from Captainautism@lemmy.dbzer0.com to technology@lemmy.world on 13 Sep 00:47
https://lemmy.dbzer0.com/post/53172821
cross-posted from: ibbit.at/post/52938
The company behind the Proton Mail email service, Proton, describes itself as a “neutral and safe haven for your personal data, committed to defending your freedom.”
But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists’ accounts were eventually reinstated — but the reporters and editors involved still want answers on how and why Proton decided to shut down the accounts in the first place.
Martin Shelton, deputy director of digital security at the Freedom of the Press Foundation, highlighted that numerous newsrooms use Proton’s services as alternatives to something like Gmail “specifically to avoid situations like this,” pointing out that “While it’s good to see that Proton is reconsidering account suspensions, journalists are among the users who need these and similar tools most.” Newsrooms like The Intercept, the Boston Globe, and the Tampa Bay Times all rely on Proton Mail for emailed tip submissions.
Shelton noted that perhaps Proton should “prioritize responding to journalists about account suspensions privately, rather than when they go viral.”
On Reddit, Proton’s official account stated that “Proton did not knowingly block journalists’ email accounts” and that the “situation has unfortunately been blown out of proportion.” Proton did not respond to The Intercept’s request for comment.
The two journalists whose accounts were disabled were working on an article published in the August issue of the long-running hacker zine Phrack. The story described how a sophisticated hacking operation — what’s known in cybersecurity parlance as an APT, or advanced persistent threat — had wormed its way into a number of South Korean computer networks, including those of the Ministry of Foreign Affairs and the military Defense Counterintelligence Command, or DCC.
The journalists, who published their story under the names Saber and cyb0rg, describe the hack as being consistent with the work of Kimsuky, a notorious North Korean state-backed APT sanctioned by the U.S. Treasury Department in 2023.
As they pieced the story together, emails viewed by The Intercept show that the authors followed cybersecurity best practices and conducted what’s known as responsible disclosure: notifying affected parties that a vulnerability has been discovered in their systems prior to publicizing the incident.
Saber and cyb0rg created a dedicated Proton Mail account to coordinate the responsible disclosures, then proceeded to notify the impacted parties, including the Ministry of Foreign Affairs and the DCC, and also notified South Korean cybersecurity organizations like the Korea Internet and Security Agency, and KrCERT/CC, the state-sponsored Computer Emergency Response Team. According to emails viewed by The Intercept, KrCERT wrote back to the authors, thanking them for their disclosure.
A note on cybersecurity jargon: CERTs are agencies consisting of cybersecurity experts specializing in dealing with and responding to security incidents. CERTs exist in over 70 countries — with some countries having multiple CERTs each specializing in a particular field such as the financial sector — and may be government-sponsored or private organizations. They adhere to a set of formal technical standards, such as being expected to react to reported cybersecurity threats and security incidents. A high-profile example of a CERT agency in the U.S. is the Cybersecurity and Infrastructure Agency, which has recently been gutted by the Trump administration.
A week after the print issue of Phrack came out, and a few days before the digital version was released, Saber and cyb0rg found that the Proton account they had set up for the responsible disclosure notifications had been suspended. A day later, Saber discovered that his personal Proton Mail account had also been suspended. Phrack posted a timeline of the account suspensions at the top of the published article, and later highlighted the timeline in a viral social media post. Both accounts were suspended owing to an unspecified “potential policy violation,” according to screenshots of account login attempts reviewed by The Intercept.
The suspension notice instructed the authors to fill out Proton’s abuse appeals form if they believed the suspension was in error. Saber did so, and received a reply from a member of Proton Mail’s Abuse Team who went by the name Dante.
In an email viewed by The Intercept, Dante told Saber that their account “has been disabled as a result of a direct connection to an account that was taken down due to violations of our terms and conditions while being used in a malicious manner.” Dante also provided a link to Proton’s terms of service, going on to state, “We have clearly indicated that any account used for unauthorized activities, will be sanctioned accordingly.” The response concluded by stating, “We consider that allowing access to your account will cause further damage to our service, therefore we will keep the account suspended.”
