"Our vision is to build an internet where privacy is the default by creating an ecosystem of services accessible to everyone, everywhere, every day."
Building an internet and providing privacy don't go hand-in-unlovable-hand with SaaS. Decentralization is an important solution to most threat models, as is having physical possession of your server and data. Centralization is the problem here.
Why complicate things when you could just acknowledge that email is archaic and unsuitable for privacy in 2021, and start running your own Matrix home server if you have something worth keeping private?
Trotting out Berners-Lee isn't helping their credibility following the environmental activist debacle. Actions speak louder than words. As has been evidenced, centralized privacy-oriented SaaS provided by businesses are not fit for purpose. Users should take responsibility for their own data and assume everything is compromised by default.
On a reddit AMA several years ago Tim or the PR people representing him claimed that he and his team tat Cern were responsible for the open source movement. Except their browser wasn't opened until after the fact, and Stallman and FSF had been doing their thing for years before. He lost a lot of credibility with me after that.
Wasn't aware of that claim of starting the open source movement! How someone ever thought they would get away with a claim as silly as that is beyond me.
He's also sold a gimmicky cryptoart NFT through Sotheby’s, contributing to and indirectly endorsing environmental destruction. He of all people should be leading by example with how to make existing and future technologies more environmentally-friendly.
Didn't creating the web also indirectly cause a lot of environmental destruction? Oh, you mean that your energy use is strictly necessary, whereas other people using energy for something that doesn't interest you is morally wrong. Got it.
* ProtonMail advertises no IP logging and overall this is very unlikely. I prefer the more transparent privacy tools that make it clear what their legally required to log and what that are required to provide to LEOs.
* ProtonMail Tor hidden service is mostly a joke. Their signup isn't available over it. This combined with no support for actually anonymous methods of payment make their advertising of "anonymous email" dubious. I understand the challenges involved, but if you can't overcome/mitigate them, then don't make those claims.
* Email is not a secure protocol and most every permutation of webmail is not securely implemented. Unless you're using PGP on the client side you will be trusting the provider.
* The steps required currently to run webapps and verify they haven't been altered are obtuse especially if you want to continue to get any kind of new features or updates.
That said Matrix does lend itself to this. It's also worth noting one of the major VCs (Notion) that funded that has an interest in other email companies. So who knows maybe we will see an email message client based on Matrix protocol.
It certainly would be an improvement on relying on systems such as PGP and allow universal E2EE, but also E2EE to the border (required for many government/corporate) situations where auditing is required.
> I'm struggling to figure out what comes after ProtonMail. It's clearly an evolutionary dead end but what succeeds it?
Likely nothing. Many people that use services like this don't require anonymity. For that the threat model is absolutely fine. People seem to forget this page has existed literally since 2014: https://protonmail.com/blog/protonmail-threat-model/
I think people have blown this case out of proportion without really having any facts. Minimal details are actually known the nature of what the criminal charges are about.
There hasn't been any public verified information (court documents etc) pertaining to why the request was made. The most ProtonMail has said is that it was a judicial request made in Swizterland, and there was no avenue to appeal the request.
Media latched on to sensationalist phrases like "climate activist" and "squatter" and those things in itself don't actually tell us very much about the nature of the charges and evidence against the suspect. Those things may not even be the reason the request was made.
That's helpful context about Signal and interesting to read the dev team's comments. While there may be many forks of Signal, the Signal team itself won't be the one to provide interoperability.
Any insights from the early days of the development of email? Does LibreSignal fork, provide interoperability, and just take over, becoming the "email" of tomorrow?
I'm a paying ProtonMail customer. I may be incorrect but am not distracted by the criminal charges stuff as you suggest. Protonmail stated they don't log IP on their homepage. What they meant was "unless the cops ask us". So now they've changed their marketing to update this. I'm satisfied but it also exposes the need to "trust our company", and that's just not sustainable, no matter the company.
> Any insights from the early days of the development of email? Does LibreSignal fork, provide interoperability, and just take over, becoming the "email" of tomorrow?
The project was discontinued. You can't develop a "Signal client" without relying on Signal servers. If you do, then you'll need your own server and there is no facility for it to talk to other servers. That pretty much makes it dead in the water.
Something like Matrix which does have federation lends itself to that usecase though.
> Protonmail stated they don't log IP on their homepage. What they meant was "unless the cops ask us".
They don't log IPs if you don't enable advanced logs. They do however and have always said they will comply with legal requests from a Swiss court.
> We will only disclose the limited user data we possess if we are instructed to do so by a fully binding request coming from the competent Swiss authorities (legal obligation). While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person, and provide a formal response.
> The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as ProtonMail can be legally compelled to log your IP address.
So that never was if the "if the cops ask". There would be many cases that are denied, and we know this from their transparency reports.
The issue is some very silly people thought this meant a law abiding company would risk prosecution/contempt by not abiding by the law/courts. They failed to read any of the company's policies which have been on the website clear as day and got upset about that.
The reason Protonmail is modifying their marketing is to keep people happy who don't have the attention span to learn about any of the products they use from reading any of the documentation.
I have Tutanota to be quite reliable end to end encryption and no ip logging. Also provides ability to send encrypted mail with pre shared passwords. Good client apps too.
Given Protonmail trust issues Sir Lee ought to have avoided.
Signal mail service/client would be great too. Long time FastMail user but they too give fuzzy answers on mail privacy. Mailbox.org seems to be decent with encryption at rest.
> I have Tutanota to be quite reliable end to end encryption and no ip logging.
They will do IP logging if they receive relevant court requests.
