‹ All episodes

The Decentralists

Hot Topix: Proton Torpedoed

October 05, 2021 Mike Cholod, Henry Karpus & Geoff Glave
The Decentralists
Hot Topix: Proton Torpedoed
Info
The Decentralists
Hot Topix: Proton Torpedoed
Oct 05, 2021
Mike Cholod, Henry Karpus & Geoff Glave

ProtonMail is a a secure, end-to-end encrypted email service developed by a group of scientists working at CERN in Switzerland. 

On their website, ProtonMail touts that their servers are located in Switzerland, and therefore subject to very strict Swiss privacy laws, as the primary reason to pay for the service.

ProtonMail is used by journalists, whistle blowers and activists all over the world precisely because its is secure, private and untraceable.

Until recently that is.

Russell Brandom from the Verge recently exposed a flaw in the ProtonMail business model and it was those same pesky Swiss privacy laws that supposedly guaranteed their privacy.

Why is this such a big deal for Proton Mail users?  The Decentralists will explain on this week's episode.

Share
Apple Podcasts Spotify Overcast Castro Castbox Pocket Casts +
Show Notes Transcript

ProtonMail is a a secure, end-to-end encrypted email service developed by a group of scientists working at CERN in Switzerland. 

On their website, ProtonMail touts that their servers are located in Switzerland, and therefore subject to very strict Swiss privacy laws, as the primary reason to pay for the service.

ProtonMail is used by journalists, whistle blowers and activists all over the world precisely because its is secure, private and untraceable.

Until recently that is.

Russell Brandom from the Verge recently exposed a flaw in the ProtonMail business model and it was those same pesky Swiss privacy laws that supposedly guaranteed their privacy.

Why is this such a big deal for Proton Mail users?  The Decentralists will explain on this week's episode.

Henry: Hey everyone, it's Henry, Mike, and Geoff of the decentralists. Now, our hot topics title today is kind of humorous, Proton Torpedoed.

Mike: Love that.

Henry: It's a good one Mike. So, what do we mean by that? Well, ProtonMail is a secure end-to-end encrypted email service, developed by a group of scientists working at CERN in Switzerland. Released in 2014, ProtonMail was funded through a crowdfunding campaign and they have a mass... Over 70 million users, most of them paying a minimum of $70 per year. On their website, ProtonMail totes that their servers are located in Switzerland and thereby, subject to very strict Swiss privacy laws, this they feel is worth the price for their premium email service. ProtonMail is used by journalists, whistle-blowers, and activists all over the world, precisely, because it's secure, private, and untraceable until recently that is.

Russell Brandom from The Verge recently exposed a major flaw in ProtonMail's business model and ironically, it was those pesky Swiss privacy laws. So, this is a very interesting one, Mike why don't you start us off? What exactly happened at ProtonMail?

Mike: I think maybe the first thing to kind of do is review just what exactly ProtonMail is. ProtonMail is kind of like the email equivalent of WhatsApp signal and telegram. It is an encrypted end-to-end email service, so if you're somebody that uses email to communicate, like back in the days, people would use SMS or at the beginning, Facebook messenger, or whatever to communicate, and you want to be private, and secure, and encrypted, and all of that good stuff, you would switch to ProtonMail. And, the idea with ProtonMail is that you can get encrypted addresses, they can be kind of weird garbled things, it's all of this fun, great stuff. And so, it's used by a lot of really, kind of sensitive people, as well as just average people, and it costs money, it's about 70 bucks.

Henry: What do you mean by garbled email addresses?

Mike: Well, like you can... Sometimes you'll see a proton mail address that will be abjxfifty7@protonmail.com. And that's because, what you can do with proton mail is, you can either have an address that just says, mike@protonmail.com, or you can have this... You can create like a kind of an encrypted, garbled email that you can exchange, say if you want to sign up to a service or something, and then they don't... It's not really trackable back to who you are. So, they remove the identifier, so it's all of this good stuff, but at the end of the day, what it is? It's an encrypted server-based, centralized email program, just like WhatsApp is a centralized messaging program.

Henry: Okay.

