cross-posted from: https://lemmy.zip/post/60387352
cross-posted from : https://lemmy.zip/post/60387297
Proton Mail provided Swiss authorities with payment data for [email protected] — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.
In addition to what @[email protected] said, as long as any third party is involved in the handling of PII, there should be no expectation of privacy whatsoever. For instance, I use Mullvad VPN, but that is as much a political/ideological statement to me as it is but one countermeasure against malicious actors in a very complex cyber environment. I could go on about how Mullvad has proven over and over - through third party audits and through actual incident response - that they have zero data to hand over to the authorities. But I won’t, because that’s not the point here. The point is: if I was involved in something that made me interesting to the authorities in any capacity, putting my trust, privacy, security and life in the hands of one company would not be the way to go about it. Not even in Mullvad, which I otherwise use.
Good OpSec is not about relying on technical solutions. It’s about real-world threat modeling, assessment, having three backup plans and careful execution.
Is it morally questionable for Proton to cooperate with the authorities going after activists? Yes. Should there be any expectation of privacy and/or security from the end user’s point of view? No.
Manage your expectations and scheme accordingly.
Im not a fan of proton, but this trend of blaming corps for individuals poor opsec (paying with a method linked to their real identity) is pretty lame.
Do people using these services actually expect a corporation to break laws or violate court orders on behalf of their users?
Proton regularly releases very clear info about how often they comply with legal orders, this isnt a secret and its certainly not protons fault that activists had poor opsec.
Morality / Deepstate convos aside. I personally I can’t really fault proton on here. They are the only public provider I’ve seen with 0 tracking across any of their apps.
What they provided was payment info.
Proton handed over the info to the Swiss government under a specific law. The Swiss government then turned around and readily handed over that info to the FBI without telling Proton that’s what was going to happen.
It doesn’t make anyone innocent here. Just adding that for clarity because this headline I keep seeing is not correct.
They could have used a private payment method. Not saying it’s ok what happened, but they gotta comply with the local laws.
You want privacy ,go offgrid and pay cash for email provider ,never use a creditcard
Privacy ≠ Anonymity.
They are not the same thing, and proton are very transparent about what they will and won’t do in this regard.
