this post was submitted on 26 Feb 2024
262 points (97.5% liked)

Technology

59534 readers
3195 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] SnotFlickerman@lemmy.blahaj.zone 148 points 8 months ago* (last edited 8 months ago) (2 children)

They said they would protect your privacy, not facilitate criminal activity.

If the whole reason you want privacy is to facilitate criminal activity, you're going to have a bad time.

But it also raises the question: Doesn't political dissent often get categorized as "criminal activity?"

I think the bigger question is if these services will stand up for obviously bogus charges when it comes to political dissidents. I actually don't really have a problem with them being willing to shut down accounts associated with ransomware. However, I do understand how exceptions made for "criminal activity" can end up being directed at people who simply have a differing political opinion.

Finally, when it comes to political dissidence: If you are under the thumb of an authoritarian government, is violence taken to achieve freedom considered a "criminal act" by these privacy companies?

These companies have potentially put themselves in a very thorny situation in regards to their intended purpose.

[–] snownyte@kbin.social 37 points 8 months ago (3 children)

I think there was someone who was bitching here at one time, about ProtonMail handing out some user's account by court order. And they were trying to be snarky like "oh, guess ProtonMail doesn't care about your privacy after all!" or some shit.

And your comment here completely clarifies the differences about protecting privacy from enabling you to continue your criminal activity.

I myself cannot be 100% sure my privacy would be protected, if the service I knew, was having their door knocked because they knew I'm up to no good.

Your privacy is ensured from the likes of spam, advertisements and corporate eyes reading your e-mail. Not criminal activity.

[–] EncryptKeeper@lemmy.world 26 points 8 months ago

ProtonMail advertises their service by saying they won’t comply with any court orders except by the Swiss.

I’m not sure where this particular court order came from, but if it was from a foreign government, that would be a big deal.

[–] IllNess@infosec.pub 22 points 8 months ago (2 children)

I want to know what happens when something is only a criminal activity in a state.

Is an Alabama resident moving eggs and IVF clinics to a different state considered criminal activity?

How about a Texas resident talking about getting an abortion in a different state?

I'm not sure if state governments can even requests this but it does interest me what Proton's response would be. What if it was countries instead of states?

[–] doublejay1999@lemmy.world 23 points 8 months ago

As this thread had shown, there are dozens of serious questions for them to answer. Not least of which is the fact since you are not a criminal until a court has found you guilty , who are they calling criminal?

[–] SnotFlickerman@lemmy.blahaj.zone 7 points 8 months ago* (last edited 8 months ago)

On the plus side, being that they're in European countries, they likely have the enviable position of being able to ignore and chastise the worst excesses of USA law. However, that's my question as well, this is all well and good, but it also puts them in the position of having to have a "scale" of which crimes are "worth" legally complying with, and which ones are "worth" ignoring and fighting.

They don't have to support the fanatical religious government in Afghanistan, for instance, but surely there are dissidents there who would like to be able to communicate without being monitored in Afghanistan as well. Where's the line? Is the line different for each country and it's laws? Are they going to count the absurd "religious crimes" there as the same as more egregious crimes like ransomware?

It actually would behoove these groups to codify and communicate their positions on this wholesale now because the issue isn't going to go away.

[–] blazeknave@lemmy.world 10 points 8 months ago

I definitely agree with you. If a warrant is valid and attained honestly and legally in good faith through real evidence of serious crimes, that's different than sending dick pics through Prism. In theory that mirrors how IRL should work.

Is there any kind of social contract RFC proposed to set global standards for boundaries? To your point, companies prefer to have clear discreet understanding of the laws, compliance, and generally accepted best practices. Easier, safer, cheaper. Everyone wins.

Imagine variable scoring on different traits per entity, that would make different rules/boundaries applicable! E.g., North Korea's independent journalism score makes them inapplicable for XYZ activities (email account access, phone unlocks? 🤷).. CSAM 100% inexcusable, tiers of limits on disinfo or hate speech..

Would anyone reading this take something like this seriously? I can't own this. I'm not at all an expert. But I have friends at places like Mozilla, EFF, and standards bodies, to whom I could reach out and maybe help with intros.

..And then you realize your tl;dr is 'who wants to play pretend world police with me?!?!'.. and to what ends is it enforceable? Realistically any major entity can pull out of anything at the cost of their customers (and potential civil damages suits). Microsoft can stop supporting SPF, Schneider can stop supporting standard voltages. It'll cost them customers, but it's not regulatory/mandated, correct? If pornhub builds a city in the Pacific and refuses to relinquish emails about human trafficking, does the UN send armed forces? Obviously not. But do they get disconnected from 1.1.1.1, 8.8.8.8 or w3c's yellow pages?

So what would make someone or some entity, trusted? Just curious for the thought exercise to see what you all think, and the sociological repercussions.