Mike: And so, the idea is, with ProtonMail, they're kind of... The way they raised money, and the way that they got 70 million users, was to say, we have these servers, these servers are based in Switzerland, which means they're under these really strict Swiss privacy laws. So, we're going to be able to basically keep your data safe in these servers, because it's in Switzerland.

Henry: Okay.

Mike: And so, this is the idea they're saying, oh yeah, it's really hard. Well, that was until kind of last week, so last week, the French authorities, so the police in France, they submitted a subpoena because they were trying to find, and identify, and locate, and arrest, or whatever, a climate activist in France. And by doing, they run through social media, they're doing all this stuff, and this climate activist is being very careful about... They don't want to advertise that they're an activist, I mean, if you've seen some of the recent stories, like 300 climate activists were murdered last year.

Henry: Oh man!

Mike: Seriously, for doing their job around the world, protecting forests and stuff. So, you can understand why you wouldn't want to let everybody know where you are. So, this climate activist uses a ProtonMail address and the French submit a request for a warrant to the Swiss authorities, and the Swiss authorities, in this case, don't know why, approved the warrant and what they did is, they created a Swiss warrant. So now, it's not French war, now they have a Swiss warrant, you're in Switzerland, you have to obey the warrant. And... But the problem... What was really egregious, and I found really egregious was, they took the... They served the warrant on ProtonMail and ProtonMail went into the back end on their servers to this climate activist's email account.

Henry: Yeah.

Mike: And flicked the switch that enabled IP tracking. So, what they did is, they ran it for like three, four days, and because... We've talked about this before, because you know, let's say you're using ProtonMail on your phone, or you're using it on your computer, or you could be using it at a library, or an internet cafe, every time you send a message, where it comes from and where it goes is recorded by ProtonMail servers, not the content, but the where it goes.

Henry: Right.

Mike: So, they run it for a week, they give the details to the Swiss, the Swiss give it to the French and they arrest the climate activist.

Henry: Oh, wow! Okay. So, Geoff, could ProtonMail have done anything differently? Now, I mean, in the grand scope of things from architecture to their response to the French authorities. Do even how they conduct themselves in Switzerland from a legal perspective, what are your thoughts?

Geoff: So, I think there are two components here, there's the legal component and then there's the technical component. So, the legal component, I'm not a lawyer and I'm certainly not a Swiss lawyer or a European lawyer, so I can't comment in too much detail or too much understanding on what the law is, although that of course has never stopped me before. So, I think... If you look at Apple, Apple has had similar things in the past, where they have been subpoenaed to provide this information or that information, and apple has... In some cases, fought those requests. Why? Because Apple has the legal might there, worth billions and billions of dollars.

Henry: But they're the biggest company in America.

Geoff: Yeah. They've got armies of lawyers they can afford to do that, and the American justice system moves slowly so they can counter Sue and Sue and counter Sue and so on. So, we are I don't really know what the state of the legal environment is in Switzerland, such that, if they get a subpoena and they counter sue, do the constabulary show up a day later and put all the principles of the company in jail or what happens? I don't really know. So, what legal recourse they would have had to say, no, we're not going to turn on IP address logging, and no, we're not going to comply with your order, or rather, we are going to counter Sue or what have you. I don't know, I can't answer that question. But, judging by the fact that they responded quickly, that would suggest to me that their legal options were few.

Henry: Right.

Geoff: Now, architecturally, it's a different question. And I would suggest that part of the fly here is that, they had the ability to do this in the first place, so, if they had architected their system, such that, there was no ability to log this information, then had the authorities come knocking and said, provide us this, and they were to have responded and said, well, we can't provide you that, we have no mechanism to get you this information, it doesn't exist, here, come and audit our system and you'll see that what we're telling you is the truth. Then they wouldn't have been in contravention, and we've seen this with other messaging platforms in the past that offer some degree of encrypted communication, where they have no mechanism to do these things.

So, when the law comes knocking, they don't have... They can legitimately say, sorry, I can't help you out. So, I think that is the flaw and the design is because the authorities knew that they... Presumably knew that they had the means to provide this information, ProtonMail had painted themselves into a corner. And now they're putting the onus back on the users and saying, oh, well, use a VPN or use Tor and you will be able to get around this, whereas, their message previously was, you can trust us, now they're saying, well, here are some workarounds you could have used. And really, they should have thought of those workarounds ahead of time and built them into their architecture.

