Hardly. The company still has not owned up to their major fuck up in my book. They are willing to save themselves on the account of their customers. Dead company in the world of security, but might drag on in the scam world.
Swiss courts are not something to be taken likely... since ProtonMail and its founders are based in Switzerland the employees themselves could have faced criminal charges for non-compliance.
A different argument could be made that they could be using more privacy-preserving tech that would make compliance not possible... but even then a court order + gag order could compel them to start logging.
Why this ruling is so important is it sets legal precedent that Protonmail is in the right to not turn over user data to the government. The Swiss legal system tends to be pretty firm about things and this will likely make it next to impossible for a repeat of their past fiasco to happen.
Again, for the millionth time, the issue is not that they had to comply with the law. Stop pretending to misunderstand, all this bullshit is quite obvious.
Proton mail lied, and then pretended like they didn’t. They decided it makes sense to sacrifice a customer on the account of their own fuck up and false promise.
Proton mail is a shit company, and more and more I’m convinced they’ve bought shills to go out and divert attention.
In the world of security, proton mail is a less than a zero. Their main clientele will be in the same scam business they are.
> The court documents stated that on July 13 Levison sent an open letter to the assistant US attorney, offering to give email metadata (without email content, usernames or passwords) to the FBI if it paid him $2,000 "to cover the cost of the development time and equipment necessary to implement my solution" and $1,500 to give data "intermittently during the collection period".
So what Protonmail did wrong was to not ask for payment while handing out the metadata?
> The court records show that the FBI sought Lavabit's Transport Layer Security (TLS/SSL) private key. Levison objected, saying that the key would allow the government to access communications by all 400,000 customers of Lavabit. He also offered to add code to his servers that would provide the information required just for the target of the order. The court rejected this offer because it would require the government to trust Levison and stated that just because the government could access all customers' communication did not mean they would be legally permitted to do so. Lavabit was ordered to provide the SSL key in machine readable format by noon, August 5 or face a fine of $5000 per day.[28] Levison closed down Lavabit 3 days later.
>Before the Snowden incident, Lavabit had complied with previous search warrants. For example, in June 2013 a search warrant was executed against a Lavabit account for suspected possession of child pornography.
From the register:
> After much wrangling, Levison eventually handed over Lavabit's cryptographic key in digital form, after earlier trying to satisfy a court order by printing out and handing over a copy of the key in 4-point type, a move that irked the judge handling the case.
From vice / the US Attorneys Office / Eastern District of Virginia:
> At approximately 1:30pm CDT on August 2, 2013, Mr. Levison gave the FBI a printout of what he represented to be the encryption keys needed to operate the pen register," a motion for sanctions signed by James L. Trump from the US Attorney's Office reads. According to the case docket, the documents were unsealed on March 4.
> ProtonMail, in fact, had to comply with a Swiss court order, which came after the French police had requested Swiss cooperation through Europol, making use of international judicial assistance.
What exactly did / do you expect Proton to do here? They were given a legal mandate to comply and they complied. Did you have a fantasy that they would fight the Swiss and French governments (and apparently Europol) when given a valid court order and risk their entire existence?
Stop intentionally missing the point. It's not about them complying with the law or not, it's about them promising something that they did not deliver on, regardless of whether they couldn't because they didn't know or the lied, it doesn't matter. Customer confidence won't be partially restored without them owning up to it. First by fighting it in court, not pretending like it's all been out of their hand, then by having their system implemented in a way where they could even start secretly logging their users (even to comply legally). Hiding behind fine print and ambiguous wording (like "oh, we said only by default").
ProtonMail fucked up. Badly and majorly. So far the only thing they've proved is that it's not a their main tag line "Secure Email. Based in Switzerland" is basically meaningless bullshit. It's not secure, and they'll backstab their customers without even putting up a fight. There's no sugar coating it, and there's no way to take it back, there's no way to distract the community form.
Their reputation is as good as dead. I feel bad for people who still use it as a "secure" email.
Lol, dude, you're missing the entire point. I understand it hurts to learn that a company you've been paying turned out not to be what it claims to be, but no one is "tossing around" wikipedia links other than you. And you're doing it sort of badly, the link you tossed is equivalent to just throwing: https://en.wikipedia.org/wiki/Security in an argument.
