It’s always been delusional to think organizations run by public people based in any country wouldn’t abide by laws and government orders. They can hop countries and this will always happen. There is not a single jurisdiction in the world where any company will legally be safe from censorship, government coercion. Tech has to be designed and adopted for its resilience to state coercion and risk for loss in leadership
Why repost this with the sensationalist headline but not include the context provided in the comments by @artyom@piefed.social
"The author omitted the complete statement from Reddit:
Hi everyone,
No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.
In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.
Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.
Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.
Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.
The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach."
So, in summary, Proton will block any account, without any evidence, just because a random CERT says so.
if a CERT came to whatever email provider you use and accused you of being a malicious hacker, your email service would absolutely terminate your account.
Ok, they are getting down votes, but technically true?Yes they reinstated it, but they assume guilt rather than check first?
I assume that they have a level of trust in the reporter, that hopefully they will not extend next time. I guess they must get a lot of these, and that failing to block spammers means they may lose trust of other email servers?
Proton’s reply says they also were flagged by their abuse system
We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.
Semi-unrelated, but back when I worked weekends in phone support, nothing came close to the satisfaction of delivering a “no, we can’t do that right now” or “sorry, but that’s not even our issue” to some cranky bastard on a Saturday morning. Then, after listening to a fully grown adult have a tantrum, promising that a superior would reach out during business hours… Monday. I knew full well they would spend 2 full days stewing, only to hear back from someone in management who would say something like “the agent you spoke to was absolutely correct, we don’t have any control over the quality of your Internet connection, we are not your ISP, go talk to them, goodbye.” I was lucky to have some pretty based individuals I would report to - sometimes they’d even let me listen in on those escalation calls live to enjoy the resulting unhinged meltdowns. Talk about catharsis.
Extract : Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency
Clarification:
CERT Fd up and called two whitehat disclosure accounts malicious
Proton did not check these accounts before they torched them.
Specifically for the type of privacy and security that Proton offers, I would expect a slightly higher level of customer service. Perhaps a message to the end user saying we are considering terminating your account. And giving you a chance to appeal before you knock it out.
This is by far not the worst thing they’ve done and in some sense it’s not completely unreasonable. But I think they could do better.
This seems like it’s intentional though. CERT needs to be held responsible. You should always have a notice of termination.
Which is still bad? Why would blind report warrant disabling accounts? It’s like those DMCA takedowns.
probably because the CERTs are supposed to be beyond reproach, so when one says something is an issue, people listen.
Proton responded, most were in clear violation of ToS and correctly flagged. 2 were unsuspended. Half the article is bullshit, especially the legal claims
And what is a CERT?
A Computer Emergency Response Team would be my guess.
https://en.m.wikipedia.org/wiki/Computer_emergency_response_team
Yeah as much as I don’t love proton as a company this feels wildly misleading…
Because it is.
disappointed by proton again…
👏stop👏forming👏opinions👏with👏headlines