On August 22, a Phrack editors reached out to Proton, writing that no hacked data was passed through the suspended email accounts, and asked if the account suspension incident could be deescalated. After receiving no response from Proton, the editor sent a follow-up email on September 6. Proton once again did not reply to the email.
On September 9, the official Phrack X account made a post asking Proton’s official account asking why Proton was “cancelling journalists and ghosting us,” adding: “need help calibrating your moral compass?” The post quickly went viral, garnering over 150,000 views.
Proton’s official account replied the following day, stating that Proton had been “alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled. Our team is now reviewing these cases individually to determine if any can be restored.” Proton then stated that they “stand with journalists” but “cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.”
Proton did not publicly specify which CERT had alerted them, and didn’t answer The Intercept’s request for the name of the specific CERT which had sent the alert. KrCERT also did not reply to The Intercept’s question about whether they were the CERT that had sent the alert to Proton.
[
Related
Proton Mail Says It’s “Politically Neutral” While Praising Republican Party](theintercept.com/…/proton-mail-andy-yen-trump-rep…)
Later in the day, Proton’s founder and CEO Andy Yen posted on X that the two accounts had been reinstated. Neither Yen nor Proton explained why the accounts had been reinstated, whether they had been found to not violate the terms of service after all, why had they been suspended in the first place, or why a member of the Proton Abuse Team reiterated that the accounts had violated the terms of service during Saber’s appeals process.
Phrack noted that the account suspensions created a “real impact to the author. The author was unable to answer media requests about the article.” The co-authors, Phrack pointed out, were also in the midst of the responsible disclosure process and working together with the various affected South Korean organizations to help fix their systems. “All this was denied and ruined by Proton,” Phrack stated.
Phrack editors said that the incident leaves them “concerned what this means to other whistleblowers or journalists. The community needs assurance that Proton does not disable accounts unless Proton has a court order or the crime (or ToS violation) is apparent.”
The post Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency appeared first on The Intercept.
From The Intercept via this RSS feed
threaded - newest
Quite damning of Proton, but unfortunately isn’t too surprising after the CEO’s pro-trump comments.
I would say they have proven themselves untrustworthy and mostly concerned with profit-seeking, and would suggest moving to alternatives if you use their services.Mullvad is a solid VPN (Tor is better), and Posteo, Tuta, or Disroot are good email providers (don’t use email for anything sensitive, private providers only give protection against survailence capitalism).
EDIT: With more context provided by @artyom@piefed.social, this recent action by them was, perhaps, not as cut and dry as it seemed. (Though I still am skeptical of their integrity, personally)
There aren’t many VPN providers that have port forwarding and allow P2P. Proton is about the only choice if you want to seed.
Unless something has changed, I believe Windscribe also allows port forwarding.
AirVPN does as well, but as they are based in Italy, I think they may have to comply with the new Italian VPN anti-piracy law enacted there.
Windscribe quality declined
Early this month my Proton subscription ended. Instead of paying for one year more I decided to rent a VPS for 20$ per year (my Proton subscription costs 80$ per year now). It took 4 hours to setup wireguard server, configure port forwarding and update my clientside stuff accordingly. So far I’ve transferred 1.7 TB of data through this VPS (in a bit less than 2 weeks). It might be slightly slower than some Proton VPN servers, but it’s still very fast and decent enough for me. It’s easier than it seems and you get much lower prices, decent speeds, and more flexibility. You need to be a bit careful with VPS selection though: country where it’s hosted, their bandwidth and hardware.
Do you mind sharing what company and country you when with for the VPS and why?
I think it would be enough to say that I looked for a server with a good bandwidth in torrent-neutral countries not too far away from me.
Plenty of good deals here: lowendtalk.com/categories/offers
Edit: also some offers provide test IP so that you can check the ping - I didn’t use that, but in case you’re looking for something far away or overseas - very helpful
Air VPN has port forwarding, been using them for years.
