cross-posted from: https://lemmygrad.ml/post/40877

Email is inherently insecure. If you want or need secure communications, that’s what software like Briar, Matrix, or Signal (yes despite some drama).

Secure emails can always be done manually with PGP and will be a lot hardier than trusting an organization that gives away subscriber payments to Western-backed coup attempts and color revolutions.

  • southerntofu
    link
    fedilink
    arrow-up
    4
    ·
    3 years ago

    To be fair, Proton’s hands were tied.

    No, not really. I know you mean it as a metaphor, but i think it’s important to point out in some countries as a sysadmin you could literally have your hands tied and cops beating the shit out of you. Avoiding this is a privilege european sysadmins have and can use.

    It was either give up the customer data for a few customers or their business would have to be shut down for all the users

    That’s definitely not so clear cut. Usually and to my knowledge the worst you can get for failing to keep logs (data retention laws) is a fine, which for a business like Proton is not really a problem as we’re not talking about a small hosting non-profit, and i’m sure people would be happy to take part in a crowdfunding for that.

    And they could have just gotten away with it. As you can learn from other hosting collectives like njalla (or weirder “offshore hosting” companies) not answering to the cops is always an option, or even answering that you don’t have the information they requested.

    If they used the Proton VPN in conjunction with Proton Mail they would have been safe.

    Why always blame the victim? I agree it was preventable, but that’s no excuse for the way some of us tech people collaborate with those fucking fascists from the police who will do anything to protect the status quo.

    Also worth noting, from what i gathered, Protonmail in fact setup IP logging just for this user specifically. So in this setup, Proton VPN would not have been safe either.