Henry: So, obviously, ProtonMail, like everything else on the internet, currently is a centralized service. So, can any centralized service provider be trusted if this can happen to ProtonMail?

Mike: Well, I mean, whether you can trust somebody is kind of independent of the architecture of the system, I would say, that's the first step. Some people, I guess, are trustworthy, some people aren't, but this is a situation where... One of the things about, kind of the centralization and the structure of this kind of cloud-based central service kind of internet is that a lot of the building blocks that they use are either standard or basically kind of dime a dozen. So, if you're building a centralized server-based app, you can just... In 10 seconds, you can set up a server on Amazon, or income goal, or one of their clouds, and then you just bolt together a bunch of different things. Like, here's a service from some guy that allows me to do email, and sSMTP, and here's this. So, there's all this architecture...

Henry: I mean, you could do it in the day, couldn't you?

Mike: You could, pretty much. And if you think about it, I mean, structurally, you'd look at ProtonMail and you know, what is it? It's WhatsApp for email, right? It's a server that gives you an email address and they use encryption, which is great, and they've got a couple of little nifty things, but basically, it's all... Their whole business model is, it's in Switzerland.

Henry: Right, okay.

Mike: And this is their response as well. But the truth of the matter is, to Geoff's point, is... So, the first thing is, when you're... If you're doing business legally in some jurisdiction and the law of the... The legal authorities of that jurisdiction produce you a warrant that says, you have to do this, or give us this information, or here's an email address, I need you to give me all the data. You have to give them basically what you have.

Henry: You have to comply.

Mike: You have to, well, of course, unless you want to go to jail.

Henry: Right.

Mike: And so, you comply. And so, it's to Geoff's point. The fact that they probably have this... They've probably got like a standard kind of PKR encryption kind of software, they've got standard, you know, SMTP mail servers, and all of these, clearly, all of these logging and routing records, which come with these services. Because, let's face it, remember Henry, centralized internet is all about collecting as much data as possible on every bit, the transits, the net.

Henry: Right.

Mike: So, it's only logical that if you're using an off the shelf email program, or an off the shelf network program, and all these other things, libraries, things like this, if you're using these off the shelf things, they were originally built to collect all this data.

Henry: They have all the APIs to get everything.

Mike: Totally! And so, basically, what they did is, they took this thing, you bolt it all together, you put encryption on top, and you say, it's safe. Oh, well, okay, we're going to do it one better than Facebook, where they say it's safe and it's in their servers all over the world. They say it's safe because it's in Switzerland, that's like a double guarantee. But as we know, even Switzerland is not sacrosanct, I mean, they used to be, back when I was young, and back in the stone age, remember Switzerland when it came to banking, was always this country where they said, oh yeah, all these criminals, and ex-Nazis, and people like this were parking, you know...

Henry: And dictators.

Mike: Big boxes, full of gold in Swiss banks. And the Swiss banks had this privacy law. In Switzerland, they said, we're not giving that information to anybody, so it was a great tax, Dodge. And then, you remember about 10, 20 years ago, they opened up about all that too. So now if you bank in Switzerland, the Swiss authorities will give up your information if they get a subpoena.

Henry: Yeah, I remember that.

Geoff: The banking guys will, and that was like, what? So that kind of really... Kind of ruined that whole image for Switzerland. Now, what you've got here is basically, is this the crack in the dam? So, the ProtonMail folks told everybody, sold all these people a bill of goods, I'm going to say it, okay. Where, now, even the activists, the journalists, the whistleblowers, and even the average citizens who use and pay for this service for the privacy and air quotes, "anonymity that it provides" I no longer have that. And so, if you look at a company like ProtonMail, and you realize, geez, if I was going to use ProtonMail to whistleblow on something that was happening at the chemical plant, I worked at, for example.

