Privacy

44377 readers

508 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

113

Proton has handed over 32,076 users' data to governments since 2017. Their own transparency report states a 94% compliance rate in 2024. (lemmy.ml)

submitted 2 weeks ago by yogthos@lemmy.ml to c/privacy@lemmy.ml

39 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] vhstape@lemmy.sdf.org 26 points 2 weeks ago (1 children)

Proton’s privacy policies state that they retain unencrypted metadata (addresses, timestamps, etc.) which are required to provide the service. This information may be disclosed to law enforcement. However, the actual content in your account is largely end-to-end encrypted. Law enforcement might request it, but without the keys to decrypt it they won’t be able to read your data.

[–] yogthos@lemmy.ml 32 points 2 weeks ago (5 children)

Metadata tracking should be very concerning to anyone who cares about privacy because it inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.

Being able to map out a network of relations is incredibly valuable. An intelligence agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.

Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand. So, in a twisted way, tools for private conversations that share their metadata with third parties, are perfect machines for mapping associations and identifying targets such as political dissidents.

[–] vhstape@lemmy.sdf.org 13 points 2 weeks ago (1 children)

I don’t disagree with you, but sending and receiving emails requires transmission of unencrypted metadata. There’s no easy way around it

[–] yogthos@lemmy.ml 9 points 2 weeks ago (1 children)

Right, which really suggests that email is not the right medium if you want genuine privacy.

[–] Imaginary_Stand4909@lemmy.blahaj.zone 1 points 2 weeks ago (1 children)

Okay, but people still need emails for basic services and accounts, so would you rather them use Gmail or Proton?

Like duh don't email your mom with a detailed plan on how you're gonna do a terrorist attack. Crazy idea, I know.

[–] yogthos@lemmy.ml 2 points 2 weeks ago

Honestly, I suspect it makes very little difference in practice which one you're using if you're going to communicate with people outside Proton. If I use Gmail, and you send me an email from your Proton account, guess what happens.

[–] ArcaneSlime@lemmy.dbzer0.com 7 points 2 weeks ago* (last edited 2 weeks ago)

Tbf I'm unaware of a messaging service be it chat or email or whatever that leaks no metadata, afaik they all kind of have to by nature of needing to know at least where the message is supposed to go, if not where it came from, too.

Like, if Bob messages Lisa, the service has to at least know to deliver the message to lisa, even if it didn't also that it's from Bob.

If you know of one I'm curious though!

[–] protogen420@lemmy.blahaj.zone 6 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

with email, the meta data leaking is at the protocol level, email is comically insecure and no matter funny encryption you do with pgp the protocol itself will leak data, and Proton's advertisments as a secure private email provider are misleading in a fundemental level thanks to this, I do not see how any email provider could fix this other than making a whole new standard for an email-like protocol

email is a legacy tool that needs to be phased out and a sane better replacement has to be made, untill that there is little to no hope to not leaking email metadata to some degree since email is effectively required to create accounts in most web services

[–] yogthos@lemmy.ml 4 points 2 weeks ago

yup email is just fundamentally not the right tool for this

[–] manuallybreathing@lemmy.ml 6 points 2 weeks ago (1 children)

The yanks were drone striking people in Iraq and Afganistan based on who was calling who, I'm certain they still do this kind of thing too. Your uncle's an important guy and he calls you for your birthday? kablamo

[–] yogthos@lemmy.ml 2 points 2 weeks ago

exactly

[–] ScoffingLizard@lemmy.dbzer0.com 5 points 2 weeks ago (1 children)

My threat model is not mostly concerned with gov. That could change but anyb way we can make it harder and more expensive or to take data or just created competition for Google is start in the correct direction. Just don't do anything important on Proton.

[–] yogthos@lemmy.ml 7 points 2 weeks ago

Right, understanding what your threat model is important. Then you can make a conscious choice regarding the trade offs of using a particular service, and you understand what your risks are.