't read it is a step forward, in my opinion.
What a douchebag company honestly. Their marketing is absolutely evil. Changing the headline does not cut it, they need to fire people responsible for that outright lie.
After a dude gets arrested, they’re like: oh, we were talking about advertisers! Who did you think?
I can't imagine running an internet based service and not logging IP addresses. How else do you debug issues or isolate malicious users, etc. Does anyone think it's realistic (or even responsible) to not log basic info?
I don't use PM, but it seems their product is end to end email encryption, not complete web anonymity. Maybe those wanting to add anonymity should access it via tor (if PM allows it).
From the blog posting I read yesterday, the individual was not arrested for his political convictions. He was not only a climate activist, but also a squatter. Apparently there were several police officers hurt during a legally mandated eviction of the building that he squatted.
Saying "omg they arrested a climate activist" is like saying "omg, they arrested filesystem developer Hans Reiser!"
Presumably the charge is not "resisting arrest", but "assault of an officer of the law". Several officers missed a couple of days work, one officer had to stop working for two weeks.
I haven't more on the subject, but I can certainly imagine that they started an investigation only in the days afterwards, when doctors had established reports and cooler heads prevailed.
Look at it from the perspective of the state / society. What's the alternative? Arrest everyone you find in the house, every time when you think you may press charges, and hold them indefinitely until you sort things out?
The article stated that he refused to give ID / fingerprints at the time (which is his right, as he was not charged). Clearly he no longer has a house; you just kicked him out. What do you do? How do you find him?
So they asked for an international warrant for his IP (not the contents) so that they could find him, which was approved by a disinterested third party. The warrant was executed, and now he will answer in a court of law, where he can argue his innocence while the onus is on the state to prove the contrary.
Contrast that with the alternative approach "in the heat of things" (arresting everyone, retrebutive escalating violence) and I think it's pretty amazing that our society works this way, and how much effort is spent to safeguard both justice and individual liberties. Hell, in the US, 25% of homicide-by-police is happen as the result of traffic stops that turned sour.
As far as I can tell, this was about squatting in an unused commercial space that was once a restaurant. The spot had been damaged prior to the squatting and no renovations to fix it had started.
So, yes, a crime, but comparing it to Hans Reiser seems a bit over the top.
It's an international request from Europol. Switzerland is somewhat forced to comply with these (and this one in particular) for two reasons. One political and one to serve its own interests.
The political one is that if Switzerland in the future will create an international request countries could rebuff that in lieu of this very event. And to be honest I am not sure if they can refuse such requests after the recent referendum about abiding the EU constitution.
The self-interest one is that those activists are/were prone to vandalizing banks which are a cornerstone of Swiss economy to this day (in smaller measure compared to the past since they now can pass information of account holders to other countries). Anyway, banks are still a big deal in the Swiss mentality and giving a literal "out of jail card" to someone that targets banks would set a bad precedent in Swiss public opinion.
Are you sure he was arrested due to climate activism-- or is it possible that the irrelevant description has been added to manipulate people into a target reaction?
It has been admitted. So they DO log your IP address when you use their service. So their customers have been lied to and have their privacy at risk. They cannot be trusted.
So how long have ProtonMail kept this massive lie from its users then?
> under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account.
So I assume normally IP addresses aren't logged. But they can enable IP address logging for specific accounts when ordered to do so.
There is very little practical difference in the protection that gives users, but seemingly the privacy policy was technically correct.
Since day #1 would be a safe guess. I don't think the honor system is a good way to deal with companies so when a company writes something like that and I have no way of verifying it then I don't believe them. Worked pretty good so far.
Just to be clear, there's no reason to believe you aren't a Chinese bot trying to sow division among western countries with this comment. It's a pretty safe guess and we have no way of verifying otherwise, after all.
Actually, there is. I've met 10's of HN'ers in person, this account is many years old and in pretty good standing, on top of that I have regular contact with the mods and many others on here IRL.
You probably should have picked a different account than mine to try this particular line with.
He didn't. By stating that he has now way of verifying he most likely meant that he exhaust all the ways, within his ability, to verify it. While the other poster made no effort to verify if Jacques is not a bot (it's easy). There's a difference in actively verifying given statements and passively accepting all that is written or all doubts that a busy mind can produce.
I think you may have missed it a bit too. jacquesm wrote:
...I have no way of verifying it then I don't believe them. Worked pretty good so far.
This can't possibly be true since one can't verify everything. If one truly lived this then they'd be in an endless quest of verifying things. For instance, verifying verifiers.
We are about to enter into an age of hard to detect AI generated articles and research so this isn't philosophical silliness.
It is probably worth reading the clarifications made by ProtonMail [1] and their Transparency Report [2]. As a company based in Switzerland, it was clear to they could be compelled to do so and they never hid that fact.
IMO a breach of trust would be actually logging IPs by default and before a legal request is made.
>The firm's privacy policy, which was updated yesterday, now says: "If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation."
That makes it sound like they normally do not / did not log the IP, but then got orders from the police the log these particular IPs.
If that is the case, why did they remove this statement? It seems to me that if the statement remained true even though this guy got arrested, it would be true under the "by default" clause. By removing it, they indicate it was never true; or, I suppose, they discovered just how fun it is to get people arrested, and decided to change their policy on the fly!
They clearly changed it because of the amount of backlash they got and because so many people called that statement deceptive. Just because it's true doesn't mean it's smart to say it and them removing the statement is absolutely reasonable.
> If that is the case, why did they remove this statement?
As far as I understand according to several comments I read here in HN "99%" of the people don't understand what "by default" means, making the sentence misleading for most.
pretty much every comment section about protonmail has been pointing this out for years
their users were too fanatical over "Swiss laws" to pay attention, going as far to demand proof when observers were merely pointing out the fundamental flaw in the Protonmail concept and incongruent advertising
Today, i read somewhere while watching protonmail case comments, that switzerland has quite extensive surivellance laws which include possiblity of logging whole country inbound and outbound traffic for period of 6 months.
> Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding.
But the timeline is unclear to me. If they notified you via e-mail, and then immediately turned on IP logging. So... you'd go and check your e-mail, learn about the third-party request, but by then it's too late as your IP address has already been logged?
> but by then it's too late as your IP address has already been logged?
If someone is so sensitive about leaking their IP address and they access some service with their real IP and relying on a service's promise to not log it they already are not very careful to begin with.
Techcrunch already went over this and the law allows you to delay notifying the person so it is in effect a worthless statement to make since all authorities would simply tell them not to notify the user.
And yet they said they didn't even know it was a climate activist so how could they really fight if it isn't simply technicalities they are fighting on? Again, they fail to provide transparency in what reasons those requests were rejected and sounds like more marketing spin.
Sure, it's a more stable country than many other countries in the world, but not much different from most EU countries for example. And privacy wise there is no difference.
Be also aware of the fact that many companies market themselves as Swiss, but all it means is they have a head office in Switzerland due to tax reasons. In one example, it's a cloud storage company, they say on their marketing page and their about page that they are based in Switzerland and under Swiss law, but if you look at the legal pages the company you sign up with are actually based in Bulgaria. Their servers are based in Texas, USA and Luxemburg, Europe and their development team in Bulgaria.