Q&A highlight
Posted14 days ago
Key Takeaways
That has been going on for decades, actually. What has changed is that people are looking at it.
The massive shift of communications to digital channels has put mountains of data right there for the grabs, which is extremely attractive for people who want access to all that data.
German here, look how fucking often our politicians tried to push stuff like the Vorratsdatenspeicherung.
The Patriot Act isn't on equal footing as these Chat Control-esque laws we're seeing. The US government spies on people, sure, but they're not mandating encryption backdoors or trying to outlaw VPNs.
From a recent EFF post[0], it appears they've backed off the scanning and encryption demands so that's good, I guess. Hopefully that sticks and they don't propose something similar in the future.
0: https://www.eff.org/deeplinks/2025/12/after-years-controvers...
People read this and think that US government had unhindered access to all data in major providers.
According to Edward Snowden, PRISM allowed the government to compel internet companies to turn over any data that matched specific court-approved search terms. such as email addresses, all under Section 702 of the FISA Amendments Act of 2008.
At least some parts of it were likely unconstitutional as it could target U.S. persons, but it was not free for all as "straight access" indicates. It was straight access after FISA court approval.
NSA runs much more invasive MUSCULAR program in the UK without FISA or other type warrant.
[1] https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...
https://en.wikipedia.org/wiki/Dual_EC_DRBG#Weakness:_a_poten...
So in my opinion, it’s a band-aid to more deep seated problems that more often than not creates new problems.
It's certainly not compatible with privacy.
The US conducts mass surveillance at a planetary scale, as an "Empire". It was implemented secretly by its 3 letter agencies with the help of various actors.
Europe is doing it in the open with laws and regulations and only targets the people in its territories. One simple reason they would have to do this way is they simply have no equivalent in capabilities to the NSA, CIA, etc.
There's also a lot of lobbying from "security" companies who are pressuring governments to purchase and install their systems, but they require realtime spying of everyone.
Governments are never perfect. They are always in a precarious position where they can turn quite harsh quite quickly. I can't speak to each EU nations politics but things have been turning towards the right for a while and they are finally in positions where they can make these demands and get them passed.
- So called "Far left" and "Far right" MEPs were declared "Opposed"
- The "Center" MEPs were "Unknown", what means "Support" I guess.
I believe we have been programmed not to notice how radical the "center" is...
Something I realized recently is how low the approval ratings of European leaders are:
- Macron and Starmer are about 18%
- Mertz is 25% (only 6 months in)
- Von Leyen is 23%
This is ridiculous.
We often perceive Trump as highly unpopular but he is cruising between 40 and 50%, that's double.
So those leaders, according to the numbers, are becoming illegitimate or the system is broken. So we are just waiting for a spark to put the house on fire.
Mass surveillance within your territory is really a weapon against your own population, it is not to catch spies (they are trained to evade them).
I didn't know the approval ratings were this low.
Because they look at what happened US, at the rise of popularity of fascism throughout the world (which is mostly perpetuated by key media players under the mask of being "anti-woke"), and basically correctly decide that the people can no longer be trusted.
And they are fully correct.
Ive said this before on here, but the whole idea of privacy from surveillance is not applicable anymore in todays world.
The standard line of arguing is that people should be able to speak the truth free from government knowing about it and trying to silence them. The problem with this
* Most of the "truth" that these people refer to has been literally false propaganda, or ability to say slurs on social media.
* Despite that fact, not a single public media person speaking these lies has been silenced in any way by the government, despite things like patriot act existing in US or equivalent things in EU. The only time people have been silenced in places like UK is when posting extremely out of pocket stuff.
Furthermore people also say that you don't want to give the government the power to do this now because a government that you may not like will want to do this. Well, to no one surprise, the people with this libertarian mindset (and the so called "centrists") overwhelmingly vote right wing, and consequently, right wing runs on a platform of freedom, but when those people get in power, they not only actively tries to silence actual truth and free speech, but also they just don't give a fuck about the law and do what they want anyways.
So as unfortunate as it is, its a much better outcome for the current state of administration in EU to take a more invasive role in policing the populace, because economic growth and stability over long term is worth way more than some idealistic approach based on above. Historically this has shown to be true over and over again, while the latter has shown to result in economic decline. So its wortwhile to sacrifice some personal rights in return for a better future - we already do this to a large extent so this is nothing new.
In terms of applicability to the regular person, please understand that the privacy ship for you has already long sailed. You already can be tracked and analyzed in extreme detail, by really any person or company that is willing to buy advertising data and do correlation. There are companies that literally do this and contract out to the government. Also, you aren't that important enough to care about.
Also if you are of that mindset, I hope you are also for abolishing police completely.
It’s a win-win for the politicians and the pensioners that vote them, that believe any nonsense about children safety.
With recent AI advancements, an orwellian hell is all but inevitable. If you (by which i mean the powers that be not you specifically) don't build it then some competing faction will and they'll be in control of it. Its the classic prisoner dilemma.
I want very secure email that’s US located because some of the contents are US regulated, I’m not worried about the US hacking me and I doubt if they really wanted my information I could do anytyhing to keep it from them.
I’m sure there are people that would love Switzerland.
To each their own.
So does NextDNS. But neither are email services.
They started to copy the infrastructure, and the data is currently in Switzerland, Germany, and Norway. They can technically shut down the systems in Switzerland on short time. He (Andy Yen, CEO) always hoped they'd never need to take such steps, but the environment in Switzerland is too insecure for them at the moment. So they had no other choice but to plan their way out.
