I disagree hard that anonymity is detrimental to security in most cases. It can be as stated in the example and there are technical hints that make it difficult to achieve.
I also disagree with the references to hate speech and online abuse. Anonymity allows for detachment and it does not provide any surface for hurtful attacks. It is more or less the best protection. If you expose your identity these attacks are much more effective because they can become personal. Maybe that angle is out of scope for security researchers that want to sell their identity platform (which can be good, but come at costs).
Anonymity can be detrimental against scams, but if you are also anonymous to your attackers you often don't have to provide good defenses.
Everyone can become a political dissident in a day. Accountability and prosecution can be the same from a different perspective. The security industry isn't really a trustworthy actor here and often does not provide good information.
Sure, if you cannot help yourself and use weak passwords, having a device identifier can indeed provide security.
> A dissident who needs anonymity from their repressive government does not need the same level of anonymity from the Swiss legal system.
The Swiss legal system in particular does prosecute dissidents that hide abroad because they leaked info on criminal banking enterprises supported by the state. This is a pretty bad example to be honest.
> A dissident who needs anonymity from their repressive government does not need the same level of anonymity from the Swiss legal system.
Well too bad for the french dissident who got arrested because they needed "the same level of anonymity from the Swiss legal system" which was queried through Europol thanks to protonmail suggesting it.
Just a reminder to all sysadmins around: never help cops. If you feel like you HAVE TO help your local cops, do it. But never ever answer to foreign cops instead tell them to fuck off (or don't answer), and especially don't suggest them to use a certain convoluted legal process to get your hands tied into betraying your user.
Unfortunately fluff pieces like this get posted everywhere, but there are actual mathematical definitions we can use to measure privacy loss, and basic opsec is not a good way to anonymize oneself if data is being collected and shared.
I wish more folks wrote good pieces on differential privacy and data minimization, so we could have informed discussions instead of PR messaging.
Tl;dr/PR message: We [protonmail] can provide you with decent privacy (end-to-end encryption, no logs "by default" ...) [0] but anonymity is your responsibility (OPSEC).
Fair enough. A bit recursive as good operational security requires you to not trust any one particular service provider (centralized/aggregate point of attack).
I also disagree with the references to hate speech and online abuse. Anonymity allows for detachment and it does not provide any surface for hurtful attacks. It is more or less the best protection. If you expose your identity these attacks are much more effective because they can become personal. Maybe that angle is out of scope for security researchers that want to sell their identity platform (which can be good, but come at costs).
Anonymity can be detrimental against scams, but if you are also anonymous to your attackers you often don't have to provide good defenses.
Everyone can become a political dissident in a day. Accountability and prosecution can be the same from a different perspective. The security industry isn't really a trustworthy actor here and often does not provide good information.
Sure, if you cannot help yourself and use weak passwords, having a device identifier can indeed provide security.
> A dissident who needs anonymity from their repressive government does not need the same level of anonymity from the Swiss legal system.
The Swiss legal system in particular does prosecute dissidents that hide abroad because they leaked info on criminal banking enterprises supported by the state. This is a pretty bad example to be honest.
Off topic, but one of many examples and very interesting: https://www.youtube.com/watch?v=dRmnp8vhziw
You are not planning anything, protonmail? Which banks do you use by the way?