[kwlug-disc] FAANG-free list

[Mikalai Birukou]

<With the disclaimer of my own involvement into alternatives, in a 
spirit of walking/building the talk.>

Sorry to throw a bit of cold water on Swiss' shows, but

>> Swiss privacy laws (where Protonmail is based) are much tighter than
>> Canada and they are outside of any Canadian jurisdiction.  Meaning that
>> any warrant (for whatever reason) would not do a single thing.
>> Protonmail also as a plan that includes both email hosting and VPN services.

a) Do you remember how Protonmail guys were helping to collect 
signatures against Swiss' version of cyber terrorism bill? Do you recall 
that a bad bill actually passed, despite the outcry? I am sure that 
there are adequate protections for Swiss citizens, but I am Canadian. In 
fact, I am a suspicious Canadian, as I hold two passports.

b) Let's also note that Swiss government did in fact invested or even 
granted Protonmail sizable chunk. I can't imagine any friction for 
spooks from here to talk to spooks there, who may have a friendly ear in 
a company, especially, when all legalities are probably settled, to 
provide info about "who that person is talking to who" (capture of 
metadata, or surveillance).

> They have also been open sourcing more of their stack which is pretty
> awesome.
> https://protonmail.com/blog/protonmail-open-source/

c) And how do I know that this code is running on their servers right 
now? How do I know that my particular IP won't get a patched JS in a web 
client that will leak my key, to open end-to-end encrypted messages for 
wiretapping? There is no technical guarantee.

Don't get me wrong, open source code is great, especially when you can 
run it as a federated service from your own box. But open-sourcing is 
not a protection from scary APT's.


Protocol between client and server should guarantee that there is 
absolutely nothing on server that can be abused. 3NWeb protocols do 
this. We are building it. The Hope is near. Stay tuned :) .