So, @ProtonMail had to give out information about one of their users. Navigating what has happened is a bit tricky, and I'm not going to complain about the fact that Proton handed out the data. Why? Thread.
First of all, Proton is (probably) not storing people's IP addresses. From what I understand, they have been ordered by authorities to turn on IP logging. That the suspects are a group of youth climate activists is not something Proton can use as a basis to refuse.
Most likely they didn't even know it was a group of youth activists to begin with. Hopefully not - that would mean that they do have more information than they claim on their users. I trust @ProtonMail, and this situation has not changed that.
However, they're based in a country that has a government that can control their actions. That's the main flaw. A lot of activists, technologists and hosters have this idea that certain countries are "bulletproof" when it comes to privacy. That's certainly not the case.
Certain countries protect privacy more than others. Few countries have no laws about when they can order companies to hand over - or collect - certain data. In general this is needed in a working democracy, since it means we can protect in those extreme cases when we need to.
My own experience has been that companies/organisations, especially the ones run by technologists, have failed to understand the need of decentralisation. Even if we do talk about it in technical terms, they fail to do it in their organisation.
My own projects, and the one I help/work with, have an understanding of this. Historically that's been more important than the technical decentralisation or security. The understanding of legal as well as tech is a niche that sets these projects ahead of the game.
That doesn't mean I wouldn't help the government if I can, in cases where it makes sense. Peoples lives are at stake - sure we'll help. But it makes it a cooperation between us and the authorities asking. We can make an ethical decision to help across multiple jurisdictions.
In terms of us vs Proton, I can say that we would have had a choice that Proton doesn't. It doesn't mean that Proton did anything wrong. It just means that their threat model was not working for this particular case. And our model probably has flaws as well.
The shitty situation here is that a group that should have been supported and protected was not granted those rights. It's not the fault of @ProtonMail, it's the fault of the authorities. And I'm sure that Proton will take lessons from this to improve their threat model.
The basic problem here is again that we've centralised things. Organisations, services (e-mail is among the easiest of all services to have decentralised), and trust.
We often get questions from potential partners if we're "bulletproof". We always ignore those partners, since they don't know what they're talking about. We're ethical when it comes to privacy. No serious organisation claim to be "bulletproof".
Now to end this - we need to help the youth climate activists. And it's not going to help by complaining about @ProtonMail. They are still part of the good fight.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Maybe you heard that the domain dark.fail (@DarkDotFail ) got hijacked. Here's the story on how it happened. A thread! (I've pieced together the data I have so I might have some small errors in this thread, FYI.)
First, the domain was registered through a service I started, @njal_la (or transferred in, not sure here). Njalla in turn uses @tucows as a registrar for .FAIL domains.
On the 28th of April, Tucows receives a court order, from Amtsgericht Köln, the district court of Cologne, NRW, Germany. It contains a list of domain names that they want handed over. Two of three domains listed are registered through Njalla, the last one with @hover.
A small update to this. The day after my twitter thread about @ICANN I finally got a reply to one of my many e-mails. Quote: "I apologize for our delay in getting back to you" (aka: Thanks for retweeting). And today we had a voice chat about the application. Another thread!
I got some sort of semi-excuse regarding their claim that I lied on my application. They also said that they agreed it wasn't fraud or similar really. So both of the points they made regarding the denial was not really the reason.
However, @ICANN says that IP infringement is as serious to them as fraud. Fraud that happened 10+ years ago is not as serious as potentially aiding with IP infringements that happened 15+ years ago though. Because turns out I'm actually banned from doing business with ICANN.
The non-profit organisation @ICANN, that controls the central backbone of the internet (the root-servers) and has a monopoly on letting registrars (think godaddy) resell .com/.net/.org/etc domains, denied my application to become a registrar. A thread.
Since 2019 I've had an active application with ICANN. They're famous for being a bureaucratic nightmare to deal with, so I expected a long process. It got delayed by the passing of my mom last year and by covid. That's understandable.
By becoming accredited by ICANN you have the possibility to make direct deals with the organisations that run certain top level domains (.COM .NET .ORG etc). ICANN only accredits you, gives you an accreditation ID and you make the deal with each organisation separately.
It's interesting to see so many artists, curators, activists are trying to make physical public spaces available as the public to a lesser extent offers them. We should replicate this understanding to the digital realm -- where public spaces never existed at all.
The Internets as an invention was revolutionary because it was so unregulated and open. The mindset that ruled then, that the network was equalising people, that it would connect erveyone regardless of background, is falsely still the narrative used for the services online.
The private sector has captured this story, and capitalised and taken control of what we believed would be the world's public platform.
People are asking for more pirate bay stories. Sure. I have a few... Thousands.
Do you know that tpb once hijacked North Koreas Internet? torrentfreak.com/the-pirate-bay…
Someone managed to find a broken router setup which managed to make it possible to pretend to be north Korea, in a more central routing location than actual north Korea. To make it look real even the traffic was slowed down to look like a satellite connection.
Took days before people figured it out. It was quite fun, unfortunately it meant that people in North Korea had issues getting online. But I think their sacrifice was worth the lulz.
The pirate bay, the most censored website in the world, started by kids, run by people with problems with alcohol, drugs and money, still is up after almost 2 decades. Parlor and gab etc have all the money around but no skills or mindset. Embarrassing.
The most ironic thing is that TPBs enemies include not just the US government but also many European and the Russian one. Compared to gab/parlor which is supported by the current president of the US and probably liked by the Russian one too.
Seems a lot of people wants to learn more about the pirate bay. Here's an older documentary, tpb afk.