And the chemical plant guide gets a subpoena by some judge that says, tell me who this person was. And then, now you end up in jail or whatever, who's going to whistleblow? Who's going to... Who's going to let any of this stuff happen? Snowden doesn't do his thing if he's using ProtonMail now.

Henry: Okay. Well then...

Mike: You know what I mean? So, I don't... I honestly don't think you can... It's not the people Henry, it's the architecture that you can't trust.

 Henry: Okay. Yeah, that makes sense.

Geoff: Exactly! And I think there's one other key piece when we talk about architecture here, and that's the fact that in the end, ProtonMail had to be able to talk to other email providers using standard email protocols. And email has... The baseline email protocols have been around for 40 years now, I mean, we all sort of got our first email addresses, 25, 26, 27 years ago, people like universities, maybe 30 years ago. But this original protocol is nearly 40 years old, and we can probably remember, those of us with gray hair or no hair, dialing up to the internet, and then we fire up Eudora, and then we watched that bar as all our emails download from the server, then called, on the internet, now called in the cloud. All our emails would download from that server onto our computer.

When we sent an email, it would go from our computer to our ISP server, and then they would bounce it across the internet, and then it would live in another server until the recipient downloaded it. Well, that fundamental protocol of email has been largely unchanged for decades. Now, there are now web interfaces on the front of it, and there have been various public-private key stuff, so judge Jibberish is coming down and this, that, and the other thing. But fundamentally, even if you have a Proton email account, if you want to send an email to grandma, who's got a Gmail account, Proton has to be able to talk to Gmail, using the standard mail protocols.

Mike: That's right.

Geoff: And this is one of the reasons that people are starting to talk about moving away from email altogether. It's why, air quotes, "the kids today are just using messaging and don't use email much." Not that they're that concerned about security, but to them, it's just not immediate, it's not... It's old school. So, this is the other thing when we're talking about architecture, it's not just that ProtonMail perhaps architected things wrongly, it's that they had to leverage architecture and a protocol that is decades old, so they could deliver this thing called Email. And Email is never going to be 100% secure because the servers have to know where the other servers are, it has to know how to route the traffic.

If I send you a postcard from Spain, and I write your address on the back, it goes to the post office, then to... On a plane to Canada, and then from Canada. The email was inherently designed to behave in the same kind of way, so that's... The other question is, if you want to be truly secure, perhaps the time has come to start looking at other offerings that move away from this somewhat dated email product.

Henry: Well said. So, you touched on something, because my next question was going to be, well, how can we have privacy, or anonymity, or security online? And essentially, you're saying we've got to move to a different system, right?

Geoff: If your objective is 100% privacy, and I mean, if you're Donald Trump or some mafia boss, you don't... Everything you deliver is verbal, face-to-face, right? You don't write anything down, but if you... That's... We're running a business here and you're on the west coast and I'm in central Canada, we can't do it face to face. So, there's other... We need other mechanisms. But if you want something that's 100% encrypted and 100% secure and face-to-face is not practical, then, you need to look to some other technology, other than email, eventually. For most people, is it good 95% of the time? Yes, I would argue it is, if you're just saying, hey, you want to go to the bar on Friday night, but, for this 5% edge case, no, it's time to use something else.

Henry: Well, okay. So, Mike, that leads me to think that we've got a solution called Many One, explain that again to those newer listeners who may not be completely familiar with that.

Mike: So, one of the things about email is, it is old, and it is an old protocol, and it is something that was meant to be just like a... To behave like mail. So it is that one place, you have an address, whether it's an email address or a physical address that you write on the back of a postcard. So the... But that is, inherently, it's also kind of an example of decentralization because it's a place where you... It's that one place where anybody can type something and it comes to you. So, you've got an address, you get the postcard from Geoff in Spain, and it will come there because It's got that address that everybody can read and know. So, in order to have anonymity, you have... Geoff has to be able to write something on a postcard that doesn't... It isn't your street address. Like some garbled thing, and the mailman still needs to be... Your mail person still needs to be able to get it to you.

Henry: Right.

