Skip to content
DevMeme
3372 of 7435
Law Beats Encryption Marketing
Security Post #3705, on Sep 16, 2021 in TG

Law Beats Encryption Marketing

Why is this Security meme funny?

Level 1: Locked Letter, Known Mailbox

This is like putting a letter inside a locked box so nobody can read it, but leaving the box at a post office that can be ordered to say when you came in. The funny part is sad: the lock still works, but the world around the lock can still give you away.

Level 2: Privacy Has Layers

Encryption means data is transformed so only someone with the right key can read it. End-to-end encryption means the service provider should not be able to read the message contents because encryption and decryption happen at the users' ends. That protects the inside of the message.

But email services still run servers, accounts, login systems, abuse prevention, billing, and legal compliance processes. Those systems can create metadata, which is information about communication rather than the message body itself. Examples include when an account logs in, what network it uses, and what account is being investigated.

The screenshot is funny in a grim way because many users hear "encrypted email" and imagine total invisibility. The visible ProtonMail text shows a different reality: a provider can be unable to read encrypted content and still be required by local law to comply with a specific order. For developers and security teams, this is why privacy promises need precise wording. "Private" is not one feature; it is a stack of technical, legal, operational, and human assumptions.

Level 3: Threat Model Beats Slogan

The post caption reduces the whole incident to:

law > encryption

The screenshot shows ProtonMail explaining that it received:

a legally binding order from Swiss authorities

and that:

There was no possibility to appeal

That is why the meme stings. Privacy products often communicate through simple promises: encrypted, secure, private, protected. Legal systems communicate through orders, jurisdiction, compliance duties, and consequences. The ugly lesson is that encryption can protect message contents while still leaving a service provider exposed to legal compulsion around metadata, account records, or future logging. Encryption is powerful. It is not a force field around the company operating the service.

The senior security reading is that this is a threat model failure, or at least a threat-model mismatch. End-to-end encryption answers one question: can the provider read the encrypted email body or attachment? It does not automatically answer: can the provider see login IPs, account creation details, recovery addresses, payment trails, notification tokens, browser fingerprints, or the times an account connects? It also does not answer whether a court can order the provider to start collecting data it did not normally retain. The meme's bleak arithmetic is simple: crypto protects ciphertext; law talks to organizations.

This is why privacy engineering is harder than marketing copy. E2EE is meaningful, but anonymity is a different property from confidentiality. A service can keep your message unreadable and still know that a particular account connected from a particular network at a particular time. A provider can be honest about its encryption while users still misunderstand what it protects. Security people spend years writing threat-model documents for exactly this reason, and then someone compresses the whole thing into a navbar screenshot and a crying emoji. Honestly, not the worst incident report format.

The organizational dynamic is also familiar: teams want clear product positioning, legal teams require compliance, security teams know the caveats, and users remember the slogan. When a high-profile case appears, everyone rediscovers the gap between data privacy, cyber law, and actual operational control. The joke is not that encryption is useless. The joke is that encryption was never the only layer in the system, and the layers with lawyers attached tend to have root access to the roadmap.

Description

The image is a ProtonMail blog page screenshot with a dark header showing the ProtonMail logo and navigation links "About", "Security", "Blog", "Careers", "Support", "Enterprise", plus "LOG IN" and "SIGN UP" buttons. The visible article text says Proton wants to provide clarifications about a climate activist recently arrested by French police, expresses concern about serious-crime legal tools being used in this way, and says it is adding context in the interest of transparency. A second paragraph says Proton received a legally binding order from Swiss authorities, was obligated to comply, and had no possibility to appeal that request. The meme caption context, "law > encryption", lands as a privacy-engineering reminder that encrypted mailbox contents do not necessarily protect metadata, IP logging, or providers from jurisdictional compulsion.

Comments

59
Anonymous ★ Top Pick End-to-end encryption protects the message; it does not usually come with a jurisdiction escape hatch for the logs.
  1. Anonymous ★ Top Pick

    End-to-end encryption protects the message; it does not usually come with a jurisdiction escape hatch for the logs.

  2. @chekoopa 4y

    Ehh these privacy fairytales

  3. @Picross3D 4y

    What?

  4. @waifu_anton 4y

    Could Proton avoid its new policy? It's not a rhetorical question, I honestly wonder if it is so

    1. Deleted Account 4y

      They had about 3700 requests and contested nearly 750 of them but like they've said this request wasn't possible to contest

  5. @feskow 4y

    What if telegram sends private data to Russian gov without the world knowing

    1. @pyproman 4y

      then use secret chats

      1. @feskow 4y

        Okay, telegram please secret chat on desktop

        1. @pyproman 4y

          send this to https://github.com/john-preston

          1. @frayxrulez 4y

            Use windows or macOS

            1. Deleted Account 4y

              wow why

              1. @frayxrulez 4y

                Because there you can have secret chats

                1. Deleted Account 4y

                  they aren't secret there

                  1. @frayxrulez 4y

                    They are

                    1. Deleted Account 4y

                      if you are hiding data from common users, pms are secret enough, if you are hiding it from a gvmt — no secret chat will ever help you

                2. @feskow 4y

                  There is no secret chat in Telegram Desktop for Windows.

