this post was submitted on 19 Feb 2024
95 points (100.0% liked)

Privacy Guides

16796 readers
3 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 

From 2019, but still [this fullstop signals not only the end of that sentence, but also the end of this statement]. And here [those two words indicate that new information/context is being added; it is being indicated that we now no longer talk about the article, which the uneditorialized post title references and the post link leads to] something a bit more recent about the glorious “swiss privacy” [this makes it further clear that the following is about swiss privacy in general and not about Proton] https://www.republik.ch/2024/01/09/der-bund-ueberwacht-uns-alle

key points

[they were added because the main article is about Proton and written in english and because OP assumed that most in here are unable to read german and care less about general swiss privacy than they do care about Proton]

  • New reporting based on documents and court records shows that since 2017, the internet traffic of Swiss citizens has been massively monitored and read when it crosses borders, which happens routinely even for communication within Switzerland.

  • The intelligence service's claims that purely domestic Swiss internet traffic is collected are false, given how internet routing actually works. Traffic flows across borders dynamically, not through static "cables" as claimed.

  • All data is stored and searched, including retrospectively, meaning the intelligence service builds an ever growing haystack of private communication to dig through. This includes communication from journalists and lawyers that should be protected.

  • In 2023, steps were taken to expand monitoring further by requiring more Swiss internet providers to enable access to their infrastructure, including providers that don't directly deal with cross-border traffic. This contradicts previous claims about how the monitoring would work.

  • Critics argue this invalidates assurances given earlier by the government and intelligence officials and constitutes mass surveillance that violates civil liberties. There are plans in 2024 to revise the intelligence law again, possibly to retroactively legalize monitoring practices already occurring.

all 33 comments
sorted by: hot top controversial new old
[–] [email protected] 33 points 8 months ago (1 children)

That's why you should always use E2EE if you want something to stay private

[–] [email protected] 27 points 8 months ago* (last edited 8 months ago) (2 children)

sure, but also

„We kill people based on metadata.“ Michael Hayden, NSA

[–] [email protected] 4 points 8 months ago (2 children)

What does this mean? That people are targetted based on who they're talking to instead of what they're saying?

[–] [email protected] 2 points 8 months ago

basically.

even minimal metadata for example from signal contains

Message dates and times

Message senders and recipients (via phone number identifiers)

From these 2 pieces of information, its possible to build social graphs: who talked to who, and when they did it. Also, who's in a group chat with who else.

https://github.com/dessalines/essays/blob/master/why_not_signal.md#why-not-signal

(worth to read in full)

[–] [email protected] 2 points 8 months ago

OFF WITH HIS HEAD

[–] [email protected] 24 points 8 months ago (1 children)

How PM voluntarily offers any assistance? Key points don't mention PM at all.

[–] [email protected] 6 points 8 months ago (1 children)

read the article, the keypoints have nothing to do with proton or the posted article. i just tried to add more context and illustrste that "swiss privacy" is an empty marketing phrase, like "military grade security" etc.

[–] [email protected] 22 points 8 months ago (1 children)

If your key points aren't about Proton, why is it in the title?.

[–] [email protected] 1 points 8 months ago (1 children)

😒 if people comment, why do they not read the post or the linked article?

[–] [email protected] 16 points 8 months ago* (last edited 8 months ago) (1 children)

If the title and the key points don't match each other, why would I then go and read an archive of a translation of the 5-year-old article they are supposed to represent

And if they don't represent the article, why would you bother writing them without making that abundantly clear

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago)

Thanks for your feedback, I tried to clarify it a bit, the post title, however, cannot be changed because of rule 7.

[–] [email protected] 17 points 8 months ago (2 children)

Ok isn't there still TLS encryption on top? Even if the Swiss Government were to tap ISP routers they won't see much.

[–] [email protected] 7 points 8 months ago

my inability to answer that question makes me consider to apply for a job in the swiss secret service.

[–] [email protected] 1 points 8 months ago

Isn't tls just strong enough that by the time it takes to crack a packet its contents will be irrelevant? If they're keeping past records they could focus on key connections and hope to stumble on something important

I might be thinking of something else

[–] [email protected] 14 points 8 months ago

Jezus Christ, what a misleading post. This only has to do with Proton in the sense of:

"Company doesn't move country after information becomes public that state intelligence is as scummy as that of neighboring countries."

