this post was submitted on 16 Dec 2023
112 points (98.3% liked)

Australian News

555 readers
103 users here now

A place to share and discuss news relating to Australia and Australians.

Rules
  1. Follow the aussie.zone rules
  2. Keep discussions civil and respectful
  3. Exclude profanity from post titles
  4. Exclude excessive profanity from comments
  5. Satire is allowed, however post titles must be prefixed with [satire]
Recommended and Related Communities

Be sure to check out and subscribe to our related communities on aussie.zone:

Plus other communities for sport and major cities.

https://aussie.zone/communities

Banner: ABC

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] vexikron@lemmy.zip 0 points 11 months ago* (last edited 11 months ago) (1 children)

They advertised that they dont log IP addresses while they were logging the IP address of at least one user.

Then they got caught doing this and did a PR campaign to explain why.

This is duplicitous, false advertising, and lying until they got caught.

Further, due to the nature of warrants, the tech involved, how investigations work, relevant laws blah blah... this means that potentially any user could be subpoenaed by the Swiss gov, and ProtonMail would give out their IP without ProtonMail telling said user. This means any user based in a country that has roughly friendly relations with the Swiss gov is at risk.

I thought a whole point of safe and secure email services is that they are also safe and secure from governments? Most of them are marketed that way.

I dont know about yall, but if they even have the organizational and technical capacity to provide the info they did, they are a piss poor 'private and secure' email provider.

[–] TWeaK@lemm.ee 3 points 11 months ago

It wasn't a PR campaign, they literally just posted an explanation in a single blog post.

They don't log IP addresses in normal operation. However, when they're issued with a lawful court order they have to comply. Swiss law states that they can be compelled to start logging IP addresses with such a court order. Their terms stated the first 2 sentences, but didn't explicitly clarify the 3rd.

This means any user based in a country that has roughly friendly relations with the Swiss gov is at risk.

It absolutely doesn't. France and Switzerland have a special agreement between law enforcement that only covers laws they both have - eg, if you commit a crime in one country that is also a crime in the other, the other country's law enforcement will help. They committed a "crime" (not getting into the merits of the crime and whether it should be one) in France and then went to Switzerland, what they did is also a crime in Switzerland, so Swiss law enforcement got involved.

In any other country Swiss law enforcement would not have been involved in the investigation. Maybe there could be an extradition claim, but that would require significant evidence in advance. In this special circumstance, which is unique to these two countries, Switzerland took part in the investigation to collect the evidence.

Any service provider has to follow the law. Your issue isn't with the service provider, it's with the laws they have to operate under.