Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
petcat a day ago

> The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties.

Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?

Although I guess the server location didn't matter in this case since all they wanted was the billing information and the credit card info to identify the person.

elashri a day ago | parent | next [-]

> Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?

They said they want to relocate to Germany which I would say in a polite way, is much worse in this regard.

spelk a day ago | parent [-]

In what sense? Germany has among the strongest judicial oversight for invasion of privacy in Europe. Due process is followed when securing search warrants that provide access to subscriber data (Germany does not have administrative subpoenas like in the US and other countries).

Former attempts at surveillance have been struck down in the Bundesverfassungsgericht, and the right to privacy has even been affirmed for foreigners (as opposed to other countries like the US that reserve that foreign nationals have zero due process rights for invasion of privacy).

wolvoleo a day ago | parent | next [-]

Germany has strong privacy protections against businesses. But not against the state as they consider themselves above suspicion.

spelk a day ago | parent | next [-]

Is this a gut feeling, or is there a basis for this claim? My comment referenced solely due process in relation to the state.

wolvoleo a day ago | parent [-]

Yes I've seen many news items about laws being introduced that were pretty invasive.

https://www.hrw.org/news/2021/06/24/germanys-new-surveillanc...

https://www.heise.de/news/Ausweispruefung-bei-Prepaid-SIMs-N...

https://netzpolitik.org/2016/projekt-aniski-wie-der-bnd-mit-...

brookst 20 hours ago | parent | next [-]

Introduced or passed into law?

ulfw 19 hours ago | parent | prev [-]

What does having to show an ID when registering a SIM card have to do with privacy of emails?

wolvoleo 6 hours ago | parent [-]

I'm talking about digital privacy in general. In many countries (like in Holland) this is not a requirement.

Also Germany was a big proponent of ChatControl, until they swerved at the last minute. Holland was against it every time.

vanderZwan 13 hours ago | parent | prev | next [-]

> But not against the state as they consider themselves above suspicion.

That's a statement that I expect to infuriate just about everyone who lived in Eastern Germany, how do they get away with that argument?

dash2 18 hours ago | parent | prev [-]

[flagged]

whilenot-dev 17 hours ago | parent [-]

Instead of posting "I googled sources and can confirm" please post your sources so everybody can confirm.

dash2 16 hours ago | parent [-]

I do not think it is too much to ask someone to type “German court strikes down surveillance“ into Google. Here is the link though: https://www.google.com/search?q=German+court+strikes+down+su...

RandomGerm4n 17 hours ago | parent | prev | next [-]

Germany is an absolutely terrible choice for this. Other Email providers such as Tuta which also offer encrypted emails, were forced to install a backdoor. As soon as the police arrive, every future email sent to the account in question is copied unencrypted without the person being informed. This is much worse than passing on payment details or stored backup email addresses, as Proton Mail is required to do in Switzerland.

piaste 16 hours ago | parent [-]

> Other Email providers such as Tuta which also offer encrypted emails, were forced to install a backdoor. As soon as the police arrive, every future email sent to the account in question is copied unencrypted without the person being informed.

Important caveat: Tuta was required by a court to provide police with access to a customer's _unencrypted_ emails (ie regular SMTP mail). The police had also asked for a backdoor to Tuta's E2E emails, and that request was rejected by the courts.

RandomGerm4n 15 hours ago | parent [-]

But the idea behind Tuta and Proton is that emails are encrypted when they arrive in the inbox. The fact that emails sent between Tuta users are still safe offer little added value because distribution is far too limited. The reason people choose such a provider is that they do not want the authorities to have access to their mailbox, but this is undermined by a backdoor. Switzerland is much better off in terms of the legal situation in this area.

coldtea 15 hours ago | parent | prev [-]

In the sense that it's a joke that caves in to the flimsiest pressure from a certain superpower. Although pressure is a bad choice, it's more like it's a wholy owned subsidy.

pjmlp 10 hours ago | parent | prev | next [-]

No goverment is to be trusted if that is the main point.

VWWHFSfQ a day ago | parent | prev [-]

> prides itself both on its end-to-end encryption

Their end-to-end encryption is pointless because the vast majority of any recipients will just leak the plaintext emails via their own account providers anyway. It only works under very specific circumstances (all parties are using it). I think their marketing overstates what their secure private email actually means.

njarboe 18 hours ago | parent [-]

Yes. If you send an email from a protonmail account to a gmail account that email is in google's system. Same if in the other direction. Would anyone using protonmail not know this. I would guess at least 99.9% of proton users understand this.