• aldalire@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    100
    ·
    8 months ago

    Jesus fucking christ this website is trash. Here i copy pasted the entire article so you don’t have to accept their privacy policy

    It took the intervention of Swiss authorities to prevent the blocking of end-to-end encrypted email platform Proton Mail in India after the government sought action against the platform, which was being abused by bad actors to send hoax bomb threats.

    In February, a senior Tamil Nadu Cyber Crime Wing police officer requested the Ministry of Electronics and Information Technology to block Proton Mail. An order was also sent to the platform.

    This was after several schools in Chennai received hoax bomb threats on February 8. A police investigation found that the mails were sent through Proton Mail.

    Even though the police sought information about the users who sent such emails, the cops faced a roadblock as the platform is encrypted end-to-end, which means users’ emails, files, calendar entries, and passwords had strong privacy protections.

    In a blog post in March, Proton Mail said, “In response to hoax bomb threats that were sent through Proton Mail, some members of the Indian government suggested taking the extreme measure of blocking Proton…”

    Mastek bags supplier spot in Digital Services Framework for UK’s Defence Ministry Mastek bags supplier spot in Digital Services Framework for UK’s Defence Ministry Government issues advisory on CCTV cameras over security concerns Government issues advisory on CCTV cameras over security concerns MeitY issues advisory on CCTV security, asks ministries to avoid suppliers with past breaches MeitY issues advisory on CCTV security, asks ministries to avoid suppliers with past breaches “The issue has been raised to the attention of the Swiss federal authorities, who have been in contact with the relevant Indian authorities to prevent the blocking of Proton Mail in India. Thanks to this assistance, Proton Mail apps and other Proton products are available in India,” the post said.

    Moneycontrol has reached out to Proton with further queries and the article will be updated when a respond comes in.

    In the blog, the encrypted email service provider also explained why it did not comply with information requested by Indian law enforcement authorities.

    Under Swiss law, Proton is not allowed to transmit any data foreign authorities and had to reject requests “that are directly addressed to us”.

    “However, Proton is legally obligated to respond to orders from Swiss authorities, who do not tolerate illegal activities conducted through Switzerland and may assist foreign authorities in cases of illegal activity, provided they are valid under international assistance procedures and determined to be in compliance with Swiss law,” the blog said.

    The company added, “Blocking access to Proton Mail simply prevents law-abiding citizens from communicating securely and does not prevent cybercriminals from sending threats with another email service, especially if the perpetrators are located outside of India.”

    This is not the first time that the Switzerland-headquartered company has courted controversy, especially for being abused by threat actors.

    In 2020, the Russian government blocked the encrypted email provider after emails claimed that bombs were planted in public places.

    Russia’s Federal Service for Supervision of Communications, Information Technology and Mass Media (abbreviated Roskomnadzor) said the bogus emails were responsible for “creating a real threat of mass disturbance of public order and causing great concern among citizens and public outcry”.

  • funn@lemy.lol
    link
    fedilink
    arrow-up
    17
    ·
    8 months ago

    I don’t know what’s happening in India. I heard they blocked VLC & all VPN, some time back. Now they have blocked Protonmail.

      • Star@sopuli.xyz
        link
        fedilink
        arrow-up
        11
        ·
        8 months ago

        Just FYI, in India the president (head of the state) is more or less a ceremonial figure. It’s the prime minister (head of the government) that you’re probably talking about.

    • Railcar8095@lemm.ee
      link
      fedilink
      arrow-up
      10
      ·
      8 months ago

      When I read VLC I thought it was a typo. Then I searched for it. Couldn’t find any official reason, is it known it or only speculated?

    • Dizzy Devil Ducky@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      8 months ago

      Probably trolls being trolls or just the usual things governments like to do: ban anything and everything they don’t understand or like.

    • Onihikage@beehaw.org
      link
      fedilink
      English
      arrow-up
      17
      ·
      8 months ago

      It’s stored with zero-knowledge encryption, which means the server only receives enough information to authenticate the user, but otherwise has no ability to decrypt the user’s files. Proton has an explainer.

