ProtonMail was developed in Geneva, where I grew up. It was a spin-off from people who worked at CERN, like the World Wide Web itself.
Geneva is also a United Nations base, and many other NGOs are headquartered/have offices in the area for that reason (the Red Cross, WWF, Amnesty, Greenpeace). There's a lot of local community support for the operators of ProtonMail.
Switzerland is not EU, although it is Schengen. International incidents occur all the time, such as the time I forgot to take my passport when going to school (my parents live in France, but I went to the International School of Geneva in Switzerland). Because people don't need a visa to cross the border, it would be easy for an intimidated web developer to flee the country. Attempting to get an extradition would then require an arrest warrant, which would require a criminal case to be brought against that person in absentia. Although intelligence services can try to threaten ProtonMail (and probably already have), there are a lot of options available in that area to keep individual staff safe.
Nope...Been making one for 3+ years, worked on high risk human rights type stuff for over a decade and never happened.
Surprisingly most people doing things in this space don't have g-men kicking in the door. Live in UK, Ireland and many other countries and hasn't been an issue.
Might not seem real to a lot of people who are affected by certain biases but most Western government type people we meet at conferences etc are actually quietly supportive and respectly agree/disagree with what we are all trying to do. Not eveything is a black or white echo chamber - we are all citizens who understand nuance (for those of us fortunate to live on free countries - of course Turkey is no longer anything near that.)
FWIW Protonmail is very useful for a large chunk of threat models were security is pretty high but implementing PGP in all its various forms is a pain the ass.
It works both ways. A law can be almost nothing without technical means to enforce it efficiently. There can be cases that make a law [almost] futile so the governments give it up. E.g. many governments tried to ban alcohol but it's so easy (yet dangerous as it can blow up and set the house on fire, especially if the cook is drunk and/or the hardware is amateur) to produce at home that fighting it seriously just doesn't seem to make any sense. Some governments have tried to ban the phalaris grass as it may contain tiny amounts of dimethyltryptamines but it just grows all over everywhere so they have given up the ban as it was almost as ridiculous as it would be to ban sand, flies or whatever this common. The problem is to invent a medium for exchanging messages that is easy to establish independently (no need for uncommon devices, no special requirements to the underlying ISP) yet very hard to detect, compromise or disrupt. This sounds like a serious challenge yet not like an entirely impossible thing provided breakthroughs in mathematics/cryptography, physics and the telecom tech still happen from time to time. Some political/economical factors may also play on our side occasionally. My hope is for the whole Internet to morph into a fully-decentralized distributed network employing DIY P2P links as its organic and vital part. Perhaps this may happen once if something is going to make classic ISPs unprofitable and stimulate growth of MESH networks with something like i2P serving as a layer connecting them in one secure and reliable global network.
If the gov. just murders you and gets to your stuff, they can't analyze it to get at more people in your circle.
It just doesn't solve the problem of violent government. But there are still benefits.
The problem is that privacy is not the only thing we care about, and the balance between different needs is a complicated political problem - which is exactly the kind of "soft", people problem which complexity a typical software engineer would underestimate.
Turkey is becoming more and more authoritatian, indeed. However, they're also sharing a border with ISIS and there's a lot of terror activities in the region. Fighting such threats always leads to increasing influence of the military and secret services, and their new capabilities will be used both to fight terror and suppress citizens.
These things are a double-edged sword; any simplistic view on this is inadequate, regardless of whether it's positive or negative.
Maybe if as a people we stopped thinking in terms of funny plots like "they are trying to dilute the peeps" and opened our eyes to the facts before our eyes, we'd be in a better shape.
It's like none of the 'leaders of the world' have read any history. Or they have, and are arrogant enough to think 'that won't happen now that I'M in charge'.
It is an authoritarian, Orwellian government out of the book.
echo "8.8.8.8" > /etc/hosts
On the other hand, if everybody stops using those services, the surveillance tyrants have won...
Do you have a citation? When did that happen?
https://news.ycombinator.com/item?id=16203989
There were other apps using tracking pixels with the Bylock domain and their users got arrested too.
We've seen cases where people sent to prison because they are wearing certain T-short. Really.
edit links:
https://www.theguardian.com/world/2017/sep/11/turks-detained...
https://www.huffingtonpost.com/mahir-zeynalov/turkish-police...
Has this been verified by an independent third party?
Also how do you determine there's an issue with with IP prefixes in AS 15897 Vodaphone Turkey[1], if you don't log IP addresses?
ProtonMail offers an easy access to a client which supports End-To-End encryption for your emails.
So nobody besides the sender and the receiver can read the content of the email. Traditional emails are more or less plain text files which (usually) get encrypted for transfers between mail servers, but every mail server involved in the transmission can read the content.
