this post was submitted on 30 Mar 2024
299 points (79.4% liked)
Technology
59569 readers
4136 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't trust proton and I don't know why anyone would
Well, at least say WHY? We know we can't trust Apple (because of the recent backdoor that had to be closed down), Facebook because of the Cambridge Analytica scandal, Microsoft because the NSA were given first access to vulnerabilities before patching), the NSA because of the CLOUD Act), etc as these are all documented, analysed and reported on. Your comment really adds zero value to the debate. Proton is under Swiss law for a start, which has a way higher barrier to entry for law enhancement to get any access to metadata. In the USA the law enforcement just buys that data from data brokers. Proton is not in the business of advertising.
Just be carefull with "Swiss laws" defense. The laws are for Swiss citizens only. The same applies to "German privacy" laws.
Well German is EU, whilst Swiss is Swiss. But either ways, their requirements are way higher than US law for access to any records or metadata. The other thing is, if you live outside of Switzerland, your own government has to arrange legal access via two countries' jurisdictions. And of course too for the USA, neither the Swiss or the Germans are allowed to just sell off data to data brokers.
I don't trust them because they don't use established security practices and their interfaces abstract away the internals and they have complied with law enforcement and admitted they could compromise contents(not just metadata) and they don't accept anonymous payment.
They do accept Tor connections though... But I think you have the facts wrong about that access to data unless you have a credible source you can share: They are legally obligated to comply with lawful requests from Swiss authorities if they meet specific criteria (just like every other country except the USA where law enforcement [used?] could just request access. In a US case involving threats against immunologist Anthony Fauci, ProtonMail confirmed they received a legal request from Swiss authorities. However, due to end-to-end encryption, they could only provide the date the account was created, not the content of emails.
they could ship malicious js to their frontend that would give them access to the unencrypted session. you are going on faith every time you load the interface.
Vulnerabilities on the client end are the only way right now for most state actors to gain access to messaging. So yes, various actors are already exploiting that as they have a lot at stake to gain access. But with others already able to exploit that, why would Proton want to do that? Their model is not about advertising or selling data, and they have 100 million paying customers as I understand it. The one's that have been spying and exploiting have been the likes of Meta's Facebook with their app present on the client device, and then trying to break Snapchat's encryption this was (this came out in March 2024). Anyone "can" but we need to also consider "why" and what business model they have.
>But with others already able to exploit that, why would Proton want to do that?
to comply with a warrant