Pretty much, but that isn’t the idea behind this block. Someone used ProtonMail to send a lot of different bomb threats to the police. Because of this block police now have some legal ground to ignore those threats.
It seems all evidence is based on the emails sent by the author of the bomb threats. I don't think it works as evidence against this being an inside job.
Agreed that it’s not possible to know for sure what’s going on. But it’s not the first time this kind of stuff happens however it’s the first time action was taken.
Not really, most people that use ProtonMail "heard" it was safe but aren't using VPNs daily and would probably struggle to find out how to incorporate it into their daily routine correctly with split tunneling. The smart people host their own email, not rely on someone else.
Hang on, I need to call my peat guy, who assured me that one meter was sufficient. Also, you have to line that tank with shotcrete.
Hosting locations matter when you are buying network-delivered services. Even if it is trivial to bypass for the user, this one time, jurisdictional risk to the provider is something that you have to consider as a factor when comparing competitors and self-host options.
and when a lot of people are talking about 'self-hosting' they're mostly talking about a VPS they rent from some provider who could vanish just as easily as Proton can. I'd like to see the numbers on how many self-hosting evangelists (I don't mean that term pejoratively. I think self-hosting is great) are actually talking about metal they physically control.
Generally, that is why you'd build in redundancy and backups so that if your VPS provider, or cloud provider stopped working you could bring the service back up very quickly, however self-hosted email has proved reliable overall and there are even Helm charts for Kubernetes.
I can't tell where you want to draw the line. I personally have a couple physical servers in a cage. I do not own the data center in which they reside. Does that count?
If I don't "self-host", then neither does the corp I work for, with hundreds of machines in other people's DCs...
My original (sort of absurdist) point was exactly that; saying "here's the line between 'smart people' and 'non-smart people'" is both pointless and rude.
Everyone has different threat models and resources.
And even in this case you can't rely on your domain registry not to change your DNS without your consent. And there's not really a big chance you own a dedicated IP address.
I've heard it's relatively common to get allocated an IP that has previously been abused by spammers, or certain providers will reject incoming mail from IPs that have no reputation (but then how can you build reputation?).