Follow

I think asking people to self-host is too high a bar, but expecting third parties to always be on the user's side is simply not possible, as shown by Tutanota, which is being court ordered to monitor messages for one specific user.

cyberscoop.com/court-rules-enc

And once you have one user monitored, you open the flood gates for all other users.

· · Web · 3 · 4 · 8

@emacsen

Wouldn't community-owned and operated online services be a good synthesis of selfhosting and trusting a third party?

@theblacksquid

A community owned/operated online service will always have the same legal obligations as a commercial entity, but without the financial resources to mount a legal defense.

The answer is distributed services.

@emacsen not as bad as it could be

"The decision will only impact unencrypted incoming and outgoing emails, as Tutanota can’t decrypt data that has already been encrypted, Tutanota added. It also said this should serve as a warning that for customers interested in maintaining their privacy, encryption is paramount."

implies Tutanota has to release when the emails come in and go out, for this account, but their not expected to poison the JavaScript crypto sent to customer's browsers

@davidhanzlik

Yes, it's not as bad as it could be, but once such a hole exists, the organization has no excuse as to not comply with other orders.

@emacsen excuse seems too harsh a word. I think the article mentioned Tutanota is appealing to a higher court. Allowing telecom policy to apply to an email service provider would mean that Tutanota would have to comply with more invasive policy.

Pretty sure we are thinking the same thing and this is just my word choice OCD kicking in X)

I'm just glad Tutanota isn't forced to break their end to end crypto. In the US they could court order fake crypto JS be sent to browsers to trick consumers

@davidhanzlik

My point was and is that external hosting puts communication at risk. Even if the entity doing the hosting is an angel, they will likely eventually be compelled to comply with a legal order, and once they do, they can't argue that doing so would impose a burden on them.

This is exactly why Lavabit shut down.

The laws in Europe and even in the US are far less harsh than those in countries like Australia, where not complying could land someone in much more serious trouble.

@emacsen your not wrong, expecting to beat state level actors with a free to play commercial service is unreasonable

A bunch of self hosted peers has its own problems. Self hosting requires a level of sophistication beyond most users. If you don't onion route the traffic, or do it wrong, the government could just trace the IP directly to your haunt. If the traffic is onion routed through peers, governments can send a subpoena to each node (whom may be unable to litigate) instead of Tutanota

@emacsen yeah self-hosting is tiresome and not straightforward for someone with no technical knowledge or interest. But there is freedombox.org/ and possibly others that are trying to make it much easier to self-host a number of things. One day this could hopefully make it feasible.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!