[ssl232]

They say in the article the encryption passwords are stored off site, presumably in Switzerland where their HQ is. Switzerland does not have any law compelling handing over passwords as far as I am aware. They also say the logs on the (encrypted) drives don't contain any useful information linking back to users anyway.

[pveierland]

Which still results in a clearly weaker defense compared to not persisting data, as the data will remain available to be acquired legally or illegally even after powering the system down.

[GTP]

But a motivated nation state can size servers without powering them down, it has been done in the past. Sure, it's harder than just smashing the door and grabbing them, but still possible. In the end, when discussing security one has always to start by clearly defining the intended threat model.

[lozf]

As I recall they said similar things about their encrypted email service, giving the impression that there was nothing to share with Authorities. Then they gave up enough personal information to lead to the arrest of a French activist.

[cyberpunk]

Poor opsec there to be honest; I think they handed over the recovery email address he provided when he registered which was some gmail or something address which easily gave away his identity.

As far as I know they were not able to access any of the mail in his account.

[lozf]

Fair point, thanks.

[GTP]

It can also very well be that they got a court order to turn on logging only for that specific account. Better opsec would have likely prevented this.

[cyberpunk]

But whenever they reboot a us vpn server somehow that password is making it into the LUKS system (can we assume some kind of agent that runs during boot?) which likely has some credentials also baked in?

Unless we believe a human being is manually entering these in their hundreds of us vpn servers every time they restart?

[ranger_danger]

> Switzerland does not have any law compelling handing over passwords

But they have extradition treaties with other countries.