This does not imply Proton to be involved or offer assistance. This does not mean it invalidates Proton's use of Swiss privacy as a selling point. It's better than what you get in many countries. Sad? Sure, but that's where we are, currently.

Privacy on the internet can hardly ever be guaranteed, there's just best case scenarios on an individual level. Be critical of the companies you trust with your data, obfuscate what you can, use secure connections and encryption where possible, be smart with what you share and pray you never become a target for state intelligence. That's the most attainable level of privacy for most of us.

These types of defamatory posts seem like personal attacks born from personal disillusionment and a flawed understanding of either the tech, the laws governing it or the political context around it.

Lastly, if you feel passionate enough to be an activist, attack the system, not the cogs.

[–] [email protected] 9 points 8 months ago (1 children)

As a paying customer, i wanna hear from the other side, plus wanna see if this ping works across ActivityPub services, pinging @[email protected]

[–] [email protected] 31 points 8 months ago* (last edited 8 months ago) (3 children)

@jherazob @birdcat

The website linked above is filled with false information. We have in fact attempted to reach the author and clarify this, but haven't heard back. Some of the points have been clarified here: https://web.archive.org/web/20210727224547/https://serpentsec.1337.cx/i-was-asked-to-review-an-article-from , as well as in direct communication with our users: https://www.reddit.com/r/ProtonMail/comments/d58cq1/protonmail_questions_and_concerns/

Regarding the recent revelations about surveillance, Proton users are not impacted, because we aren't considered a telecommunications service: https://proton.me/blog/court-strengthens-email-privacy (1/2)

[–] [email protected] 2 points 8 months ago

can you also give a response to the "Addendum 2" in the article?

[–] [email protected] 1 points 8 months ago (1 children)

and sorry but how is this not false advertising? https://proton.me/blog/switzerland

[–] [email protected] 8 points 8 months ago (1 children)

@birdcat Please read the edited version of our response above, and accept our sincere apologies for sharing some links that were irrelevant to your original concerns: https://mastodon.social/@protonmail/111958985077770856.

The benefits of running Proton's services under Swiss legislation described in the article above remain correct.

[–] [email protected] 2 points 8 months ago

Thanks, appreciate it. And just to be clear, i found this article on the internet and thought its interesting to share with a community who claims to care about privacy; it was not meant to be a slander attack or anything, and I remain like 80% sure that youre not CIA 😜

[–] [email protected] 5 points 8 months ago* (last edited 8 months ago) (1 children)

Not to invalidate your argument (it's still pending in EuGH) but germans BND scandal was about wayy to extensive selectors for NSA on europe's main internet node RIPE. They just made it legal afterwards. My point is, be it swiss or german + US government...

[–] [email protected] 1 points 8 months ago

geeat website, thanks!

[–] [email protected] 2 points 8 months ago

So, I've been in touch with some privacy advocates who I know do their research and that I trust the opinions of, and this article is bullshit.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

I have a question for eople who know what they're talking about: should I switch back to Tuta? Or Disroot? Or join a tilde/pubnix?

I'm not a criminal, if it matters.

EDIT: Proton is still fine to use. This article is absolute bullshit.

[–] [email protected] 1 points 8 months ago (1 children)

Can someone answer this from the "I am a criminal, if it matters" side as well?

Let's not be biased now.

[–] [email protected] 2 points 8 months ago (1 children)

If you are a criminal (or are being treated like a criminal by a hostile government), use I2P Mail. It is self-hosted over I2P (Invisible Internet Project), which can make you more anonymous than even Tor (provided you don't leak personal information by other means).

https://en.m.wikipedia.org/wiki/I2P

[–] [email protected] 1 points 8 months ago (1 children)

Thanks I forgot I2P had email and all the extra stuff. Do they have inproxies and outproxies or do both sender and receiver have to use the i2p service?

[–] [email protected] 2 points 8 months ago (1 children)

You know, I never found out. I never used the email service. In fact, the only thing I really used I2P for was accessing one of the Invidious instances hosted over there.

However, I follow a channel on PeerTube which did a few videos on I2P.

[–] [email protected] 1 points 8 months ago

That's a great tip. Thanks ✌🏼