Proton have always reaked. Given some real nordvpn pia vibes. My hot take is: Mailbox, Filen, Mullvad,local dns, Run containerised cloned vms and burn after use. All in one solutions keep biting me in the arse.
No port forward with mullvad
It’s not that dire, unless you love seeding torrents and you encounter other peers that don’t have port forwarding either, or you are hosting something.
Their recruitment practices are also profit-seeking. Job applications require your salary expectations and they don’t post their salary range.
What pro trump statements?
This article shows what happened: techstory.in/proton-mail-faces-backlash-over-clai…
Does no one read beyond the headline any more?
Looks to me like the CEO is not aligning with the orange, but rather with the choice of a department head, in particular one that’s supposed to fight big tech monopolies at the DoJ. We have yet to see how effective this choice will be though, with all the ass kissers at the felon’s dining table.
<img alt="" src="https://slrpnk.net/pictrs/image/951003c2-b42c-4fdf-87ff-d53cd996bdf0.png">
This praise is, itself, ass-kissing the orange, likely in the hopes of getting in the good graces of the administration.
His statements on reddit were also edited after the fact after several people in the comments came with receipts and he doubled down.
Or, possibly because he legitimately thought it was a good choice? Even if misguided. Is that not a possibility?
I don’t think it’s reasonable to assume that Yen is this naive.
As a Proton subscriber not from the US (but who has lived in the US); I find it difficult to believe that anyone could seriously claim that any of the two major US political parties have any interest in real competition and anti-trust.
One has to remember the Microsoft case from the 90s. I still don’t understand what the “legal excuse” was for not breaking up Microsoft.
The Proton CEO thought that the party taking bribe after bribe from oil companies to Tech-bros, and which removed the FTC chairwoman that was bringing anti-trust cases against amazon and publicly criticized Google’s monopoly, would somehow install a good, pro-competitive and consumer rights advocate?
If he genuinely believed that, then he’s either wildly out of the loop in one of his company’s largest markets (which I’ll grant as possible, CEOs can be pretty out of touch with reality), or a fool.
It still comes down to him being malicious or very stupid and incurious. Either way, it’s a bad look and proton keeps getting own goals, so at a certain point the difference is meaningless in practice.
I see nothing of sorts.
Instead what I see is this perpetuated crap about Proton being untrustworthy (they are not) and the CEO being a trump bootlicker (they are not). So this makes me think there’s a dissuasion campaign going on.
Nothing against what you are writing and pointing to. But look at the grander picture.
They don’t play along. They disrupt the market and modus operandi of stronger entities. Of course there’s going to be incitement against them.
The “That’s it, I’m not going to use them anymore and you shouldn’t either; here’s an alternative” seemed to spawn from a much lesser “charge” than many of the other usual suspects. Like a knee jerk reaction.
Is Proton perfect? No. Are they doing what they claim to do? Yes. Is it good value for money? Debatable. But they are not what people claim them to be on these posts.
Disclaimer: I have a free tier proton account that I log in to once a year, because I’ve moved on to Disroot for my email and mullvad for VPN.
Proton is poisoned. Stop using it.
They are not the alternative to mega technofascist companies. They are one of them. Everybody was hand-waving the Trump support, “well, that Andy guy isn’t DIRECTLY involved with this or that, so it’s fine” but it’s not.
Stop using and stop recommending it.
What should we be using instead?
they'll probably recommend something from a 14 Eyes country like Tuta.
Yeah Proton continuing to pooch it
What email service do lemmy people recommend?
Tuta mail
It’s not as good as proton
I do agree it’s not as pretty as Proton but the encryption once it reaches your account is much better and I feel like they are more upfront about what they are and aren’t. Really my main grype with them is there lack of GPG support.
They’re good. Some policies take some getting used to, though. For example, they lock your (free) account if you don’t use it for six months. You have to start paying if you ever want that email address again (emails are lost AFAIK).
Happened to me after a serious illness. I don’t mind paying, but that soured it so badly for me.
