ProtonMail logged IP address of French activist after order by Swiss authorities
What are our options here? Obviously we don't want to leave ourselves open to a possible covert LE operation based solely on the judgement of Swiss authorities.
Are there services, maybe Tor based, that keep no logs whatsoever under any condition? Or maybe the smart thing to do would be to set up any and all less than legal activities up through Tor and only access these services in the same manner?
@anarchoN3rd @thenewoil
Using TOR would give him more protection from being uncovered.
Although troubling that the Swiss authorities would give in to a request like this, this is a lesson to anybody with this threat model. Email can only ever achieve certain levels of protection. They should switch to XMPP or another protocol.
@krock @thenewoil it seems like Protonmail is pretty open about the fact that they must comply with Swiss authorities. I had assumed safety myself as well, but clearly I was mistaken. I guess we can take this as a lesson in reading between the lines and using the right tools, as well as never assuming a company has found an actual way to subvert the system.
@anarchoN3rd @thenewoil I use both Proton VPN and mail, but if my threat model changes, I will switch VPN and keep Proton mail.
Even though I think it important to help my friends and family with the tools, I stress it much harder with my activist friends.
@krock @thenewoil absolutely. I'm still working on eliminating Google from my life so I don't feel right preaching to people yet, but I'm setting up to self-host nearly everything and anything I can't (or am too lazy to...email) will soon be open source only.
As for Proton, it just won't be as useful as I had hoped. It's still way better than gmail. I have a VPN account, but it's slow. I haven't committed to premium yet and probably won't after this.
@anarchoN3rd Any mail provider is subject to the laws of the country in which they operate and host. I blame Swiss legal authorities here more than Proton.
Self hosting is a challenge, but some solutions exist to make it easier such as https://arstechnica.com/gadgets/2018/12/review-helm-personal-server-gets-email-self-hosting-almost-exactly-right/ Big providers like Proton handle much of the admin that some of us are a little too busy to deal with. Email can only ever achieve certain limits of privacy. Other protocols are much better.
