It seems there is some mental conflict going in readers between the reality of what ProtonMail does for its customers and their expectations of what kinds of protections a legitimate business can provide.
Both ProtonMail and Apple will challenge subpoenas when they believe they are not valid, however neither company has the final say in the matter and can be compelled to provide access to data that they reasonably have access to. It is up to the user to plan what information they provide to service provides in order to not leave a trail of crumbs, and also evaluate what kind of man-in-the-middle weaknesses a service might have for the possibility of wiretapping. It should go without saying that linking a phone number or back-up email address can be a pretty large crumb.
The learning here is to recognise that these services can be compelled to provide whatever small information that they have reasonable access to, and that this information may be useful in unmasking an identity.
I suppose the second learning is to elect governments which respect democratic freedoms, even if that puts them on the back foot.
I don't think this is solely the issue that users don't understand that the companies are obliged to provide the data requested by the authorities.
The whole controversy surrounding Proton started when they marketed themselves as "secure and private email", promising they would NEVER give away their users' data, until they did. I had a similar discussion with my friends today about this topic and the issue I have with it is that Proton tries to market itself as an email which will never snitch your data to the authorities. And we've seen countless times (they have provided data to almost 6k requests last year) that this isn't the case.
The problem as I see it is that Proton is not even trying to challenge the requests anymore. It's not like Tuta, who you can read on the news that they keep challenging almost every order they get from the authorities, even if they lose the battle in court: https://techcrunch.com/2020/12/08/german-secure-email-provid...
As I read on a website comparing "private email services", the question here is not whether a service provider will or will not abide by the court requests. It's whether it will do anything to challenge it or just giveaway the data without questions asked.
I disagree, while the marketing is carefully worded, it doesn't say that and both Proton's privacy policy and their transparency report detail what kinds of information they gather and how often they hand over that data.
But didn't this prove the opposite? An optional email recovery.. I think other companies would have been obligated to provide far more information, including emails etc..
Tangent: Been looking to switch email providers for a while, and hadn’t heard of Tuta. Looked good enough I just went ahead and signed up… only to find out apparently they provide no real data portability whatsoever.
The only option for getting your email _out_ of their systems is to select small batches of them one-by-one in their app and export them.
There have been many requests for something similar to Proton’s bridge functionality that haven’t gone anywhere. A more useful export function has been near the top of their public roadmap[0] for half a decade now it looks like.[1]
Guess I’ll go find out what their refund process is like.
The one good way forward I can see for any such privacy-conscious service provider is to let the user see exactly what data is stored about them (and purge it where feasible).
You store my access times and IP addresses? I should see that.
And therein lies the problem. We on HN may have a few ideas about how to do this, but the typical user of a secure email/VPN/tor unfortunately doesn’t and realistically can’t understand the corner cases and tricks.
Realistically, even HN users would make enough mistakes.
This is why I’m dubious of these types of products marketing to average consumers
If your threat model is "utilize secure email/VPN/tor to evade organizations on the spectrum of [law enforcement...intelligence services]" you are not a typical user even of those services and saying that it's on you to understand all the corner cases and tricks to avoid persecution, prosecution, execution, etc. seems pretty reasonable.
If you’re trying to evade LE because it’s illegal to be gay in your country, and you get caught because you’d listed an Apple address in your ProtonMail account - can’t we design better products to make this less likely?
Who gets to decide which specific sorts of evasion of law enforcement are acceptable?
Should we consult your personal moral preferences for that, as applied to each of the 200+ countries on the planet? Why do your preferences overrule those jurisdictions' decisions?
I think there is a fairly straightforward answer to this question. It is always acceptable to evade law enforcement for anything related to laws restricting human rights as outlined in either the Universal Declaration of Human Rights, or the International Covenant on Civil and Political Rights.
Folks who design products that are trying to protect privacy should do their absolute best to sand down the sharp edges and make them secure-by-default wherever possible.
>I suppose the second learning is to elect governments which respect democratic freedoms, even if that puts them on the back foot.
Democratic freedoms, in the United States at least, protect people from UNREASONABLE search and seizure.
Compelling a third party to reveal information about a customer via a court order is not now, has never been, and will never be until the end of time and space, unreasonable.
The order itself might be unreasonable and should be challenged if so, but the procedure and ability to do so is not and will never be.
> Compelling a third party to reveal information about a customer via a court order is not now, has never been, and will never be until the end of time and space, unreasonable.
Its unreasonable if the standards for issuing the court order (as applied, even if not in theory) are unreasonable.
And that is often now, and has often been, and will often be (likely until the end of human history), unreasonable.
Yeah. This stuff is all about putting an end to the global mass surveilance dragnets. Police and government should still be able to operate of course, with checks and balances.
They should not be able to push a button and learn everything about a person. If they want to learn about an individual's private life, they should have to get a warrant then put people to work on the guy's case. They should have to literally follow their targets, photograph them, put hardware keyloggers into their keyboards. That sort of hardship imposes natural limits on the scale of their operations: there are only so many police officers you can assign. With computerized dragnet surveillance, the scale of their operations is essentially limitless.
These encrypted communications services aren't generally in the business of going to jail in their customer's place. They gotta comply with the government laws. When a court orders them to do something, they either obey or they are held in contempt of court if not worse. It can't be helped. It's still helping reduce global surveillance by forcing them to target their attacks.
>Democratic freedoms, in the United States at least, protect people from UNREASONABLE search and seizure.
You're conflating what's written in the law and the sad reality of how a lot of that is simply ignored by law enforcement, while they are standing on your neck, searching your car.
Standing on anyone's neck, while searching their car without a warrant or probable cause is a problem, for everyone.
I'm not even sure why I have to clarify this, but ok!
I would argue that the second learning is to make it impossible to comply with these subpoenas where possible by making it so the company itself is unable to decrypt it.
Admittedly this is not really an easy solution with something as open as emails, it's possible within corporations but I don't know of a solution between "random" people.
But outside of email and things that have to be unencrypted for interoperability, everything should be encrypted and inaccessible to the company so this situation is impossible.
I think the ship has sailed on the idea of electing people who will actually care about privacy of their citizens.
If Protonmail, and Apple, and Google, and Microsoft and Phone companies, etc., all, in concert, give some parts of the identity -- the total identity can fairly easily be found.
Both ProtonMail and Apple will challenge subpoenas when they believe they are not valid, however neither company has the final say in the matter and can be compelled to provide access to data that they reasonably have access to. It is up to the user to plan what information they provide to service provides in order to not leave a trail of crumbs, and also evaluate what kind of man-in-the-middle weaknesses a service might have for the possibility of wiretapping. It should go without saying that linking a phone number or back-up email address can be a pretty large crumb.
The learning here is to recognise that these services can be compelled to provide whatever small information that they have reasonable access to, and that this information may be useful in unmasking an identity.
I suppose the second learning is to elect governments which respect democratic freedoms, even if that puts them on the back foot.