Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.

Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises “not even government agencies” can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.

  • twoBrokenThumbs@lemmy.worldEnglish
    5·
    9 hours ago

    Man I really wish people could report on Proton in a neutral manner. I think this information is really important, but the article is so skewed towards Proton being a deceptive company that I lose the real details reading it.

    And the author makes claims like it being a pattern because Proton Mail says it can’t read your emails but they can read the plain text inbound emails before they encrypt them. Um…of course anybody can read unencrypted plain text emails before they get encrypted, and Proton straight out states that.

    I think this is an issue, but given that there was no statement given by Proton or a sentence saying I reached out to proton but they declined to answer, I will need to wait for more information to have an opinion.

  • meta4@retrolemmy.comEnglish
    7·
    1 day ago

    While the content of this article may be valid, I couldn’t help but scoff when he mentions his test running Meet through Brave… Pot, meet kettle.

  • mfed1122English
    45·
    2 days ago

    I like Proton and I think a lot of the criticism of them is perfectionist, idealistic, unrealistic, etc. But this time, this is pretty bad. Very disappointing and its hard to see this as anything other than intentional dishonesty by Proton in addition to lazy software architecture. I will be writing in a complaint to them about this.

  • iturnedintoanewt@lemmy.worldEnglish
    23·
    2 days ago

    The pitch is that Zoom, Google Meet, and Microsoft Teams are CLOUD Act-subject, and Proton Meet is the safe alternative. Their blog describes the result as “as private as meeting in person.” I spent the launch day investigating that claim. Proton Meet is built entirely on LiveKit Cloud, a US company whose contracts are governed by California law, subject to the CLOUD Act, with an infrastructure chain made up exclusively of American companies.

    So. Yeah. This could be false claims?

    • mfed1122English
      8·
      8 hours ago

      The actual content of the meeting (the audio, video, screen sharing, chat messages) is encrypted, even though it is processed on computer located in the U.S. So this is a little dishonest to say is outside of the CLOUD Act, because the data is literally subject to the act. But then, it’s encrypted, so that’s not so bad since it’s basically impossible for the gov to make sense of the data even if they do requisition it.

      But the real problem is that other data is not encrypted, yet still is handled on U.S infrastructure: everyone’s IP addresses in the meeting (which can be used to guess their location down to the city more or less), when the meeting started, how long it lasted, which address initiated the call, and some other more technical (and less severe) things. As the author points out, U.S prosecutors have won cases in the past using only phone records that show Alice called Bob, without at all needing to know what they talked about. So since the whole point of this is to avoid government troublemaking, leaving this data not only exposed (not much they could technically do there) but worst of all on U.S computers is just such a facepalm move.

      Its clear (to me, the author doesn’t comment on this) that they use U.S companies’ computers because these companies have basically the best and easiest-to-use infrastructure for handling heavy duty stuff like video conferencing. As a developer, I get it, it sucks not to be able to use these powerful and convenient tools. But when your products ENTIRE value is that it doesn’t expose your data to the U.S government, building it in such a way that it… Literally does do that, with enough data for prosecution…Seems like blatant dishonesty to me.

      Bonus stupid thing: There’s an anonymous call join function where you can call without a Proton account, which they call anonymous because it hides your IP address from the person you’re calling with and which they criticize competitors for not implementing. So this makes it clear that they understand the importance of hiding the callers IP - they’re using it as a point of marketing. But the way this hides your IP is, rather than you and the person you’re calling knowing each other’s IP, both of your IPs are plainly known by Oracle’s computers in Arizona… Which is like…worse, if the thing you’re worried about is governments more than the person whose meeting you’re joining. And again since that’s the main selling point of the product… Just seems very dishonest and lazy.

      There are ways that they could have done this properly, mostly by simply just not using U.S tech companies at all, but that would have been more expensive from a development time standpoint, and maybe for maintenance too. But this is the whole reason for the company’s existence. So to see them cheesing out on it seems to me like they’re thinking their customers aren’t that savvy. Looks bad.

  • Steve@communick.newsEnglish
    2·
    2 days ago

    Proton Meet is the same architecture of promises, the same fine print, identical sub-policies.

    As expected. That’s exactly what they told me it was. I’m not seeing the problem here.