Same, can’t trust them if they can’t provide sustainability, 6 months might sound too long until you are hit by some illnesses which spiral into financial and mental burdens and months start passing like days.
Highly recommend Migadu, works great and great value.
So help me god if you recommended a paid email service as a replacement for a free one…
Were we talking about free ones? Sorry didn’t know that, and anyway Migadu is cheap as heck. (My use cases are always to use a custom domain)
+1
I’ve used them for a few years now using my domain. It’s no nonsense and well structured. Eventually, I’ll just self-host, but this is a good option if you don’t have a reliable means to host or just want to get your feet wet before fully self-hosting. The $20/yr plan has been perfectly adequate for my needs.
I still use protonmail. Tuta would be a close second
Mailbox,formerly mailbox.org
Tuta,which is often recommended, is sadly another vendor lock in while mailbox is using industrial standards.
The author omitted the complete statement from Reddit:
How dare you provide context in an online discussion thread!
(/s for the challenged)
So, if say, Saudi Arabia's CERT tells them to block a list of reporters accounts, they will gladly do it without demanding any evidence?
You block then investigate yes.
Just like every other company in existence does it, since the first thing you want to do is stop continued spread/misuse.
You’re also arrested when suspected of a crime. If it turns out you were innocent, they will let you go.
First response: stop everything to prevent possible malicious/criminal activity. Then investigate to see if it was the right call. If it was, nice. If it wasn’t: “sorry bud, just doing our jobs. Have a nice day.”
Imo this is more akin to a TRO/injunction, you gotta pause it for a second to see if everything checks out before everything goes to shit
I may be wrong here, but does it really make sense when you can’t actually prove the misuse did or did not happen? Say, you suspect phishing, then it’s a matter of inspecting a few next e-mails to/from non-proton users to decide if it’s likely happening. On the other hand, when the account is blocked, proton (as long as the claims about at-rest encryption are true) has no way of verifying the claim, since, as far as I’m aware, a user can’t provide them with what they’ve sent even if they wanted to.
Or us admin sees reporters on a story, or asks for comment before publishing, they hack their accounts or claim whatever and get them shut down.
Old rules of journalism will not work going forward in all cases. Might need more anonymous authorism with third party asking for comment.
The review only happen AFTER Phrack publicly complained on Twitter about it and a 150k people saw it, not before.
This is not the first time Proton drops the ball massively and then spins a tale to save their name.
You can blame them for being slow but I don't think you can reasonably assert that they're malicious, which I think is the implication.
The important thing to me is not maliciousness, but reliability under political , social and legal pressure.
All of this is hard to understand, much of what is happening is opaque.
Also this does not apply to all people. Depending on hundreds of variables, one person’s issue is not relevant to another.
I am in a country that can exert legal pressure on them; and so I cannot use their services
There's no legal pressure here. Just a request. A request that it makes sense for them to respond to, for the sake of their own users.
What service do you think isn't subject to legal pressure? Because I guarantee they are. Every country complies with international court orders to some degree. Proton only complies with the law as far as they absolutely have to. They often successfully challenge these court orders as well. Switzerland is as good as it gets. That's why it's such a big part of their advertising. They're notorious for this.
Under USA law proton cannot reveal some requests, or even talk about deeper collaboration.
This is why some services use canaries. When something is removed from a page it can be assumed they are under a gag order. This has happened many times ,see en.m.wikipedia.org/wiki/Warrant_canary
By and large political opposition in an authoritarian country should not use tools under that jurisdiction.
I would definitely base my email outside of that influence.
What does US law have to do with anything? Proton is based out of Switzerland.
They now have offices in the USA and if you look at what they say, they announce their operating under Swiss and USA law.
Can you show me where they announce they're "operating" under US law and not just complying with US requests provided Swiss warrants?
If you look at their terms of service, they only talk about US law and Swiss law, no matter of which version. See proton.me/de/legal/terms (German version), proton.me/legal/terms (English version)
I am not at all an international legal expert! However I follow some legal threads elsewhere and there is no serious dissent that the legal status of Proton is, at best, hard to tell, when it comes to this issue. And perhaps can only be determined in court cases later.
