this post was submitted on 07 Feb 2025

189 points (99.5% liked)

Privacy

33459 readers

557 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

189

UK government demanding access to encrypted iCloud (www.bbc.co.uk)

submitted 18 hours ago* (last edited 18 hours ago) by milicent_bystandr@lemm.ee to c/privacy@lemmy.ml

44 comments fedilink hide all child comments

UK government is trying to get into iCloud end-to-end encryption. (Again?)

Makes me think about email servers too. Most of my private information is in emails, and not only I use a service where the host machines access the email, so do almost everyone I email to/from.

you are viewing a single comment's thread
view the rest of the comments

[–] ocean@lemmy.selfhostcat.com 4 points 17 hours ago (2 children)

Then what’s the point of services like Proton and Tuta over Gmail?

[–] Gayhitler@lemmy.ml 9 points 16 hours ago (1 children)

Anonymity and not being google or one of the other big mail providers.

Email is not an easily selfhostable service either. Modern spam filtering systems require the maintainer to jump through a bunch of hoops intended to defeat their anonymity and establish a recourse in case of problems.

[–] Telorand@reddthat.com 2 points 14 hours ago (1 children)

They're not anonymous, contrary to common perception. They're encrypted, but they know things like your IP address and which IP addresses you're communicating with, even if they don't know the content of your messages. Some of them explicitly state as much.

Depending on the local laws of the company or servers, they might be compelled to share whatever data they do have, which could be enough info to assist law enforcement in making an arrest, even if they can't see the message itself.

If you want anonymous email use, you have to use a logless VPN at a minimum every time you access a third party encrypted email service. That way neither side of the email exchange can tie your IP address to you.

[–] Gayhitler@lemmy.ml 2 points 14 hours ago (1 children)

Of course, I only meant that unlike Gmail and such services like proton don’t actively impede your anonymity and build a profile on you as far as we know.

[–] Pika@sh.itjust.works 4 points 14 hours ago* (last edited 12 hours ago) (2 children)

Proton does require you to have a dedicated phone number or email to sign up though, like that was my main thing that swayed me away from making a protonmail account was when I went to sign up I was met with a phone number requirement and I'm like "oh well this isn't going to be helpful"

They claim it's to prevent abuse of the service, and that it's only the cryptographic hash which can be used to find out if the email has been used on an account before. But I dislike that it requires even going that info

ammendum: apparently this restriction may be based off of your region used and browser. I was able to finally successfully create an account using Chrome, but Firefox exclusively gave me email or phone number requirements

[–] refalo@programming.dev 1 points 6 hours ago (1 children)

But I dislike that it requires even going that info

I never understood this stance... do people really think a corporation is going to risk their entire company over your anonymity when their country's government does not allow this? Nobody is going to jail for you.

Plus, if everyone could easily sign up anonymously, then like they said, it would be overrun with bots and the reputation of their IPs would quickly deteriorate to where most other email providers would just block them, making the service almost worthless.

[–] Pika@sh.itjust.works 1 points 6 hours ago* (last edited 6 hours ago)

It's a privacy activist stance, privacy and security are always at a constant battle. There was a post about it a few weeks back, every attempt at security compromises privacy, because private info is the easiest way to lock security down, so it's always the route that companies take. Personally I don't think a corporation should have to risk their company over it, but I don't think a company that isn't privacy oriented should pretend to be. It's misleading. I give them credit that they might be good for privacy but, the entire operation gets undermined when in order to sign up, it tries to force you into giving information that could identify you. The less information needed the better, and the less you can tell overreachers. If you don't have the information you don't have the information. That's signals motto, it's also Mullvads motto, and its the direction that proton runs in if you can find your way through it's hoops.

[–] Gayhitler@lemmy.ml 4 points 13 hours ago (1 children)

I think I got in before they started doing that.

Actually I don’t think they require that. I just set up a new proton account on a device with a fresh wipe from a vpn endpoint I never used before and they offered to record a phone number or recovery email but didn’t require it.

[–] Pika@sh.itjust.works 3 points 13 hours ago* (last edited 13 hours ago) (1 children)

Can you tell me which endpoint/region that you used? Cuz I just tried using a VPN endpoint from Switzerland Sweden and Ukraine and all three of them brought up a requirement to have a verification email

edit: disregard apparently it was a browser issue, switched from Firefox to Chrome and reconnected to a Switzerland endpoint and it let me solve a captcha instead of using email verification system

[–] Gayhitler@lemmy.ml 3 points 13 hours ago (1 children)

Mullvad us Denver 205.

I’m also using their encrypted dns though that shouldn’t matter. Recording an email might be a regulatory requirement of the intelligence sharing treaties of the eu and broader eurozone.

Try an endpoint outside of the western world and see what happens!

[–] Pika@sh.itjust.works 1 points 12 hours ago* (last edited 12 hours ago)

Yeah weirdly enough it ended up being a browser issue, Firefox wasn't able to use anything but email verification/phone number verification but Chrome was able to offer a captcha in place of it

[–] milicent_bystandr@lemm.ee 2 points 14 hours ago

Smaller attack surface and fewer leaks. If you specifically are targeted, the government will look for a warrant for the data in your account, rather than the one you sent to. Gmail also I think there's a concern that text will leak via AI - I remember hearing this concern even when it was just that associations in search terms might build from private email content.

I don't think gayhitler is entirely correct about reading all the plaintext emails. If I understand right, major (most?) email providers use TLS (encryption) between each other and and to your laptop. The difference is the email is available on their servers somewhere, if someone were to get access.