                  1. @frayxrulez 4y

                    You can use Unigram on Windows.

                3. @RiedleroD 4y

                  linux exists yk

                  1. @frayxrulez 4y

                    That's why I said use windows or macOS 😏

                    1. @RiedleroD 4y

                      funneh

            2. @pyproman 4y

              No

        2. @freeapp2014 4y

          Use Mac OS

          1. @feskow 4y

            Can you run iOS app on Mac os?

            1. @freeapp2014 4y

              “Telegram for Mac”

            2. @anatoli26 4y

              That’s the whole point.. T doesn’t make e2e encryption on purpose and makes secret chats a feature mostly unusable for ordinary users, this way THEY have access to all the communications

    2. @Eugene1319 4y

      If it would be, there had been some arrests what are based on the messages from the Telegram. I have never heard such

      1. dev_meme 4y

        There were a lot, actually

        1. Deleted Account 4y

          Not as a result of telegram giving info about users. User was hacked by officials.

        2. @Eugene1319 4y

          But as far as I know, such cases weren't linked with licked information from TG or information what was given from TG to a government. Usually, in a common chat could be a special person who is observing published messages and try to find some targets.

    3. @anatoli26 4y

      I’d be more concerned with the data leaking to western totalitarian governments, like the French one.. T is legally located in UAE and their servers are spread around the world

      1. @RiedleroD 4y

        since when is france totalitarian?

        1. Deleted Account 4y

          Yeah it's not

    4. @thematdev 4y

      But at least it doesn't spy on you

    5. Deleted Account 4y

      I have serious doubts about this. Owner of the telegram, Pavel Durov, was previously raided by russian regime, and he was forced to sell his social network, Vkontakte, to one of putins oligarchs. After that, Durov basically escaped from Russia. So i think he doesnt cooperate with people, who robbed him. Btw, Facebook, Twitter, Instagram and other are sending private data to us gov and everyone knows that.

      1. @feskow 4y

        Well telegram was blocked before, RKN was trying to block Telegram (but not successfully). After some time suddenly Telegram was unblocked. That is kinda sus

        1. dev_meme 4y

          Coz tg started to work with gov

          1. dev_meme 4y

            Tg officials held same stage with top politicians in Russia after unblock

          2. Deleted Account 4y

            Coz russians failed to block telegram.

            1. @feskow 4y

              It sounds like "I cant block them, welp, not my problem"

              1. Deleted Account 4y

                Well, yes, this how everything in Russia works. If officials failed to do something they just saying " well, good, everything goes as planned".

        2. Deleted Account 4y

          Telegram wasnt successfully blocked. Rkn failed with that.

    6. @beton_kruglosu_totchno 4y

      true but russian government essentially stolen VK.com from Durov so there is no reason on the surface for him to do so

      1. @alexandr_guluta 4y

        Money can be the reason to anything

  6. Deleted Account 4y

    https://fossbytes.com/protonmail-privacy-climate-activist-case/ Btw encryption isn't related to this at all because protonmail have disclosed only ip not emails

  7. @FunnyGuyU 4y

    Such things never happened before and here it goes again 🤣

  8. @f3rr0us 4y

    Also, makes a point that Swiss jurisdiction is not "ideal" or "perfectly safe" by any means.

  9. @scout_ca11sign 4y

    Daily reminder: fuck politicians who talk about climate change, they will put us all in digital jail

    1. @thematdev 4y

      yes

  10. @Agent1378 4y

    That's beautiful and very good news. These climate activists are one of the worst kind of any activists. They do what the want, destroy property, assault people and etc and etc.

  11. Deleted Account 4y

    lol, no

  12. @alexandr_guluta 4y

    Telegram banned Navalny's bot today

  13. @p4vook 4y

    Tg is much less transparent and trustworthy than protonmail IMO

    1. @pyproman 4y

      At least Telegram has secret chats

      1. @sylfn 4y

        but they are not turned on by default

      2. @p4vook 4y

        Bruh they're only called secret and they're not the default option

        1. @pyproman 4y

          Well then use signal or just met in real life bruh

          1. @p4vook 4y

            That's not a valid argument

  14. @freeapp2014 4y

    telegram probably considers your desktop to be way too insecure for this purpose

  15. @Alienatick 4y

    It's not like they gave away our messages!!

Use J and K for navigation