LytiaNP

joined 2 months ago
sorted by: new top controversial old
Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency in c/privacy@programming.dev
[–] LytiaNP@lemmy.today 2 points 2 weeks ago

Proton is by no means the best company when it comes to privacy, but it only benefits companies like Google and Meta if we’re constantly dragging its reputation through the mud over a bunch of misinformation. Below is taken from a response on Reddit.

Hi everyone,

No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.

In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.

Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.

Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.

Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.

The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach.

Here’s a post from Andy (the ceo) as well

TLD - .ch vs .org in c/privacy@lemmy.ml
[–] LytiaNP@lemmy.today 3 points 1 month ago

By hosting it through tor, they’re effectively removing it from the worlds DNS providers, and limiting their users to a minority of advanced users.

Recommendations on a home alarm system in c/privacy@lemmy.ml
[–] LytiaNP@lemmy.today 2 points 1 month ago* (last edited 1 month ago)

Thanks for the reply. While I’m sure that the video feed wasn’t the easiest to access from an outside attackers end, the fact that it was even being sent to the cloud, unencrypted, without consent, in the first place is a little more than a “minor” controversy. A company advertising a camera that works local only, and then proceeding to quietly upload everything from the camera to their servers, servers that, mind you, cost money to operate, likely have malicious intent.

While it may have been sensationalized, given this is a privacy comm, it should at least be worth mentioning.

Recommendations on a home alarm system in c/privacy@lemmy.ml
[–] LytiaNP@lemmy.today 8 points 1 month ago* (last edited 1 month ago) (2 children)

They keep data local by default

https://gizmodo.com/eufy-local-security-camera-cloud-unencrypted-scandal-1850059207

The original security issue was first noticed by security researcher Paul Moore, who noticed Eufy cameras were streaming recorded video to a cloud server on the site’s web portal, even though cloud storage wasn’t enabled. That data sent to the cloud remained unencrypted.

https://www.theverge.com/23573362/anker-eufy-security-camera-answers-encryption

Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted — they can and did produce unencrypted video streams for Eufy’s web portal.

The article also includes a response from Anker.