Submitted by syster in Privacy

Correcting/Questioning Proton Mail PR:

They say, now they want to help their user base to understand about what Proton Mail protects and for what not. And then they say that there is no possibility that swiss gov could access the encrypted mails.

Under no circumstances can our encryption be bypassed...

If that is true, then this is only because of regulations. But those regulation can change, based on the governments interest.

But they even argue:

...cannot be compromised by legal orders

If you use Proton Mail in the browser, Proton Mail is in control of the code base and so in control which keys you'll use to encrypt your mail. If they would receive a legal binding order to inject encryption keys that belong to them or the cops, they can do so, and read any future email you write. If they want to read any future message you write, they can do so.

I don't know if this ever happend, or is going to happen to anyone anytime soon. Privacy is a commodity of Proton Mail, so they gonna obviously serve that well better then any company whose commodity is advertisement and mass surveillance. If your life depends on e2ee, use e2ee that is controlled by your machine, and verify if the keys you hold are owned by the person you send the message to.

There was no legal possibility to resist or fight this particular request.

I'm not familiar with the swiss legal system, but can't you apply to court if you believe something is unjust? There are urgent orders you have to comply, but you can still appeal to court to question the legality of that order. That does not revert what have been done, but it is part of fighting against authoritarian orders that try to crack down on the climate justice movement.

Every court process is a spectacle around authority and obedience. Moral aspects are always secondary in every court process. Your appeal to court, could have been an act of solidarity, to make it even more visible how this authoritarian forces are among the reasons, that we are where we are, and that they aim to gain power over the climate justice movement, so that their authority will not slip through their fingers.
Because that is what climate justice is about. Building power to conquer this authoritarian reality that values profit over non-human animals/humans and plants and to be in solidarity and complicity with those threatened by it. And to do this, from where ever you are, what ever social position you are in, based on your capabilities, needs and desires.

As stronger the movement gets as more frightening it become to the legitimacy of the current order, and so it forces the legislation/judiciary to find compromises. Questioning in a politicized court process the legitimacy to fight climate justice activists, while they are supporting and protecting those responsible for climate change, is part of pushing the government to accept compromises towards climate justice.

People are dying because of the climate catastrophe. What are you willing to risk to fight back?

Write a blog post how you can't do anything beside being sorry? If you can do better, do better!

this is their PR: protonmail.com/blog/climate-activist-arrest/

7

Comments

You must log in or register to comment.

Zerush wrote

Any page or web service, however private, is obliged to reveal user data in the event of a legal requirement for a crime. The underlying problem is this. Even if the page is denied it can be closed by government order. Another thing is the justification of a crime, which depends on the local legislation, which of course can be debatable. Proton has no other choice than to abide by current legislation, if it does not want to risk its own existence. That is, what should be questioned in the first place is not Proton, but the legislation regarding this activist.

2

syster OP wrote

That is, what should be questioned in the first place is not Proton, but the legislation regarding this activist

Yes, those who created that order should be questioned first place, but that doesn't give proton mail a free pass.

This habit of "just use use our service and your are safe", brings people at risk. It is ProtonMail's responsibility to change that.

They argue they improve on that matter, in the same text say claim that their e2ee is bullet proof. But that's just not true. If they receive an order to inject keys, they gonna do that too. And they will claim again that they couldn't do something about.

They can do something about: inform the users.

Not doing this is the fault of ProtonMail, and only the fault of ProtonMail

7

Zerush wrote (edited )

Right, but Proton can't say no to the orden and also can't inform the user of this before, because no knows the reason of the orden and the subject can be a real criminal or terrorist. Inform them is helping to escape which then is also a big problem for Proton. Not so easy. With a judicial reason they can also intercept your cards, packages and other physic mail in your Poststation, what otherewise isn't possibleThey then also don't inform you of a criminal investigation. They even can intercept messages in the onion if they want, more than 3000 closed pages in the DW in the past by law, prove this. For some reason drug lords continue to use paper notes to communicate.

2

syster OP wrote

What I mean with?

They can do something about: inform the users.

This: Generally educate users about OpSec.

Like:

Dear user, we can inject keys and we can log your IP. If that brings a risk to you, do this and that.

5

syster OP wrote

more than 3000 closed pages in the DW in the past by law,

what is it you are referring to?

I read claims that agencies like NSA can maybe decrypt sometimes SSL and that some patterns can be gained from analyzing PGP encrypted text. But then there is Double Ratchet Algorithm and similar, and it doesn't seem reasonable that anyone can decrypt it.

4

Zerush wrote

Don't underestimate the possibilities of state agencies against cybercrime. To remember, the onion network and the encryption techniques, together with TOR are creations of the US defense and the NSA and they have enough tools to control it, this and it is independent of the personnel that infiltrated participates and moves through these networks.

As someone said, there are drug lords, mercenaries, arms dealers and 14-year-old girls from the FBI.

I already said on another occasion, there are good reason why the mafias continue to use paper notes to communicate, because communications over the network are never secure.

4

syster OP wrote

and they have enough tools to control it,

nope they don't. In order to believe some single entity could control the Tor network, you need to believe that some power holds some hegemony. Just take China and Russia for example. They follow their own interest, and will make their own decisions. Sometimes they will be align to US politics sometimes they oppose it. They want to hand over to the US the power to spy on everyone running Tor? I don't believe that.

Snowden used Tor to leak NSA files. The NSA only learned about it after it went public.

If I remember correct, Chelsea Manning also used Tor, and the agency did not know who it was, until Chelsea Manning admitted this themselves.

The sate want us to believe they have omnipresent power, to make us afraid, to make us believe it's hopeless, to make us believe it's pointless to even try having private spaces online.

If you think it's pointless to even try to protect privacy, you won't start to educate yourself how to gain it. And that's in the interest of those agencies in question. This narrative is part of their power.

5

Zerush wrote

No, I don't think that is pointless to protect the privacy, but I think that it is only possible to avoid the surveillance to a certain level, 100% privacy don't exist in the same moment when we connect to the internet. With our humble PCs, the possibilities of protecting privacy are always limited to patching the biggest holes with the current tracking technologies that exist and that are used by the big companies, which are now even starting to use Quantum computers (Google, Facebook, IBM, also secret services in several countries). Privacy protection.......? Also a difference if you a simple user or if you are targeted by the secret services, that you have a good privacy in the onion don't guaranted that also Snowden has a good privacy in the onion if he is the target object of the secret service.

That they have the ability to track and monitor a user does not mean that they do so with a billion users, when there is no need for it. That they do not know what you do in the DW, if you are not a person wanted for a crime, it is understood.

3

Zerush wrote (edited )

"Dear user, we don't inyet keys and don't log your IP, but we have to do it if there is a court order to do so." Something like this exists in any TOS and PP of any service or app, but this nobody ever bothers to read when registering.

The one of Mozilla https://i.imgur.com/A4zMEGo.png

3