When you send an encrypted message to a non-ProtonMail user, they receive a link which loads the encrypted message onto their browser, which they can decrypt using a passphrase that you have shared with them. You can also send unencrypted messages to Gmail, Yahoo, Outlook and others, just like regular email.
That's why I said: "Then use meek-amazon as a pluggable transport which should work." meek-amazon makes your traffic look like you're talking to:
> url=https://d2cly7j4zqgua7.cloudfront.net/ front=a0.awsstatic.com
With the snowflake pluggable transport (only available with Linux and Mac alphas for now) the traffic looks like WebRTC.
You can read more about them here:
That's what Telex[1][2] is designed to do. Too bad the project seems to have stalled.
[1] https://telex.cc
[2] https://en.wikipedia.org/wiki/Telex_(anti-censorship_system)
https://www.google.com/search?q=obfsproxy+tor&ie=utf-8&oe=ut...
If it doesn't, people could get arrested and worse. Is this advice reliable enough for that level of risk?
(x) Tor is is one of many layers for anonymity to circumvent blocking. Don't "just" install the tor-browser or tor-proxy on your system but run tails from a clean machine. If you know what you're doing you might want to help others by isolating whole networks using PORTALofPi to guarantee no DNS-leaks. Pro-Tip: build a LEDE based device and share your design with the community so others can benefit and give you input (because you will make mistakes).
(x) Don't use mobile internet if you don't know what you're doing (those who know what they're doing don't use mobile phones for critical comms)
(x) Use burner phones with anonymous SIM cards and aggressive hardware based compartmentalization. Check this article for good OpSec/compartmentalization tips (second half of the article after the discussion on browsers that looks dated).
(x) Despite popular claim VPNs don't give you anonymity. They shift the trust from your ISP to the VPN. If you pay for a VPN service by credit card consider what the payment provider knows about you.
see https://www.linkedin.com/pulse/vodafone-blocks-protonmail-tu...
what's the point? DNS isn't encrypted, so it's trivial to log/intercept your queries.
https://www.eff.org/deeplinks/2016/09/digital-equivalent-rum...
Not endorsing PIA in any way, though do use the services.
I'd argue it is not that complicated once you take the time to explain how it works.
If you're going to tickle the toes of dictatorially-run law enforcement, your security had better be watertight.
Vodaphone like every major ISP has a NOC. Did Prontomail reach out to the ISP to see if it was a routing issue?
I don't see that mentioned above anywhere in the investigation methodology. How did you confirm that it was a "government-ordered block" if you only worked with "members of the ProtonMail community'?
Just because there's "ProtonMail users who work within Vodafone Turkey" doesn't mean they have enable level access on Vodaphone's routers.
He's saying they'll use tunneling to get around the block so they can carry on using it.
It's not like the e-mail receivers couldn't already see the host, but I was unaware of that when I was registering an account, so I'm calling that a dark pattern.
At least it was easy to self-delete it afterwards.
216.239.36.219 <- For example this address returns "HTTP 504" from Vodafone. There are some other addresses like this which happen to be around, randomly.
So it may be a misconfiguration on Vodafone TR Network, routers or such thing. Sample curl output below.
$ time curl -vki 216.239.36.219
* rebuilt url to: 216.239.36.219/
* trying 216.239.36.219...
* connected to 216.239.36.219 (216.239.36.219) port 80 (#0)
> get / http/1.1
> host: 216.239.36.219
> user-agent: curl/7.47.0
> accept: */*
>
< http/1.1 504 gateway time-out
http/1.1 504 gateway time-out
< server: webproxy/1.0 pre-alpha
server: webproxy/1.0 pre-alpha
< date: mon, 08 may 2017 07:04:23 gmt
date: mon, 08 may 2017 07:04:23 gmt
< content-length: 0
content-length: 0
< connection: keep-alive
connection: keep-alive
<
* connection #0 to host 216.239.36.219 left intact
real 0m10.909s
user 0m0.012s
sys 0m0.004s
$ curl -vki http://84.19.190.203/
* trying 84.19.190.203...
* connected to 84.19.190.203 (84.19.190.203) port 80 (#0)
> get / http/1.1
> host: 84.19.190.203
> user-agent: curl/7.47.0
> accept: */*
>
< http/1.1 504 gateway time-out
http/1.1 504 gateway time-out
< server: webproxy/1.0 pre-alpha
server: webproxy/1.0 pre-alpha
< date: mon, 08 may 2017 07:56:58 gmt
date: mon, 08 may 2017 07:56:58 gmt
< content-length: 0
content-length: 0
< connection: keep-alive
connection: keep-alive
<
* connection #0 to host 84.19.190.203 left intact
$I had to switch to the legacy SSL port 465 for SMTP to use encryption.
i guess when people in the us or europe think about censorship, then think of this romantic blocking of some services, and if you`re tech-savvy enough, you can bypass anything.
no you can`t (at least i can`t). it`s turkey now, it`s gonna be universal tomorrow.