Re: [PLUG] Proton mail not exempt from surveillance
Legally speaking all servers keep IP logs. This is an intersection between technical definition and legal terminology. In order for a host to communicate over the internet, it needs to hold onto the IP address of the host it communicates with. It can hold onto this IP in RAM for 5 seconds or log it to persistent storage for future use. Either way it obtained the IP and can choose to do something with it. Lawyers and politicians don't give a flying fuck about the difference between an IP in a text file and a log file sitting in volatile memory. The legal explanation of this is clearly stated here: https://protonmail.com/blog/climate-activist-arrest/ "As detailed in our transparency report, our published threat model, and also our privacy policy, under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account." What happens when psg.com gets a court order? ;-) -Ben ‐‐‐ Original Message ‐‐‐ On Tuesday, September 7th, 2021 at 7:24 PM, Randy Bush wrote: > > Not to cause a flame war or get into the weeds of how email works, but > > > > no email service you use is immune to a subpoena or court order - in > > > > any country. ... > > protonmail said publicly in their adverts that they did not keep ip > > logs. turns out they did. today they removed that section of their > > braggadocio. > > randy
Re: [PLUG] Proton mail not exempt from surveillance
> Not to cause a flame war or get into the weeds of how email works, but > no email service you use is immune to a subpoena or court order - in > any country. ... protonmail said publicly in their adverts that they did not keep ip logs. turns out they did. today they removed that section of their braggadocio. randy
Re: [PLUG] Proton mail not exempt from surveillance
On 9/6/21 14:14, Mike C. wrote: > One regional communication service provider that I know of that doesn't log > ip addresses is Riseup.net. Their philosophy is essentially any info that > isn't logged/stored isn't able to be shared. > > If you don't know about the Warrant Canary, now you can now - > https://en.wikipedia.org/wiki/Warrant_canary > > Riseup.net warrant canary info - https://riseup.net/en/canary > > On Mon, Sep 6, 2021 at 1:15 PM Russell Senior > wrote: > >> Saw this referred to on tweetar this morning, and looked it up: >> >> >> >> https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ >> Not to cause a flame war or get into the weeds of how email works, but no email service you use is immune to a subpoena or court order - in any country. The SMTP protocol requires servers to cache, even for a short while, header information to deliver/receive messages. Even Riseup can be compelled to cough up this subscriber data, esp, as branch of a USA non-profit. USA has some of the worst individual privacy protections, courtesy of the Patriot Act and similar laws passed to fight "terrorism". The legal usefulness of warrant canaries is still debatable. Once invested in an email service, and a canary dies, what then? Your data is already gone. Stop suing the service? End-to-end encryption, Tor, VPNs will at least keep your data, if not always source and destination, safe. Riseup.net is not immune to what happened at ProtonMail. I'm glad these service providers exist, but they are limited in how much privacy they can provide. We walk around with cell tower and GPS location trackers. We scan credit and debit cards debit cards. Instead of worrying about our email provider rolling over on a court order, perhaps it would be better to pressure our elected servants to rescind privacy nonsense like the Patriot Act and stupidity like the Citizens United SCOTUS decision. -Ed
Re: [PLUG] Proton mail not exempt from surveillance
This isn't exactly a surprise and is more a reflection of modern law enforcement than protonmail's services. The data they divulge is metadata and this is only because as a company they must conform the the laws of the region in which they are based. As a result of Swiss law and Protonmail's own design this whole situation gets blown out into the open with unusual levels of transparency. The takeaway is not that protonmail is not-exempt, but rather that companies do have flexibility in how they respond to this type of situation. This applies to company policy and technical design of the service. If this situation occured here in the USA with a gmail user you might never know it happened at all. -Ben ‐‐‐ Original Message ‐‐‐ On Monday, September 6th, 2021 at 1:15 PM, Russell Senior wrote: > Saw this referred to on tweetar this morning, and looked it up: > > https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/
Re: [PLUG] Proton mail not exempt from surveillance
One regional communication service provider that I know of that doesn't log ip addresses is Riseup.net. Their philosophy is essentially any info that isn't logged/stored isn't able to be shared. If you don't know about the Warrant Canary, now you can now - https://en.wikipedia.org/wiki/Warrant_canary Riseup.net warrant canary info - https://riseup.net/en/canary On Mon, Sep 6, 2021 at 1:15 PM Russell Senior wrote: > Saw this referred to on tweetar this morning, and looked it up: > > > > https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ >
[PLUG] Proton mail not exempt from surveillance
Saw this referred to on tweetar this morning, and looked it up: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/