It is at this point I must abandon the replies to this, but I must say there are too many uncertainties for certain groups to fully trust usage of proton for their needs
Uh huh, and where else do you purport to find those certainties
it's in the reply they copied
Classic damage control.
Would they have done this if there wasn’t a public backlash? I would bet money the answer is no.
What were the TOS violations?
You can’t really do more than make a random claim here. I could counter it by saying “I would be money the answer is yes. but that’s just as useful a statement.
If you’re expecting a laundry list of email addresses and each individual violation, you’re not likely to get that from any company.
Still shows that Proton suspended the accounts because some CERTS told them to. That's not a court order.
Yeah I mean what's the alternative? Just allowing ALL Proton accounts to continue to be abusive until proven otherwise? How do you think that would impact not only the company but also the users/customers of that company? They were temporarily suspended, and reinstated after investigation.
Would this sequence of events have happenned if it was an average joe nobody cared about, rather than a public outcry?
I don't know. But I don't think there's any legitimate reason to rule that out.
Fair enough, I can’t prove that it would be different so my argument isn’t a hard argument at all.
But personally, I do strongly suspect Proton’s reaction would be very different, or at least very variable. If you look at their subreddit, half of the time people report they do an amazing job and help them… and half of the time they do incredibly user hostile things. A coin toss, basically.
Can you provide an example of "user hostile things"? Other than complying with law enforcement as little as humanly possible?
Users paying for the Unlimited or even the lifetime subscriptions, that were sold under the promise of all access to their services, now need an extra subscription to use their new LLM chat box, Lumo. Which is just a very bad wrapper around Mistral, messing up simple tasks like properly rendering Markdown for mathematical formulas.
Linux users, despite being a very important part of their user base, have zero official tools for Proton Drive syncing. No problem, because Proton Drive supports Rclone, right? Well, support was removed for no good reason and with no official explanation, leaving Linux users limited to the very problematic and slow web UI.
Proton Mail users frequently have their accounts locked for no reason whatsoever, other than vague statements about the ToS.
More examples needed?
They still have access to all of the services they were promised, and many more.
I really don't think that can be considered as "user hostile". It's not like they had it and took it away later. A con? Sure.
Sauce?
You just skipped over half of that point where they mention there was a way of using it in Linux, but they took it away
In the past Proton stated that they only act on claims from legitimate law enforcement with a court order. Now they acted on some organizations request.
If Protons own mechanisms for detecting malicious use trigger, yeah, they should suspend the account and investigate further, but not from a third party that has zero authority.
They weren't acting based on law, they were acting out interest for themselves and their users. Letting people use Proton accounts for nefarious interests doesn't benefit anyone.
This seems like more of a mistake than a sign of malicious or misaligned intention. Proton publish their stats about data requests, how many they comply with how many they fight and how many they win. They fight a majority of them probably more than most other companies.
The CEO needs to go. His ‘republicans fight for the little guy’ comments are so toxic and will get brought up everytime something like this happens and its hard to trust a company that has that kind of a person running it.
medium.com/…/does-proton-really-support-trump-a-d…
There’s a lot more nuance to it than just ‘Proton CEO supports Trump (and therefore all of Trump’s policies)’
From the comments: “Andy’s statement was to recognise the choice of the Assistant Attorney General for Antitrust division at DOJ. This is someone who has history of going after tech monopolies and allowing room for the little guys (startups) to have a fair chance to grow and innovate. This was not a political endorsement.”
And at the very least the CEO controversy reveals all the issues with America’s two party Sith or Jedi system, there’s no room for nuance or discussion, just rage. Look at all the other top comments here.
Yes, well stated. This is why I usually skip reading people's comments. The vast majority see everything through their own agendas and just echo words they hear.
I know i am well aware of what happened. I dont think hes a right winger but this take was so far off reality it was alarming. Go read through the reddit thread where people push him to defend his statement and he cant.