(Also, HN is an English-language site, so articles here should be in English - https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que... - even though we have deep respect for the German language and other languages)
I seem to recall that one of their original selling points was that they were based in Switzerland which does not have data sharing agreements with the US under the Patriot act, unlike the EU.
Cynical view - they prefer to IPO on another market than Swiss
You can publicly list in exchanges despite not being domiciled in the exchanges country. For example, Chinese and EU domiciled companies IPOing on the London Stock Exchange (LSE) due to a mix of easier access to liquidity and simplified rules and regulations.
It's nice to see that they're giving the finger to the Swiss government but ultimately it doesn't matter as many jurisdictions are mandating the same things.
Except the metadata I guess.
I've always seen Proton benefits as a moot point because it's not E2E to the other side. You can encrypt all you want but as soon as you actually communicate with anyone (this is the email after all) you are now give all your messages to a third party often times without any encryption at all.
There are a lot of things what can leak your correspondence as is before it would land in someone's mailbox.
I'm curious why you think this?
Take two parties that run their own email servers. One sends an email to the other. Their server opens a TLS connection to the other server and sends the email.
This is E2EE, no?
Given this is possible, is email truly *inherently* insecure? Or is the problem the centralization/sharing of email in free hosts?
Like most issues of privacy, you can be absolutely perfect but all it takes is any of your contacts to make a common mistake and you are toast.
If a system can only be secure if every participant acts perfectly, and goes through all the hoops required to host their own private infra securely, well, that seems inherently insecure to me.
Email was designed for a different age. All the bolt-on improvements have not fundamentally changed this.
https://apnews.com/article/germany-women-misogyny-raids-inte...
https://www.yahoo.com/news/german-police-launch-nationwide-o...
It seems reasonable to be concerned about a government that wants the power to reveal Internet users, but I couldn’t say on what basis Proton expects legal protection to continue after the move.
For things like troll posts or just general hate speech, most of the time the police visit your house and ask you questions and give you a stern warning. And remember, police in EU isn't like police in US - when you get visited by police in EU, you aren't afraid that you are going to get shot up or thrown on the ground and tazed if you did nothing wrong. In extreme cases where you are calling for things like beheading, yea they def arrest for that.
Source: close friend that lives in Germanty works for a company that does business with German government. I don't know first hand but he is pretty aware of the policics in EU and I have no reason to believe he would be exaggerating.
On anther note, Germany policing is quite progressive actually. For example, if you run, you don't get a charge for evading/eluding - its actually legal to run from police because "desire for freedom is a human right".
We still have more dying in jail or during arrest per capita than any other country in Europe, but we're still orders of magnitude behind the US.
You see people negotiating with police when pulled over, if this is in the typical "latin" way it is fair game.
I was taught as a kid to always go to police when in terrible. Taught the same to my kids.
Now, I live west of Paris which means that right from the start the relationship is better. In other places this may need very different.
Civilians are basically 'the others' and are to be avoided and met with suspicion first. And that's the most liberal police syndicate.
In my city the police approaches you smiling. They are part of all events so they are well known. But again it is in a nice cosy city.
You mention "camp counselor" - maybe it was more tense there?
In France, discriminatory identity checks are a striking illustration of this. Police disproportionately target certain citizens on the basis of their skin color or presumed origin, particularly young people perceived to be Black or Arab, including children. These abusive controls can often lead to more serious police violence, including with fatal outcomes.
~ https://humanrights.gov.au/know-your-rights/rights-of-indivi...
These two are highly related
They should be policing their social media heavily.
"(proton fraud detectors) are looking for certain patterns in use. And they collect clues on the dark web. For example, if you find Proton mail addresses in criminal Internet forums, the accounts behind them will be blocked."[1]
I've never participated on a "dark web" or .onion forum but I could imagine doing so for a variety of reasons ... are there not very interesting discussions occurring there ?
I would be classified as a criminal for being part of that discussion ?
Should I be retroactively classified as such for my discussions on cypherpunks in the nineties ?
[1] https://www.nzz.ch/technologie/proton-ceo-andy-yen-wer-geset...
https://www-nzz-ch.translate.goog/technologie/proton-ceo-and...
Anyway most people would be better served when disavowing any notion that email is secure or that VPN services operated by companies (as opposed to ones you control) are good for anything other than bypassing region locks.
Swiss government look to undercut privacy tech stoking fear of mass surveillance - https://news.ycombinator.com/item?id=45223231 - Sept 2025 (3 comments)
Proton begins moving hardware out of Switzerland due to proposed legislation - https://news.ycombinator.com/item?id=44915796 - Aug 2025 (5 comments)
Proton Partially Exits Switzerland - https://news.ycombinator.com/item?id=44669496 - July 2025 (2 comments)
Lumo: Privacy-first AI assistant - https://news.ycombinator.com/item?id=44657556 - July 2025 (123 comments)
Proton threatens to quit Switzerland over new surveillance law - https://news.ycombinator.com/item?id=44014808 - May 2025 (228 comments)
Tell HN: Swiss surveillance monitoring nearly everything – impact on Proton etc? - https://news.ycombinator.com/item?id=38937352 - Jan 2024 (8 comments)
Not affiliated with Hacker News or Y Combinator. We simply enrich the public API with analytics.