> Also provides ability to send encrypted mail with pre shared passwords. Good client apps too.
The only client app you can use is Tutanota's client/web browser.
Last I used it you couldn't export a whole mailbox (only individual mails and directories), you couldn't have folders more than 1 level deep, and you couldn't import email.
You also can't encrypt emails to Tutanota users without using a temporary mailbox on their server. They could very easily disable encryption to particular users.
You can't use third party clients (thunderbird, mutt mail.app etc), and if you're used to those it's a no-go.
People always question whether or not ProtonMail could give you dodgy js that exfiltrates your password/private keys, the same goes for Tutanota, but in the case of Tutanota, you have no option to use a mail client, ie code not written by them.
Yes, and this is the best one can get in 2021. So it would be nice if everyone stopped attacking them at every step and started building that mythical private e-mail service that they’re talking about instead.
I'll take a provider that is transparent over one that makes claims they cannot backup. cock.li is more transparent in that regard despite being a complete meme.
cock.li seems to be just your average e-mail provider with no security features, as they existed since the dawn of internet. They have access to e-mail metadata and contents, and so does law enforcement or anyone hacking their servers.
How can they not be transparent? They don't have any technical reason to make any security claims.
I may not understand cock.li, what feature/aspect does this quote refer to:
"Cock.li has not had a successful demand for user information since 2017, thanks in large part to better education of law enforcement that contact cock.li."
I would also bet they may have handed out some select information but it just hasn't "hit the news". I would say cock.li is certainly big enough that someone has used it in a criminal matter eg child pornography, bomb threats etc.
With email it's either that or they go after wherever you're hosting from.
I use Tutanota. Canceled payed accounts of Proton in 2018.
I don't encrypt messages. And I don't expect privacy.
I use this services because of more clean UX than Gmail or competitors.
Every message that I send is mainly related to work and personal communication is related to consumerism topics.
Everything else is communicated in physical presence of the person that will receive the talk.
It is over. Internet is commercial outlet. I use it as such.
Our devices are data collection tools. Our future is engineered towards automation of policing and processing.
Decentralization of Internet will not be allowed and possibly be outlawed in the coming years.
In the moment in which VPN is prohibited I am prepared to go totally offline.
I have so many books to read, and music to listen to without paying corporations a dime.
The basic computer functions that are needed in this context can be provided by old computers with Linux without a problem.
Welcome to the future, where you censor yourself willingly and avoid corporate technological advancements as a plague.
:)
Sir Tim has been on the advisory board of the company I work at, for years. As far as I know he has had absolutely zero involvement during the years I've worked there.
His name is occasionally trotted out to impress(?) people, and that's it.
You misunderstood the question. He is asking why are they honoring his title as Knight in Switzerland, when noble titles are usually abolished in republics.
A good example of this can be seen in the Constitution of the US.
"No Title of Nobility shall be granted by the United States: And no Person holding any Office of Profit or Trust under them, shall, without the Consent of the Congress, accept of any present, Emolument, Office, or Title, of any kind whatever, from any King, Prince, or foreign State."
This is a private company's communication, not official Swiss usage. Nor is he being afforded privileges or rights arising from his title, beyond the use of 'Sir'. The 'proper' usage also would have added his titles after his name - OM KBE (Order of Merit & Knight Commander of the Order of the British Empire)
You cannot negotiate and execute a deal with TimBL in one day. Anyone like that will see your desperate urgency as a major red flag and guys like him, their personal reputation is their only asset (W3C is irrelevant)
It’s just on the rollout plan. When you want to ensure something is done, you set it in the prerequisites, and joining is only confirmed after the prereqs are fulfilled.
They apparently log the IP addresses for customers where they receive a warrant from the local authorities. Not everyone’s IP and they don’t just give them away.
But on the positive side, one does not have to use PM. There’s plenty of encrypted e-mail providers out there that will not store any info whatsoever on their customers and should the police ever dare question them they’d rather die shooting than give them anything anyway.
Is there? Could you give some examples of email providers that wouldn't comply with a legal request?
Protonmail, from what I understand, does contest the requests it receives, but some they have to follow. My impression is that this would be true for any provider.
why cant you set up your own email server in under 5 minutes on a vps server you paid for with crypto and a domain name and call it a day? you own the server and a such, you are certain only you can see your side of the email. then do whatever shiny PGP or whatever and you are good to go. why is this a problem?
i run a mailinabox for almost a year now. had initial trouble with gmail. now its all fine and i have no trouble connecting to anyone.
as i said, when you pay with crypto, the VPS provider has what data on you? you obviously wont use your real name to sign up for vps or domain so what can they give besides access to the server? even if that was done, won't you know?
Public facing SMTP, Tor hidden service for IMAP, all on a VPS and domain paid for with tumbled cc? Unless you worry about your ISP knowing you use Tor (there are some ways around that, kinda), I can't imagine how they'd DA you.
E: ... aside from some sort of Tor-based attack, of course.
Building an internet and providing privacy don't go hand-in-unlovable-hand with SaaS. Decentralization is an important solution to most threat models, as is having physical possession of your server and data. Centralization is the problem here.
Why complicate things when you could just acknowledge that email is archaic and unsuitable for privacy in 2021, and start running your own Matrix home server if you have something worth keeping private?
Trotting out Berners-Lee isn't helping their credibility following the environmental activist debacle. Actions speak louder than words. As has been evidenced, centralized privacy-oriented SaaS provided by businesses are not fit for purpose. Users should take responsibility for their own data and assume everything is compromised by default.