In my most charitable interpretation of the situation he is symapthic to the right wing narative at a time where any sane person shouldnt have been. I’m still a proton subscriber but Idk if I will renew in december.
I have similar conflicted feelings after being a long time Visionary Subscriber.
Its a hard choice because I do like the work they are doing and I like paying for the suite of tools all in one. But I feel like the tools are half baked and missing a ton of features which is to be expected by an up and coming company. I dont know if I should continue to support them to reach their goal or just move onto another company and delay having an strong competitor in the market. Them having half owner ship in a swiss non profit is pretty much the only thing giving me strong trust in the product not getting enshittified but with the crappy AI getting slapped in its testing my resolve.
He’s not American though, things have nuances out of your tribal system.
I’m not German, but I would know better than to praise a pick from the AfD.
I couldnt find where he was from so feel free to correct me if you know. But my guess is that Andy is American or at least has lived in America for enough years to know about American politics.
You are probably right, I assumed he was European since Proton is based in there.
Yeah, it’s a Swiss company, and nobody likes to get money from nazis as much as Swiss businessmen and bankers! “Neutral”=for sale to highest bidder. Very nuanced indeed. 🙄
The nuance seems to be that he made stupid partisan statements not because he is a partisan but because he is stupid. He profoundly misunderstands Trump and Republicans if he genuinely believes that nonsense. Its hard to trust someone with such terrible judgement, and its hard to trust Proton because they handled the situation so poorly.
Agreed on the stupidity. He should have had PR running his accounts or at least approving his posts. But now that the cat is out of the bag I’m really conflicted about being a Proton Visionary subscriber, and try to use other services like Filen, Cryptpad, Bitwarden, Aegis, etc, so I’m not all concentrated on Proton like I was on Google Suite.
I just made a Tuta mail account for if I do decide to move away from Proton.
That article is such bullshit. That anonymously submitted medium article that gets floated around ignores Internet Association, so wouldn’t be shocking if it was from proton attempting to do PR damage fixating on identity politics with intentional omission of Internet Association involvement.
Yen conveniently ignored that after working at the FTC, Slater become the vice-president for legal and regulatory policy for the Internet Association lobby group. Which was founded by “small business” like Google, Amazon, eBay and Facebook.
And involved in trying to infringe upon privacy rights. eff.org/…/lawmakers-must-not-let-internet-associa…
So yeah, proton founder cherry picked information that tried to make it seem like it was acceptable to praise the pick when reality is the past is too murky to endorse in any manner.
Now seeing straight up bribing and gifts from corporations not even hiding it the whole thing aged like milk.
Ugh. My Obi-wan moment or something. ‘You were the Chosen One Proton!’
I found it odd back then that they shifted to strategy of saying how could he support Trump if Yen isnt sexist and isnt homophobic when uproar was Slater’s anti consumer past being ignored. And they kept shifting away from Slater career criticism like some form of gaslighting and ignoring it. And it worked on some people, since they forgot about the positive endorsement of Trump’s pick while omitting Slater’s murky past because look how not racist Yen is.
But, Tim Cook groveling before Trump showed that people who’s goal is to make more money will sell themselves out to try and get within the inner circle if it is more financially advantageous to do so regardless of their personal ideologies. Money and power rules them. It’s fortunate for Proton the sucking up didn’t get them any further, since who knows if Yen would be giving golden gifts at Trump’s dinners if he’d been invited into the fold. “Dear Mr. President you are the most privacy respecting leader in the world and here is a golden statue as a gift.”
There is no nuance in American politics. Only tribal culture wars. You're team red or team blue. Simple as. Something good? Claim your team. Something bad? Blame the other team. That being said, Andy is not American.
Learn to investigate and verify info. It seems like you just read a headline or some comments and took them as fact and did zero follow up.
Nah I have seen the entire story and its follow ups. He straight up bit the rightwing talking point hook.
who could have predicted that the company run by the guy who cozies up to authoritarians would work with authoritarians.
