[diafygi]

http://www.cryptolaw.org/cls2.htm#us_exp_1101

> On 7 January 2011, a minor amendment was made to the EAR (Federal Register Vol. 76, No. 5, p. 1059). Publicly available mass-market encryption object code software (with symmetric key length exceeding 64 bits), and publicly available encryption object code of which the corresponding source code falls under License Exception TSU (i.e., when the source code is publicly available), are no longer subject to the EAR. The amendment includes some minor specific revisions.

Since ProtonMail is javascript crypto, their encryption source code is available and therefore is allowed, right?

[x1798DE]

While I am firmly in the "ProtonMail is snake oil" camp, this is obviously a stupid move on PayPal's part (why are people even still using them?). Even if the old idiotic export control laws were in place (they are not, and Paypal should know that, since it uses TLS and doesn't check the physical location of the counterparties before negotiating an encrypted session with them), it's not even clear to me that ProtonMail would be subject to them, since they are based in Switzerland (assuming their technology was developed in Switzerland). Are they even US citizens?

[dspillett]

> While I am firmly in the "ProtonMail is snake oil" camp

Could you point to some analysis of that? I can see many people shouting "javascript crypto!" which I agree seems to be the only way they can do what they claim in a cross-platform manner, but I see no such detail of what they are doing (or planning to do) in that regard. All the funding advert page stats if "end to end" not "end to end using technology X".

> why are people even still using [PayPal]?

Momentum due to critical user mass, and lack of alternatives in many places, most likely. Other payment processors are not as available globally, charge more, or are even less trusted then PayPal. Bitcoin is too unstable for my tastes, and not something I see Joe Public using en-mass in the near future.

Using Bitcoin for this would make sense though: I would guess that most (if not all) those paying in are users of the currency already or would be willing and technically informed enough to join in for just this purpose.

> Are they even US citizens?

While that probably should be relevant, I doubt it is something that PayPal really consider. They have concerns in the US and are not going to risk having them frozen by going up against US law over this any more than I am going to sue PayPal over a few tens of $ - it would cost too much in time, legal fees, and so forth. Where something might contravene US law in any way they'll block now and ask questions later mainly because they don't want those enforcing US law to do similar (slap PayPal now, ask questions later).

[DanBC]

See also Paypal blocking anything vaguely connected to Cuba.

I live in England. Let's say I want to go to see something about the Buena Vista Social Club, and that it is held in London. (London, England).

I am not allowed to use PayPal to pay, because Cuba.

People have tried and failed to buy dresses that are called "cuba".

[xenophonf]

That actually makes sense. Paypal is subject to U.S. embargoes of Cuba, Iran, Syria, etc. Yeah, it's kind of stupid to just do a pattern match, but until we invent A.I. strong enough to figure out when "Buena Vista Social Club" means London and not Havana, it's probably smarter to dedicate scarce resources to handling exceptions to the pattern match.

[higherpurpose]

Does this look like it has the backing of the law to you? It looks a lot like when Amazon received a phone call to shut down Wikileaks. I imagine the same happened here - just a phone call to the right people inside Paypal.

If the actual law was being involved, we'd see some kind of legal notice at the very least. And even then it would be a BS request that could easily be challenged.