    • BolexForSoup@kbin.social
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      8 months ago

      They basically can’t see/display any of the contents of your emails/calendars/etc. is the super short answer.

      • taladar@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        ·
        8 months ago

        But if someone sent a threat using their platform all that is really required is the information who owns the account that sent it which is information that should still be available even with an end-to-end encrypted service.

        • BolexForSoup@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          8 months ago

          We can debate all we want but clearly it’s enough of a hurdle that the Indian government tried to block Proton’s services entirely. Legal standards and what we consider “logical conclusions” aren’t always the same thing either so I imagine that’s where a lot of the nuance lies here. Without knowing exactly what happened I don’t think either of us can really parse this beyond what we now know about the Indian government’s efforts to block Proton’s services.

    • Sips'@slrpnk.net
      link
      fedilink
      arrow-up
      17
      ·
      8 months ago

      In February, numerous schools in Chennai were targeted with hoax bomb threats sent via encrypted email service Proton Mail. The Indian government sought action against Proton Mail due to its misuse by malicious individuals. Swiss authorities intervened to prevent the platform from being blocked in India. Despite police efforts to trace the origin of the threats, Proton Mail’s encryption hindered investigations. The company refused to comply with Indian authorities’ requests for information, citing Swiss law. Proton Mail argued that blocking the service wouldn’t deter cybercriminals and could impede legitimate users. This incident isn’t the first time Proton Mail has faced controversy; it was previously blocked in Russia for similar reasons.

      • XTL@sopuli.xyz
        link
        fedilink
        arrow-up
        3
        ·
        8 months ago

        So they have also no idea how email works or this was political and the bombing was just a convenient excuse.

  • seedd@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    8 months ago

    Soon the goons from the govt will create a made up case (a big one this time), so they can get an excuse to ban proton. Then vpn…then tor…if modi and his bf amit get a 3rd term, india will go from electoral autocracy to proper dictatorship.

  • firefly@neon.nightbulb.net
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    8 months ago

    Everything you need to know about so-called ‘Swiss Privacy’ we learned decades ago from Operation Thesaurus, AKA, Operation Rubicon. We learned that CIA operations and black budget banking are actually headquartered in the Swiss underground.

    Operation Rubicon
    https://en.wikipedia.org/wiki/Operation_Rubicon

    Crypto AG
    https://en.wikipedia.org/wiki/Crypto_AG

    If you trust any third-party server to protect your privacy, you’re a rube. If you trust Proton Mail to protect your privacy, you’re a rube getting ‘crossed’ by the Swiss Rubi-con. Either you own your keys and your data on your computer or else you have no privacy. Someone else’s promise that your data will be ‘encrypted’ so they can’t decipher it is a hollow pledge. If you send any form of plaintext to a remote server, no matter how much they claim to encrypt it, you have zero assurance of data privacy.

    Watch the phan boiz rage outlet!

    #Cryptography #Cryptology #Encryption #Crypto #Protonmail #CryptoAG #Switzerland #CIA

    • Doods@infosec.pub
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      8 months ago

      So what should we do then? switch to something else? Host our own email service?

      I really don’t know.

      • firefly@neon.nightbulb.net
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        It depends upon your security needs and risk assessment.

        Are you a whistleblower?

        Are you handling confidential business, financial or legal communication?

        Are you being monitored by state agents?

        Are you sharing love letters with someone?

        Are you discussing or transferring confidential records?

        You have to look at and assess your use case before you can decide on a solution.

        No matter what your risks are, every solution should ALWAYS include end-to-end encryption in which the parties own and control their own encryption keys and identity on their own devices, not in the cloud.

        That is the baseline. Then depending on your situation there are other factors and solutions to consider on top of the baseline.

        When you own and control your encryption keys on your own device, then no third party can turn over your keys to a hostile entity. If you encryption is dependent upon a third party, they own your encryption and you have zero security, no matter how much they promise you.

        Here are a few secure communication software examples for consideration:

        Onionshare: https://onionshare.org/
        Retroshare: https://retroshare.cc/
        Bitmessage: https://bitmessage.org