Shocking!
your comment makes no fucking sense because the security researchers that were banned are also working with those CERTs.
Proton doing another shady thing?
Colour me surprised! <img alt="" src="https://feddit.org/pictrs/image/664cbe8c-4c1c-4649-bf48-7047c1262bb6.gif">
.
Selfhosting is really becoming the only option.
Agreed. But then they’ll “simply” seize your domain. Federation is the way, and P2P.
There’s more to this story.
Finally broke down this week and moved to Tuta mail, but I almost gave Proton a trial run first. After Yen’s last fumble, I felt the need to dodge a bullet. What timing.
The reality is the only option you’ll have (for those asking for alternatives) is self hosting, if you’re worried about things like this. Eventually one of them may get compromised or emshitified.
Tuta, for example, is in Germany. All it takes is one election where the AfD wins and now Tuta is compromised. Either you’ll be hopping around continuously, or you settle for the best possible option, or you self host.
Proton immediately froze my account, I am on some brazillian blacklist from my ip somehow, no way to ask for them to allow it anyway there like at tuta.
Those are the only 2 I could find that are acceptable. I do not want linked phone, do not want to be locked out of email if I lose phone or service.
Because email is federated self hosting doesn’t matter.
Sure you aren’t going to lose your email but 90% of it is going to be hosted by Microsoft/Google so those companies can block your email and it’s akin to being frozen.
Doesn’t self hosting email usually just get you flagged as spam nowadays? I seem to recall Cory Doctorow talking about it.
There are ways you can both make your emails adhere to certain standards that make them look better and “warm” your account so Gmail and Outlook decide to trust it.
I won’t directly mention how in this thread because SEO agencies LOVE abusing this to self host massive link building spam networks to save a buck on buying Gsuite accounts, but it’s indeed possible.
Eh, seems like a nothing burger to me honestly. It’s just normal procedure to lock it down first, then investigate and reopen when you get a request like this.
Whenever we get warnings about our customers accounts sending spam/phising we do a small investigateion, then they are locked before we contact the right manager and eventually someone contact the end user in question and we fix the problem or suspend the user.
It sucks for the user to be out of the loop for a few hours, and sometimes innocents get caught up in it, but it’s really the only way to deal with it.
Are anyone surprised criminals would use Proton? I bet they get a lot of take downs all the time and ignore most of them.
You say a few hours, but it seems they were locked out for days.
If they also did a short pre investigation, was it in adequate form, if this kind of thing is the result?
We only see from the outside, and they say they can’t really see much internally either. Send all very wishy washy. If that’s the case, is that enough to block accounts for days, it should they do their full investigation and then block to reduce false positive impact?
I can’t say, as you say, we only see this from the outside. I obviously have no idea what they can and can’t tell. This seems to be on the nation state level and there’s so much bullshit burecracy to deal with at that level. If this continues to happen that is obviously bad, but it seems like an honest mistake to me. It’s the main reason that got me started in leaving Gmail many years ago.
Anyway, I have of course set up my own domain for email and can redirect it to another provider if need be, but I don’t think it makes sense to run away at the first sign of a company doing a fuckup either. All companies will fuck up eventually and that’s how they learn. It’s when they continue to fuck up, or deliberately does evil that I will leave.
Everything is now paywalled and absolutely none of it is worth jumping through the extra hoops to read. That said, thanks for posting the content in here.
This archived link bypasses the paywall.
I’m too invested to hop providers right now, and I don’t know if I have the spoons to self host.
You might if the spoons are rusty.
Webarchive to avoid the paywall that they say is not a paywall.
web.archive.org/…/proton-mail-journalist-accounts…
That’s the push I needed. What are peoples recommendations for alternatives?
I’ve been happy with Tuta
I was happy with Proton. Until I was not. Tuta might be fine today… what happens in two years?
For email, honestly, it’s a major fucking pain in the ass, but simply buy your own domain and learn how to host it in an agnostic way you can migrate if needed. But just to emphasize: yes, self hosting email sucks tremendously, I know.
