• digital_alchemist@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      15 hours ago

      Public statements of support from its CEO for a regime actively weaponizing technology to build a mass-surveillance state.

      Removing its no logging policy after being compelled by court order to log and disclose a user’s IP and browser fingerprint.

      Personally, I gave up on Proton after they amended their TOS to include a mandatory arbitration clause, including a ban on class action lawsuits. IMO only the dirtiest of corporations rely on mandatory arbitration clauses. Without the spectre of a class action lawsuit, if a VPN were to get caught breaking its promises to its users, the only real damage the company would likely suffer would be reputational. These are for-profit corporations. The only way we can hold them accountable is to put their profits at risk.

      edit: looks like @oce beat me to it

      • caschb@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 hours ago

        I do wonder what could they have done in the email case? I don’t think that there’s any country where they could just let you not comply with a court order. And due to how email works they can’t just encrypt the subject lines or the sender/receiver.
        In that one case I lean more into pointing more fingers to the Swiss government, rather than to proton. They’re still not blameless tho, maybe they could have used some sort of canary to let people know they were being surveilled, and be more clear on how to avoid these situations.

        • rumba@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 hours ago

          Don’t log it, you can’t be compelled to hand over data you don’t have. They said outright that they didn’t log it.

          Run SMTP purely on IO sockets. Don’t make files. You draft your email into your own cryptographically secure blob, When it’s time to send it, you fire it through an SMTP daemon built to use memory only, once it’s gone it’s gone. If the govt wants that data, they can go to the ISP for it. Maybe it communicates securely with SMTP servers set up in countries that are actually good at observing privacy.

          Good Guy security provider could also terminate your account or lose your password.

          The thing is, they oversold their security. They’re STILL overselling their security. The release rabid PR dogs / Trolls out there to discount/discredit people bitching about the situation.