It’s not a stupid question. But to think that it will make people more safe is double think. Right wing dictorship is on the rise across Europe and the World. No-one knows the future, but it’s sure looking bleak. We are all making ourselves less secure to the future.
And with AI… ooft. AI will get to a point where it takes over, and decisions like these help it to. We are destroying our future fast.
PGP encryption should be taught in school. Ingrained.
Data privacy used to be trampled on with the fear of ‘terrorism’, but the Americans blasted the airwaves with the word so much that it diluted the word to the point it instills zero fear.
Now the new words of the times to trample on privacy is CSAM.
And like utter fools, the public fall for the same crap time and time and time again.
The truth is, the world will always be shit and have shit people in it. Those shit people will do shit things.
It’s a fight over your soul now. And the AI is going to love love love everything it has on every single person on the planet. I can’t wait for the AI to come for us all - we are collectively just awful (and I believe we the west are probably more awful to humanity than even the Chinese, Israel or the Russians, and that is saying something).
Please give examples of how the authoritarian, repressive, conformity-demanding CCP is less awful and soul destroying than Western democracy, as flawed as it is.
No need to compare to China, the German authorities can be repressive, they do search your home if you call an official a penis. Home searches are done casually because the judicative branch is overworked, neglects its responsibility and just waves such demands through. You lose your electronics and maybe your property gets damaged. Of course for a developer your electronics might be quite valuable as well.
With a mechanism like this, this probably will increase further, apart of course for the unjust violation of privacy and even dignity. This is a law that contradicts the constitution very directly.
Also, this is policy that was not brought through democracy. It was created by European Commissioners that only have a very low democratic legitimacy for far reaching policies like this.
It would be a disaster for the EU and all its citizens if this comes through and everyone will loose.
Want to check how many died in Iraq, Afghanistan, Libya and Syria between 2001 and now as a direct consequence of Western military action, versus how many people the PLA killed in foreign interventions in the same period?
Hint: the former - hundreds of thousands, the latter - zero
> Mao's policies were responsible for a vast number of deaths, with estimates ranging from 40 to 80 million victims due to starvation, persecution, prison labour, and mass executions, and his government has been described as totalitarian.
I guess according to you killing your own people shouldn't be counted.
Interesting you claim Trump is a dictator, you must’ve forgotten the attempts by the left here to remove parts of our constitution, including for free speech and consistently remove freedoms when one person screws it up. Another example, every car having interlock devices.
Mao Zedong's CCP is as relevant to the present discussion as say Adolf Hitler, US treatment of Native Americans or British/French/Spanish colonialism. All awful, yet not awfully relevant.
And indirect, through the use of manufactured ‘uprisings’ which the West are great at.
But really, you can go back many more decades than that. Innocent lives are not something the West (especially USA) have historically valued.
I hate bashing the West all the time, but come on, we aren’t the good guys in the world. And it’s time we own up to who we are. I have ffs. And I do wonder if the world would have been a more peaceful place if we collectively had more soul.
Germany committed the Holocaust in my country. They murdered more than 100k of our citizens. And even more died in the WW2 that they started. But now we are in the same political, military and currency union with them, because countries and their ideologies change.
> and I believe we the west are probably more awful to humanity than even the Chinese, Israel or the Russians, and that is saying something
This is a wild POV to hold and one I'm pretty disappointed to hear on HN. You'd really prefer a world of Russian hegemony over NATO? My cousins in Ukraine would be shocked to hear otherwise smart people cheering on a regime which the rest of the civilized world has broadly condemned.
You serious? I nearly cried watching what was happening in Ukraine early in 2022.
You are making bad assumptions here.
But if you want to put it into perspective… think about what is happening in Gaza. Now compare to Ukraine. Russia has plenty of missiles and by comparison (even while absolutely awful) have shown much more restraint. I don’t support them at all though!
Russia is showing restraint because they’re fighting a war of attrition, are the invading force, and believe they have something to prove with a win. Israel is removing a terrorist organization from the face of the earth.
Listen, if you don’t trust their ProtonDrive - GPG encrypt before uploading. If you don’t trust their email, GPG your message and paste it in or include as an attachment. There are a lot of ways to be able to use proton without trusting them… and if you are an activist of any sort, like just stop oil or cnd, then I am sure they will be doing all of that.
I am not an activist so I don’t need to jump through such loopholes.
I don’t despise proton as much as I despise most of Silicon Vally though. I just hope they fight every single court order, because there will be lots of good people being targeted. However, I reckon that is wishful thinking.
I have been with Protonmail since 2014. And I feel that they are essentially now the same as any other company which makes loads of dollar - they give up their values.
Don’t get me wrong, I have multiple ‘Visionary Accounts’ but I have just no expectation of them protecting my data completely.
How do they get peoples passwords / keys? Easy. They just wait for you to log in and they swipe it then. It’s targeted.
They are a perfect example of why you cannot really trust any company selling ‘privacy’, like Apple, Mozilla and whoever else fakes it. Even TOR to a degree is a pile of pish because all the relays can be hosted on mostly American VPS companies… so although the rest of the world would struggle detecting who people are, five eyes are in an excellent position to be able to unmask. It’s intended for the Five Eyes spies to hide among - they need the randomers on there or it’s a useless tool for their global spies to use - I don’t think enough people actually realise that.
