Proton’s privacy policies state that they retain unencrypted metadata (addresses, timestamps, etc.) which are required to provide the service. This information may be disclosed to law enforcement. However, the actual content in your account is largely end-to-end encrypted. Law enforcement might request it, but without the keys to decrypt it they won’t be able to read your data.
Metadata tracking should be very concerning to anyone who cares about privacy because it inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out a network of relations is incredibly valuable. An intelligence agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand. So, in a twisted way, tools for private conversations that share their metadata with third parties, are perfect machines for mapping associations and identifying targets such as political dissidents.
Tbf I’m unaware of a messaging service be it chat or email or whatever that leaks no metadata, afaik they all kind of have to by nature of needing to know at least where the message is supposed to go, if not where it came from, too.
Like, if Bob messages Lisa, the service has to at least know to deliver the message to lisa, even if it didn’t also that it’s from Bob.
My threat model is not mostly concerned with gov. That could change but anyb way we can make it harder and more expensive or to take data or just created competition for Google is start in the correct direction. Just don’t do anything important on Proton.
Right, understanding what your threat model is important. Then you can make a conscious choice regarding the trade offs of using a particular service, and you understand what your risks are.
Proton’s privacy policies state that they retain unencrypted metadata (addresses, timestamps, etc.) which are required to provide the service. This information may be disclosed to law enforcement. However, the actual content in your account is largely end-to-end encrypted. Law enforcement might request it, but without the keys to decrypt it they won’t be able to read your data.
Metadata tracking should be very concerning to anyone who cares about privacy because it inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out a network of relations is incredibly valuable. An intelligence agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand. So, in a twisted way, tools for private conversations that share their metadata with third parties, are perfect machines for mapping associations and identifying targets such as political dissidents.
I don’t disagree with you, but sending and receiving emails requires transmission of unencrypted metadata. There’s no easy way around it
Right, which really suggests that email is not the right medium if you want genuine privacy.
Tbf I’m unaware of a messaging service be it chat or email or whatever that leaks no metadata, afaik they all kind of have to by nature of needing to know at least where the message is supposed to go, if not where it came from, too.
Like, if Bob messages Lisa, the service has to at least know to deliver the message to lisa, even if it didn’t also that it’s from Bob.
If you know of one I’m curious though!
My threat model is not mostly concerned with gov. That could change but anyb way we can make it harder and more expensive or to take data or just created competition for Google is start in the correct direction. Just don’t do anything important on Proton.
Right, understanding what your threat model is important. Then you can make a conscious choice regarding the trade offs of using a particular service, and you understand what your risks are.