Follow

ProtonMail is based in , where cops just raided someone's house at the request of the usa in retaliation for a hack...so wondering what the PM people's cop cooperation situation is like...

@noyovo I looked this up a few months ago and didn't find anything that shocked me enough to want to not use the service, but I would welcome more info from others.

My overall feeling on PM is that if you're using it to communicate with other protonmail users using e2e encryption, then cop raids/data requests don't matter as much because there's less they can hand over. Though I need to check how much metadata they keep--think they're trying to keep that to a minimum but not sure how far along they are with it.

If you're using protonmail to communicate with other email domains outside protonmail then it's a free-for-all anyway, so it doesn't matter then whether cops raid PM or just nicely ask Google or Microsoft or whatever for your email data 🤷‍♀️

Best practice is probably to encrypt emails with your own PGP keys, then it doesn't matter so much which domain you're on/sending to, but that's a faff most users won't want to deal with (understandably).

@noyovo fwiw my understanding is that leaky metadata of emails (subject, recipients) can be just as damning as leaky content when a case is being built against someone, cuz it allows investigators to build up webs of association and all that shit. So no email provider is actually 'safe' to use unless they guarantee that they don't leak or hand over content OR metadata.

@dumpsterqueer Very much agreed. Not too different than how cases are built around phone call logs even if the content of the calls isn't or can't be used.

@dumpsterqueer Hmm. So it's not surprising that they aren't exactly doing principled noncooperation, & not being able to hand over actual emails makes sense, but still..."in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities." That's pretty big.

& the transparency record (it's very good that they have this, btw) shows that they *do* choose not to cooperate with requests that come through the swiss police at times: "In August 2017, we received a request for assistance from Turkish law enforcement authorities that was passed to us through the Swiss Federal Police. We rejected the request on account of the Turkish government’s human rights record and will take the case to Swiss courts if the Turkish government files for an international proceeding."

Given that they didn't use "human rights" as a reason not to collaborate with u.s., uk, & many other imperialist authorities, this means the politics that ground their cooperation choices are pretty bad, apparently. (Didn't they also express support for the HK protests?)

@dumpsterqueer (To be clear, Turkey is a very very openly fascist state, not cooperating with them is good, but all be places they *do* collaborate with fund & back the turkish state, so like…it just reveals the problems with political frameworks that look at countries isolated from their international actions)

@noyovo
This is a nice invitation to stop engaging with states on *their* stated geopolitical terms. We need new language, a different way of seeing landmasses and the institutions that act upon them...🤔
@dumpsterqueer

@olamina @noyovo I worry that eventually nation states are gonna be redefined/reconceptualized BUT it's gonna be done by corporations and not people, which is a v. unsettling thought.

@dumpsterqueer
Yeah I remember listening to a few nightmare scenarios outlined on this episode of Against The Grain https://kpfa.org/episode/against-the-grain-june-11-2019/
possible political futures ☝🏾
@noyovo

@noyovo the fact that they disclose that they sometimes are obligated to monitor ip addresses seems, to me, like a nod towards accessing ProtonMail using a vpn and/or tor. They're not a revolutionary organization in any way, ofc, and totally embedded in capitalist culture, but the existence of the transparency page, the canaries, and the acknowledgement of address monitoring can also (generously) be read as an endorsement of surveillance evasion at least. To me that seems like a good sign, even if they do have to comply with Swiss law to be allowed to operate. So yeah, it's definitely not principled non-cooperation, but I still trust it more than something like riseup.

Also I think there's some kind of argument to be made for the fact that ProtonMail is seen as a legitimate service in some sense, whereas I can imagine a riseup email address is an instant red flag to investigators. Tor tries to encourage people to use it for ordinary stuff too to achieve the same thing. Not sure how effective it is but it's a nice idea.

@dumpsterqueer Agreed, the “legitimacy” of PM is a useful defense, one that frustratingly depends largely upon them doing the exact kind of things we're pointing out as not good, lol. But given that a service like riseup does similar things & is 1) far less widely used 2) has a huge userbase in the country where they keep their hardware 3) has a radical & explicitly political orientation sharper than PM, it does seem better to use PM until better free choices appear yeah.

@dumpsterqueer Another thing about the transparency report - the lack of an update in over a year is concerning, given what we *can* read, namely the spike in law enforcement requests in 2019 & PM's continued policy of overwhelming compliance. Other sites that publish similar reports have also seen spikes in requests while maintaining similar levels of compliance (thinking fb & twitter), so wondering just how different they are than the Big Bad Corporates on this front.

@noyovo *blink* huh. One of Protonmail's Big Selling Points was that Switzerland supposedly /wouldn't/ do things like that.

Sign in to participate in the conversation
Rage.love

Generalist Hometown instance with a strong focus on community standards. No TERF, no SWERF, no Nazi, no Centrist.