No, in fact we have no way to decrypt the emails on our servers, nor can we share them in an unencrypted format with any third parties (law enforcement included). All the data requests we comply with only include metadata which needs to remain unencrypted for the services to function properly.
Besides, none of it really matters when their customer service backdoor lets you into an account if you can enumerate recent emails that account has received. I'd never trust anything serious with Protonmail. (Try it)
I don’t see there customer support call as a recovery method. I‘d expect that for paid accounts you could theoretically verify your identity to CS via payment, but in that case you lose the data anyway.
Even if the attacker cant decrypt existing e-mail the concern is by hijacking the account they can intercept future e-mail received such as password resets.
Some searching finds this comment. [1] I would be interested if such a password reset were possible against someone who for instance had 2FA enabled, no recovery information and only accessed their account using the Tor onion-service. ;-)
Tor onion service relays are mostly on VPS. And those VPS are mostly American.
The number of tutorials I have seen about spinning up a tor relay on a VPS is crazy. These tutorials are probably written by three letter agencies - though I have no proof.
Regardless, protonmail doesn’t let people register when connecting with Tor unless you use phone number or card to make a payment. You will have to give up something which identifies you, and so it really doesn’t matter when you connect with Tor after you have already registered - there is a way to connect who you are.
Traffic of onion-services is encrypted. Traffic correlation to deanonymize the client can still be theoretically performed but ultimately you need to draw the line in the sand somewhere.
> Regardless, protonmail doesn’t let people register when connecting with Tor unless you use phone number or card to make a payment
Actually if you attempt enough times you will get the option to verify the registration with an e-mail. And they are rather liberal with which options they accept. So it is not exactly a circular dependency.
From there is it an exercise to the reader to create an account not linked to any other identity.
Valid point, however that happened at least 5 years ago. Proton was smaller. I don’t know if this is still the case for today: I would expect that they continuously improve security of user accounts as they grow.
Your link doesn't apply here. The attacker's recovery process is to just send an email to support@protonmail.zendesk.com and start flapping their gums.
It doesn't matter if you lose data. If you control an email address, you get all future email including forgot-my-password emails.
Honestly, if you try it, you will find it doesn't really work this way. A lot of heuristics are used for recovery, many which are not visible to the outside for security reasons. Also, data recovery is never possible because of the use of zero access encryption.
Protonmail's customer service agent CCed my recovery email (me) in the email thread where the attacker was social engineering them. And the attacker was successful until I had to reply to the email chain myself to tell them to stop.
And yes, signing up to Home Depot's email newsletter and other services so that they could tell the customer service agent "my last few emails were from Home Depot and ..." was successful against their customer support system. That's just how amazing it is.
Finally, I don't expect the social media guy running protonmail's HN account to give us much insight into protonmail's customer support security issues, but if you're going to show up, I would've at least expected you to forward my email somewhere for follow up.
Just providing the information on the most recent correspondents is never enough to provide access to a Proton account. Please share your support ticket number with us so we can see what happened exactly.
Are you aware of a better alternative? I am trying to see if I should commit to using Proton or not. I am just a normal users who do not want to be tracked or my data used. Maybe Proton is still very decent for that
It reminds me.. when someone is cheating on a partner, they are more likely to think they are being cheated on too. I have experienced this, being accused non-stop when actually they were the one cheating all along.
Just because USA likes tampering with proprietary code and using NDA’s with Silicon Valley to bug just about anything they want (because they can), that paranoia consumes them that other countries are doing the same.
> Just because USA likes tampering with proprietary code and using NDA’s with Silicon Valley to bug just about anything they want (because they can), that paranoia consumes them that other countries are doing the same.
During times of war, other countries absolutely do the same.
Who said I'm trying to justify anything? I don't think it is justifiable to do during peacetime.
But obviously an existential crisis is not the time that many governments stand on their principles, which is why 'war powers' tend to be justified under extenuating circumstances when countries end up at war.
There is no question, if there is another major war between world powers, they will invoke the authority to compel their industries to cooperate with the effort. If they don't, they'll quickly cease to exist.
I did not know this, but I knew that tomatoes taste superior when left out of the fridge. The strange thing is when the packaging on tomatoes says to store in the fridge.
Is something like that really that necessary though, sure it has a lot of features but for a simple router it takes 15mins to follow a guide on openbsd.org to set up a simple router which works really well and is really secure.
Given GP's question, they're likely not someone who would spontaneously whip up an openbsd router.
Maybe they don't care to fiddle with a command line, read up on dhcp servers, ipv6 router advertisements, pf configuration and what have you. In such a case, throwing opnsense on some machine, clicking around on three pages and calling it a day isn't that bad.
The experience is close enough to an off-the-shelf router (except for the installation part), all the while getting a much better security situation.
For SSH, changing to a random port number resulted in zero connection attempts from bots for months on end. It seems bots just never bother scanning the full 65535 port range.
For most of my VMs there's no ssh running. I use wireguard to connect to a private IP. I haven't done this on the bare metal yet but I might. Though barring exploits like we had recently nobody is getting into a server with either strong passwords or certificates. Fail2ban in my eyes is a log cleaner. It's not useful for much else.
Wow. The user agent they are using is so shady. But I am surprised they thought someone wouldn’t do just what the blog poster did to uncover the deception - that part is what surprises me most.
Other than being unethical, is this not illegal? Any IP experts in here?
And with AI… ooft. AI will get to a point where it takes over, and decisions like these help it to. We are destroying our future fast.