- Authorities in Belarus decided to block ProtonMail in the country after a user sent multiple bomb threats.
- The service was caught by surprise, as no one contacted them to report anything about the issue.
- The actor could be outside Belarus or use a different service now, so blocking the product wasn’t the best choice.
As reported by ZDNet, the users of ProtonMail have lost access to their trusty encrypted email service after a mysterious attacker spread bomb threats on Friday. This blocking decision was taken after the authorities figured that the attacker used the particular tool to send the threats over government institutions and various private companies and organizations. The receipting entities include hotels, airports, railway stations, tech news sites, industrial company offices, and financial firms. The blocking action occurred on the ISP level, and at the time of writing this piece, it is still in place.
According to details that come from ProtonMail representatives, the Belorussian authorities have acted independently and didn’t contact them at all. As they point out, blocking the service in such a bulk manner, affecting their entire userbase in the country was the wrong path to take. Instead, they could have notified the Swiss authorities who would have handed over a blocking request to ProtonMail, and the software firm would finally block the particular account. Moreover, and as the sending of bombing threats constitutes a violation of ProtonMail’s use and service conditions, the platform would have taken immediate action against the infringing account if they were notified about it.
Besides all that, blocking ProtonMail may very easily not be an effective measure against the actors. For example, they could just use a different encrypted communication service and begin sending threats again. Moreover, they could reside outside the country, so they may still be able to access and use ProtonMail’s email services. This is a classic example of an unjustified large-scale blocking and a form of an asymmetric response involving blatant internet censorship that just doesn’t make sense from a technical perspective.
Back in March, we reported about how the Russian authorities ordered their ISPs to block access to the ProtonMail SMTP server, following a wave of demonstrations in Moscow. People were protesting against the lack of internet freedom in the country, and the Russian government figured that the organizers were using ProtonMail for their communications. Interestingly, the Federal Security Service which imposed the block put forth bomb threats as the official excuse for the measure. Belarus temporarily blocked ProtonMail again back in July, but they never explained why they did it. Maybe they were testing a blocking method, or they had a reason to fear something. Whatever the case, using ISPs to block services at will and in such a wholesale manner is harming the internet freedom in the country.