Maybe. Maybe not. Nobody knows for sure, however after each of these click/bang the "there will be no more problem!" thesis seems less and less prominently published.
No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.
In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.
Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.
Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.
Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.
The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach.
This makes the situation even worse for me. CERTs lack any legal authority to compel action or enforce compliance. Without a thorough and fast post mortem analysis, this incident is deeply concerning for anyone who relies on Proton as their primary email provider. I guess getting trigger happy just comes as soon as you get a bigger user base but that's exactly when you get caught slipping. Like they did with the false positives it honestly reads like:
"We have good relationships and trust this CERT so we carpet bombed all accounts they send us without even looking at them."
I wonder what would have happened to accounts or users without the reach on socials.
they didnt do it because CERT said they legally had to - they did it presumably because they pay CERT to catch abuse and misuse and take action based on their findings
This doesn't change my statement, even if they take the word of the CERTs as gospel. This represents a significant attack vector for denial-of-service attacks, as demonstrated by what happened here, and for a service like Proton, such a vulnerability is nearly inexcusable.
What's the attack vector? I'm genuinely curious, I'm not seeing it. My understanding that I'm too lazy to investigate further is that the use of this account by a journalist got caught up in a block of accounts because the nature of its legitimate activities too closely mimicked the behavior used by illegitimate accounts. No one can force a journalist's account to take actions if they don't have the credentials of the account.
Automated Trust Chain. According to their official statement, the accounts were reinstated following individual review. The vector is that legitimate accounts that don't break the ToS get dumped in a big set of accounts that actually do. A classic case of automated systems being gamed to trigger false positives. The vague statement about other accounts from the same set that couldn't be restored while not explicitly naming that these accounts were also phrack accounts makes the case even stronger. It was a denial-of-service and they blatantly didn't care until social media outrage hit them. I am not even blaming the CERT here maybe they were real false positives on their side. It's on Proton. They need to verify before taking actions against their own customers.
I don't follow. They can't tell if their terms of service have been violated so they took CERT's word for it? How did they decide to restore two accounts then?
Most tea bags that you purchase anywhere use some level of plastics in their component materials and/or binding (especially this latter). The only safe options are metal strainers that you filter the tea with (and that hopefully don't have coatings on them that are harmful... boiling a new one would not be a bad idea before first use) or just loose leaf.
Disease can change body odor, and dogs have been trained to "sniff out disease" [0][1] (i.e. detect via smell) for years. Various researchers have been working on robot noses that would be able to do the same.[2] Presumably a widespread and/or less expensive version of this "robot nose" is what doku means by "AI nose sniffs out many common diseases".
lol, I do mean a sniff with a nose. The technology I'm referring to can work by taking air sample. This technology exist, the prediction is that cheap version will be available. My assumption is robots will want a digital nose, for example nanny bots will want to smell smoke and react. An example I read for this technology is that grocery store robot will want to detect spoiled food. It will be mass produced and gets cheaper. But we don't have a robot industry yet, so my confidence level on this prediction is low. The AI part of this is just data analysis of spectral lines.
reply