cross-posted from : https://lemmy.zip/post/60387297
Proton Mail provided Swiss authorities with payment data for [email protected] — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.
Proton is clear that they complie with legsl government requests and post stats about how many they fight and handover. They offer private ways to use the service and if you dont take them thats on you.
No, they responded to a legal request by the swiss government to provide banking details.
Sounds just like Proton in the article:
Proton AG clarified they shared no data directly with the FBI — technically accurate but missing the point.
The point is that the headline is true. Proton helped the FBI uncover that person’s identity, by revealing their banking information.
Yes, it was legal for the Swiss government to request that information and for Proton to release it when asked.
Those facts aren’t mutually exclusive.
I don’t understand why you’re responding so aggressively.
Because people are like “OMG proton is such a snitch time to switch to <other service that will do the exact same thing>”
Thanks for explaining. I’m not “people”.
I had a similar feeling about people leaving Discord for <other service that will do the exact same thing>.
Nah, discord has access to unencrypted chat logs and will happily give that up. Way way more of an impetus to leave.
Again, they did not “aid” nor “give” that information. They were legally obliged to do so. There was never a choice. This could’ve happened with literally any company, E2EE stops them from being forced to turn over the emails themselves, but basic account metadata (creation date, payment methods, contact details, potentially IP access logs) will always be available. What you can do is limit the amount of information a provider requires/saves (for which Proton is a good choice) or don’t rely on a company at all and roll your own email server.
Furthermore, you can pay with bitcoin or even cash (sent to their HQ by mail). That way they’d have even less on you.
In this case, wouldn’t rolling your own email server make it even easier to find you, since they’ll just have to look up who registered the domain you used for your email address?
Depending on how you register the domain, there are some registrars that require no info at all. One of those paid with Monero creates no links to your identity.
But yes, self-hosting does not shield you from court orders. If they find you they can still access your shit, depending on how much your country’s infosec police gives a shit and/or how closely they cooperate with US agencies.
In fact, knowing that the only thing Proton was able to hand over was the credit card identifier is pretty solid proof that they in fact cannot access (and thus provide access to) your email account and its contents.
If full anonimity is the goal then stick to crypto or cash payments, because credit card always leaves a trail and not a single email provider is above the law in that regard.
This case is entirely the fault of the user’s bad opsec.
proton mail and tutanota(?) are both walled garden faking it as if theyre super safe
Proton has a history of breaking the spirit of its promise to users. Does Tuta?
This marks Proton’s third known disclosure to authorities. They previously handed over a recovery email for a Catalan Democratic Tsunami activist and were forced to log a French climate activist’s IP address via Europol — despite claiming they don’t log IPs by default.
Each case followed the same script: foreign law enforcement pressure, Swiss legal compliance, user anonymity compromised. Like watching the same Netflix thriller where the plot twist stops being surprising.
The frustrating part is all the simps telling you that E2EE makes it safe, nah the same way they can log the IP of a user when asked, they can use the JavaScript they send you when you open protonmail to upload whatever emails they want access to, or your to key.
If you want E2EE use GPG, otherwise you’re just pretending.
More and more I consider just self hosting. Does have obvious drawbacks though 😅
Even some commercial less well known mail providers are sometimes blocked by big players like gmail and outlook for anti-spam reasons.
Nope. Take for example Gmx.
Due to the heuristics some of the providers have, such as Microsoft, they will start classifying mail sent from gmx as spam and auto move it to people’s spam folder. They have developed their own internal trust metrics and these periodically just spambin low trust servers
They complied with Swiss law. Only the name on the credit card was given.