Mike: So, in order to do that, there... And these are the idea that you... So, you have this decentralized container, say, that's what we're kind of modeling many one after, you have this decentralized container, that's like your mailbox, and then you basically can exchange a garbled identifier, and we call it a QR code. Everybody knows what they are, I show you a QR code, you scan it, so there's no address, I don't know your physical address, Henry.

Henry: Or your phone number, or your email.

Mike: But now, I can send you a message, or anything and I don't even have an address for you. I have a little thing... A little contact in my container that says Henry, with your picture, but there's nothing else that identifies you, so I can send you a message and that's... There you go, because right now, there's all of a sudden, you've got something where you're removing that address component of it. Then, what you need to do is, you need to say, okay, now when I write something with that address on there, and or when I send something to you, how do I get it to you in such a way where nobody knows who's sending it and who's receiving it? This is the anonymity part of this ProtonMail problem. Does this person still have an address that could be associated with them and all these records on the backend?

So, what do you... What did ProtonMail say in their response to this climate activist arrest? They actually said themselves, that they should use... That you should use Tor, which is the onion router, and this is an anonymity service. So, when you're structuring a centralized thing, you have to... Everything gets bolted into one server. When you're structuring a decentralized thing, you can take different pieces from different places. So, Tor is an open-source way to basically establish an address, for say, your device or you, and my device or you. And then any time I send something from my address to you, Henry, your address and my address is never revealed to anybody in the middle.

Henry: And is that because it gets bounced to a whole bunch of different places?

Mike: Exactly! So it goes, say from, it goes from me to another server somewhere that I don't even know, like, for all I know, my postcard from Spain could go through Bermuda, and then it gets to you. And now, if you have that simple thing in this... Even in this ProtonMail case, if you have that... If you use Tor, if you get the subpoena, and it says, give me the information, there's no information that can actually be tracked. To track your... That... They may know that your address is here, Henry, somehow, and they may know that Geoff's address is there somehow, but they will never be able to track where those things are and how the things get to each other.

Henry: And in fact, Tor, the utilization of Tor is inherent in our first-generation of Many One, isn't it? So, it is indeed trackable.

Mike: As Geoff said, one of the things that you get when you work in this decentralized world is, you basically have to build everything yourself, pretty much. And so, you don't have this luxury of saying, oh, well, that's easy, I'm just going to take that, and that's easy, I'm just going to take that. So, thankfully, we've got some open-source folks, like the Tor project people, who are building this stuff and maintaining it and doing it to allow people to maintain this anonymity. So, we can use some things, but a lot of it, we just have to build, and so, because of that, we have this idea that when we build Many One, the number one tenant is, we want as little information on anybody as we can possibly have. So, when we get served the subpoena and I'm sure it's going to happen, yup because I think everybody gets it, at some point.

We literally can open the doors and say, here you go, there's nothing or very little that can be ID... That could be used to say, track down this climate activist. And part of that is because we are going to incorporate Tor into the actual... The way that we communicate, it's the actual messaging and addressing layer.

Henry: Fantastic! I'm really looking forward to it. Obviously, decentralization is the way of the future, because centralization has caused nothing but problems. Yes, it gave us the promise of the internet and it made it real, but we need to perfect it now. And, I'm proud to be involved with Many One, and I think we're going to be able to do that.

Mike: One last thing I'm going to say, remember, I don't think this centralized internet is going anywhere when it comes to things like services and stuff like this.

Henry: Oh, of course. Yes.

Mike: You're always going to have cloud-based apps, and that's just the way it is. But, the way that you access these services, the way that you identify yourself, and the way that you communicate, especially important information with your friends, your family, your colleagues, journalists, whatever, your client... Your climate activist buddies, that piece you can take off of the centralized internet. We should all be moving away from Gmail and all of these things for that type of communication, that piece needs to decentralize. I think the centralized internet is always going to be there, how we access it, is the thing that's going to change, and it has to.

Henry: Very well said, Mike, because, all of us deserve a private way to communicate because we've had it since the dawn of time. Then we got online, and it was taken from us.

Mike: That's exactly right.

Geoff: Precisely.

Henry: Thank you, Mike. Geoff, Thank you so much.

Mike: Thank you, Henry.

Geoff: Thank you, Henry. Bye for now.