undefined | Better HN

0 pointsFelz4y ago0 comments

I believe this is part of the AWS's explicit policy, possibly also in the terms of service:

https://aws.amazon.com/compliance/data-privacy-faq/

It would be crazy suicidal for their cloud business to break it, and possibly open them up to lawsuit.

0 comments

And of course it would be even more crazy for them to refuse a request e.g. by the FBI or NSA. I'm sure they respect SLAs as much as OnePlus, Huawei & co don't share data with Chinese government.

FelzOP4y ago

Yea, they say as much in the data privacy FAQ. I think my recommendation is that if you're worried about being explicitly targeted by state actors, don't use email. (Not even Protonmail.)

If you're worried about general data hoovering, AWS would probably need to implement very sophisticated introspection into what your machines are doing to break the SSL on SMTPS, and courts might not be sympathetic to that. I expect state actors would find it easier and more convenient to just hoover from big providers like Gmail instead.

piaste4y ago

> Yea, they say as much in the data privacy FAQ. I think my recommendation is that if you're worried about being explicitly targeted by state actors, don't use email. (Not even Protonmail.)

Protonmail (and Tutanota, which I went with) both offer E2E encrypted email via open-source client apps, so they should be fine even against state actors if you use their encryption. In the case of Tutanota, this has even been tested in court.

Of course, if you use them to send or receive plain ol' unencrypted email, this largely goes out of the window regardless of the provider.

2 more replies

j / k navigate · click thread line to collapse