If you're selling me on how you being hosted in $CountryThatIsNotTheUS increases my privacy and safety but your founders or staff with access to the system reside in the US as US citizens, you're selling me something far more dangerous than just hosting my stuff in the US

@kusuriya who is this about? arent most big companies hosting in the us anyway?

@felix This isn't about anyone in particular but some example of people selling this false sense of security is Protonmail. Most the staff is in .ch, but the founders, and some of the staff with access are US Citizens living in SF...

@kusuriya oh i had no idea about that. My mail provider is completely in Germany, or at least so they say 😂

@felix Yeah I had no idea about that until I put my foot in my mouth and said their staff was mostly in the US so really how safe is it, and someone "WELL ACHKTUALLY"'d me and I had to go "Uhh, that makes it even worse..." and they couldn't understand how. I guess thats part of the reason my mail server is set to mark protonmail addresses and funnels them all into their own folder that I mostly ignore.

@alex False sense of security. If you can be whisked away and forced to cooperate...

@kusuriya True but it doesn't apply to most cases. If the service is located in your country then in most countries they will cooperate on order from local court. And their hosting/service provider too.

Back channeling and black ops are certainly possible too but they happen when there is significant national interest and 99% of cases torrenting Britney Spears, sharing loli pictures or occasional hate speech don't apply here :)

So I don't get why it is generally "far more dangerous" to use services outside of your country jurisdiction. For some it might be a security advantage, for some it won't.

@alex So using protonmail as an example here. If the next snowden was looking for services they may read the whole premise around and may go "Oh hey cool this will be safer than dealing with a host hosted in the US" and buy in.
In comes the rubber hose cryptography where the US Government puts the US people from proton mail into jail using something similar to a FISA court until they cooperate and let them into the account.
A false sense of security is far more dangerous than anything else

@kusuriya "Well, actually" :D
...even in your example Snowden is better off using Protonmail than something US-hosted. Rubber hose cryptography still beats "Sir, yes, sir!" cryptography and might buy him a bit of extra time and hopefully someone like Snowden uses provider-agonstic security anyway but still it is extra hurdle to track metadata.

I am not arguing your point that something hosted abroad isn't invulnerable but it has a purpose.

Also even something completely out of national jurisdiction isn't absolutely invulnerable. You might be Russian, Chinese or Swiss sysadmin and this doesn't guarantee you won't come home one day and see someone with silenced gun waiting for you there. It is matter of chances, that's all. Russian dissidents are safer using Protonmail, Snowdens are probably safer using Yandex.

@alex probably not though, people act differently on perceived risk. If I told you "I have taken efforts to make it harder for government agencies in the US to snarfle your stuff but I ultimately am a US citizen so keep that in mind" you are going to still take a different level of protection than if I told you "ProtonMail is incorporated in Switzerland and all our servers are located in Switzerland. This means all user data is protected by strict Swiss privacy laws."

@kusuriya I suppose it is up to the user. In the end it is matter of computer literacy (yes, I think matters of security are part of it and they are not rocket science).

There is a lot of marketing and marketing points are usually not entirely wrong but exaggerated. Still I don't trust my government and I would prefer my service providers being far from it. Even Google is safer for me than local alternatives. Not a silver bullet but somewhat safer.

Seeing how many foreign hackers stage their attacks on our platforms I suppose Russian service providers are safer for them. I don't think they are completely FBI/CIA invulnerable but they are certainly harder to get to cooperate than AWS or Google. It is all relative IMO.

Also the current state of things pretty much sucks. Not the 21st century I imagined, mate.

@dch they are another good example looking at it

Sign in to participate in the conversation
BSD Network is a *BSD-themed Mastodon Instance. General use is encouraged, and everyone is welcome as long as you follow our code of conduct!
If you wish to donate, we are on Liberapay: Donate using
LiberapayDonate using Liberapay