Proton Mail founder vows to fight Australia’s eSafety regulator in court rather than spy on users
Proton Mail founder vows to fight Australia’s eSafety regulator in court rather than spy on users
Andy Yen says draft safety standards ‘would force online services … to access, collect and read users’ private conversations’
Ugh I hate this.
It always starts with blocking CSAM, because just about everyone agrees it's awful and the people who produce and share such content deserve to be sent to prison
But then over time it creeps on and on to other controversial things, like surveilling Nazis. And before too long it's expanded to protestors who attended rallies laws were broken in. And then eventually some radical new government is elected and now anybody who's organising any form or protest is surveilled and quietly disappears
Having laws like this is fine when the ruling party only uses it for things most people would deem net positives (like stopping terrorism and arresting child abusers), but passing laws that break encryption or force invasive logging creates opportunities not only for misuse by authorities but also data breaches and social engineering attempts.
Such a law is already established in the UK, complete with the "technically feasible" caveat. It really is only a matter of time.
Everyone just memory hole and forget about how they complied with a subpoena to turn over the IP and phone number of a French protestor to EUROPOL, leading to their arrest.
Yep, that happened while they were telling their users they do not log IPs and are secure and will protect your privacy, as they still are.
And yes, this is unambiguous, they admitted to doing it.
They don't log IP addresses, but some governments have laws where the court can compel them to start logging, which is what they did here. It was also a unique situation between France and Switzerland where the two countries have specific agreements when laws between them are the same, such that if you commit a crime in one country the other will help to catch you. With ProtonMail being based in Switzerland, where the court order was issued, there was far less room for them to do anything about it.
What they did was in line with what their terms and conditions stated at the time. Afterwards, they reworded the terms to make it more clear.
All businesses have to comply with court orders, and unfortunately a single user isn't a hill worth dying on. All users and fundamentally undermining encryption is, though.
This, pretty much. A tl;dr for anyone needing it : they, a swiss company, were forced to start logging the one user by a swiss court/law
They advertised that they dont log IP addresses while they were logging the IP address of at least one user.
Then they got caught doing this and did a PR campaign to explain why.
This is duplicitous, false advertising, and lying until they got caught.
Further, due to the nature of warrants, the tech involved, how investigations work, relevant laws blah blah... this means that potentially any user could be subpoenaed by the Swiss gov, and ProtonMail would give out their IP without ProtonMail telling said user. This means any user based in a country that has roughly friendly relations with the Swiss gov is at risk.
I thought a whole point of safe and secure email services is that they are also safe and secure from governments? Most of them are marketed that way.
I dont know about yall, but if they even have the organizational and technical capacity to provide the info they did, they are a piss poor 'private and secure' email provider.
Yes, a company was legally obligated to turn over the data it is legally obligated to collect. I am shocked I tell you.
Clearly you didn't even read the article.
Your point being?
Bruh, it's just one user.
How long has ProtonMail been in service? Since 2014 and they've only had to turn over one IP for one user in that entirety to date.
Big fucking deal, dude...