Re: [PLUG] Chime

Thomas Delrue via plug on 4 Mar 2021 05:56:41 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Chime

From: Thomas Delrue via plug <plug@lists.phillylinux.org>
To: Joe Rosato <rosatoj@gmail.com>, LeRoy Cressy <rev.cressy@protonmail.com>
Subject: Re: [PLUG] Chime
Date: Thu, 4 Mar 2021 08:56:35 -0500
Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Reply-to: Thomas Delrue <thomas@epistulae.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1

(I am not a lawyer, do not take legal advice from me.)

This explains much more... While I think it's shortsighted on Chime's
end to say the least, it's probably the lawyer-types that told them to
implement this.

Chime's a bank and thus falls under certain requirements of reporting
and surveillance of its customers. One of those is the ability to
provide a strong link to a real-world identity to be able to (among
things) trace down money laundering or "aiding and abetting terrorism in
material ways".
Since ProtonMail is a provider that enables you to sign up without
providing *any* personal information (*), this would prevent chime from
having another link to you as a real person in the real world.
ProtonMail also makes it so that any organ of the USG will have a hard
time to pry information from them (I think they ware Swiss-based for
that specific reason - but I'm not 100% certain about that)
I think that with that in the back of their mind, they could justifiably
classify ProtonMail as an anonymous e-mail provider for their reading of
their requirements.

Chances are, they have some deny-list of providers of these mail
services, such as ProtonMail, mailinator, and what else have you.

Now, could you go ahead and set up your own 'anonymous' e-mail provider?
Sure, but remember that you are a US entity and are subject to the US
PATRIOT act (and all other
'you-have-nothing-to-fear-if-you-have-nothing-to-hide'-laws) so good
luck with that. You may be forced, hard-handedly or not, to keep (very)
detailed records of who uses your anonymous e-mail service and what
for...so make sure you consult a lawyer before you attempt to do so in
order to set accurate, reasonable, and correct expectations towards the
users of your future system. This also applies to you if you are a US
entity, but host the service (or even the controlling entity of the
service) itself outside of the US

On the other hand, this does tell you something about the
ability/requirement/eagerness of other mail providers regarding coughing
up who the 'real world person behind account X is', doesn't it?

(*) If you get prompted for "gimme a phone number" when signing up for a
ProtonMail account, just keep hitting Refresh until it goes "fine, how
about you solve this captcha then to prove you're human".

On 2/28/21 14:53, Joe Rosato via plug wrote:
> Got this error and called them.
> They then said they do not accept "private" email addresses.
> You will note here it says "anonymous" email provider- which is wrong. 
> Protonmail is not an anonymous email provider. It is a private email
> provider.
> 
> image.png
> 
> On Sun, Feb 28, 2021 at 2:46 PM LeRoy Cressy via plug
> <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> wrote:
> 
>     On 2/28/21 1:53 PM, Joe Rosato via plug wrote:
>>     Recently purchased a private email address to increase my
>>     security, and just found out chime.com <http://chime.com> does not
>>     allow "private" email addresses. I went with protonmail - used the
>>     free one for a while now when I wanted more privacy than my gmail
>>     account.
>>
>>     I understand that "free" things on the internet translates to
>>     "you" are the product... but somehow this one blindsided me.
>>
>>     Thought it would make for a good discussion.
>>
>>     Joe
>>
>     I personally use protonmail and also purchased from them the vpn
>     package. As a paying customer you can download their protonmail
>     bridge packagewhich enables you to use Mozilla Thunderbird to
>     directly access their IMAP server.  Their VPN supports using OpenVPN
>     which is available on all Linux distributions.
> 
>     As an Arch Linux user they include a PKGBUILD file for you to
>     compile your own package.
> 
>     I have no problems with with their service.  They also responded
>     very quickly when I noticed a bug in their PKGBUILD file.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Chime
  - From: jeffv via plug <plug@lists.phillylinux.org>

References:
- Re: [PLUG] Chime
  - From: Joe Rosato via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] Chime
Next by Date: Re: [PLUG] Chime
Previous by thread: Re: [PLUG] Chime
Next by thread: Re: [PLUG] Chime
Index(es):
- Date
- Thread