I appreciate the question; personally, though, I think tuta is threadbare enough that giving in would honestly be a deathknell. Proton drops in privacy, they can still advertise as “better than google,” and has the userbase to survive any drop in users. If tuta follows suit, at what point are they stuck as just worse proton?
I’ve been using Fastmail for decades.
posteo.de
So the shoe finally drops!
I have been mocking Proton users for years now. Buying privacy from a corporation that openly cooperates with governments was asinine.
Anyone who genuinely thought that privacy was going to be perfect was an idiot. But they’re going to be better than Gmail and they are. The only way to achieve any type of true privacy would be to start up your own Data Center , run your own email , and then be the one that’s dealing with the government knocking on your door. Have fun with that.
Put frankly privacy on the internet does not exist and anyone that thinks it’s achievable on the modern internet is honestly an idiot. We can only select the least shitty option there is no good option. And the problem is even that is a moving Target I’m not going to keep changing my email provider every couple years to whatever the new current popular privacy option is.
Everything related to privacy and security requires as a fundamental premise that you select your threat model. Who are you? What data do you want to protect? From whom, and how bad would it be to fail?
Most people skip this step, and then keep acting either surprised or over/under reacting to any given news. There are people out there that can’t use email - regardless of who hosts what. There are people out there that would be fine with Gmail.
I use Google suite. Use it for work stuff, general bullshit. Works great. None of the data going over it is of particular import (to me).
There are things that I believe require a better handling, and they’re handled differently, all the way up to physical media.
It just might be naive, in this day and age, to think a company won’t cooperate with authorities. Yes, there are exceptions, but they either fear repercussions or they were never built well enough to keep authorities out in the first place.
No company is gonna have it’s staff go to jail for your 5 bucks a month man, if the government is after all you can only depend on decentralized services.
Small shoe.
My perception of Proton was never that users would be kept safe from governments, but that users would be kept away from advertisers.
Tuta is German so it cannot be trusted since Germany is on the brink of fascism. supposedly can’t search message bodys in tuta either.
Proton is, well, proton.
Self hosting gets blocked everywhere. Since I have my own domain, I’m finding even my Proton address gets blocked a lot.
So wtf am I supposed to do? Has the industry been successful in corporatizing and controlling email now?
If your own domain is being blocked, you’re likely misconfiguring DMARC/DKIM/SPF on the domain.
While that can cause this issue, it’s not the only reason. Many services whitelist email domains.
Sometimes yeah, but the majority of major ones use a ranking system and taking care of your DMARC and such is usually enough to rank you into the not spam category.
My dmarc is fine.
This.
I use my own email domains for more than a decade, the only time I got blocked was because the website didn’t allow “.dev” domains yet (it was very recent at that time). But my .info goes everywhere.
I have little to no background in IT or CS, but I always wanted to set up networks with those Ubiquiti antennas that can broadcast out a few kilometers. I got a buddy who just happens to be a few kilometers away. We could set up our own private, albeit incredibly limited, internet. Outside of that, if you’re using a utility or a service, you can’t expect your info to be locked up right. And so you need to keep certain shit offline, or use a HAM radio, or some other kind of private network for broadcasting, which is not feasible. But it would be neat.
Could always have a really long string with cans on either end. Can’t tap that phone.
Maybe Meshtastic?
Meshtastic has like no bandwidth though
True, I suppose if you have plans other than communication….
Two prong test for communications: can it do porn? Can it do cat videos?
I’ve been using Proton for some years but I’ll lost trust in almost all email providers even the ones that I use. They simply can’t be trusted. Email was not created with privacy and security in mind. Self-hosting is your only safe option. Tuta and Posteo are suitable alternatives.
but then nobody gets your emails because you aren’t one of the big boy domains.
Email was not designed for the modern internet and not just on the security front. But we just kept beating at it with a hammer until it was a vaguely square shaped peg and put it in the hole anyways.
“That’s right, it goes in the square hole.”