Discussion
Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester
sam0x17: Well I guess Proton cannot be trusted. You know what they say, centralization corrupts absolutely
mystraline: Given they were praising Trump, Vance, and gang - I called it then.I cancelled my Proton account when all of that hit Mastodon. Their VPN was good, but I dont support nazies and their toadies.
sithadmin: As a long time Proton customer...I am fairly certain Proton has always been completely upfront that they will comply with lawful requests for information from the Swiss authorities, if response is obligated by Swiss law. Therefore this isn't especially surprising.
bombcar: The key is and always has been to make sure that someone like Proton simply doesn't have the information so they can't give it away.
WithinReason: [delayed]
SunshineTheCat: Wild that it says this on their site:>Sign up with no phone number: Get a private email account without handing over more personal data than necessary, making it harder for advertisers, data brokers, and other services to track you online.I guess it doesn't mention law enforcement so ¯\_(ツ)_/¯
ranger_danger: The article explains that the account was identified based on a credit card payment for a paid account, which does not invalidate the statement in question IMO. Perhaps we differ on the definition of "private" or something else, but unless all parties are using proton, email is inherently insecure and somebody can/will have a record of your communication regardless.
h4kunamata: People will never understand, Proton is a privacy based email server, it is not the dark web where you can do as you please without consequences.Proton only has access to your IP and device ID, not your data. With IP and device ID, you can easily track an user like finding the ISP, etc.Do you wanna do naughty things?? Don't use such services do to so.And ironically,this 404 Media is the only place I found covering this information and they require you to login to read the whole thing.Hmmmmmmmmmmmmmmmmmmmmm red flag big time!!!!
Vaslo: I bet you make these big announcements in everything you do, and think that people really care.
idiotsecant: Based on the response it seems like a fair number of people found it interesting, but essentially nobody found your emotionally fragile whinging interesting.
mhitza: That's 404 media's approach. That's why I only read their headlines.In theory you could open up your protonmail account over tor and with bitcoin (or does that not work anymore?).Its been a good while since I tried them out. Why I don't recommend them anymore is because when I didn't extend my subscription in time (expecting an account downgrade), my mail was locked and emails hold on to as random. Allowed to login only for payment.That was one red flag from me, the second was when they shared IP address logs of a French protestor. Even though at the time they had a no logs policy, if I remeber correctly. Or if I don't.
rideontime: 404 Media has an excellent track record and is very reputable, if you're saying the "red flag" applies to them.
hypeatei: Proton doesn't really protect anything email related unless the recipient is also using protonmail. The article also points out they sought payment data, not "IP and device ID" information.
dgxyz: We do care. Someone's gotta stand up to it.
Vaslo: They’ll still be in business in 20 years. So much for all that standing up.
lucb1e: What device identifier are you referring to?
Vaslo: No whinging here, just pointing out the obvious of the self important. The only whinging I see is people using terms like Nazi for everyone they disagree with, and other people who jump into the comment section to back up this kind of childish rhetoric.
observationist: Proton isn't opsec, it's just the best available commercial clearweb host that still has to follow all the laws and comply with warrants, but won't be arbitrarily selling your metadata or engaging in the adtech garbage.Kagi is to google as proton is to gmail.You get web mail, custom domains, decent security, decent spam detection, solid features, and no PII being sold. Nice, clean, simple - I like paying them money. I feel good about doing business with them, and I don't run into that often these days.
netfortius: Here you are: https://archive.ph/Zvw3O
afavour: I really don’t think 404 Media having a login gate is a red flag. They’re a business that needs to make money and the alternative to subscriptions is ads, which would be exponentially worse for user safety than what exists today.
mistyvales: You can still pay with cash!
petcat: > The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties.Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?Although I guess the server location didn't matter in this case since all they wanted was the billing information and the credit card info to identify the person.
elashri: > Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?They said they want to relocate to Germany which I would say in a polite way, is much worse in this regard.
gruez: >the second was when they shared IP address logs of a French protestor. Even though at the time they had a no logs policy, if I remeber correctly. Or if I don't.You probably aren't remembering correctly given that specifically have a "login logs" option that can be toggled on/off.
lucb1e: > unless all parties are using proton, email is inherently insecure and somebody can/will have a record of your communication regardless.That the person you're exchanging messages with, has your messages, is hardly a surprise. Not everyone-but-Proton sells your data though so it's not quite that black-and-white
robcohen: > Proton only has access to your IP and device ID, not your data.I like Proton. I use Proton.However, the problem with proton is that if you access your email via a web browser, there's nothing stopping protonmail (to my knowledge) from reading your email from within their webapp via JS. This type of attack could be targeted at the behest of authorities.So, actually, Proton COULD read your email (IFF you use webmail).
gruez: >So, actually, Proton COULD read your email (IFF you use webmail).The authorities can also read your self-hosted email if they had a warrant to search your house. Even if you enable FDE they can do a cold boot attack.
Tepix: What if you use encryption?
mhitza: Thanks for the update of the current state.I think at the time there was confusion around their policies"ProtonMail logged IP address of French activist after order by Swiss authorities"https://techcrunch.com/2021/09/06/protonmail-logged-ip-addre...
tototrains: last time i tried they asked for an email to link the account to. I don't think they provide anonymous accounts anymore, but you can probably create one with another anonymous email.
renewiltord: This is disappointing. I would pay up to $10/month for an email provider who would go to jail for me.
gruez: https://en.wikipedia.org/wiki/Bulletproof_hosting
CodeWriter23: This should surprise exactly nobody after it was disclosed back in [checks notes] 2021 that ProtonMail gave up user data to law enforcement and also changed their TOS.
gruez: >after it was disclosed back in [checks notes] 2021 that ProtonMail gave up user data to law enforcement and also changed their TOS.You shouldn't even need that. A warrant isn't a strongly worded letter that they can just turn down. It's the law. Therefore you should assume that if the police can get a warrant, they can get your data. Even for people who don't follow the law (criminals), there's no guarantee they won't snitch on you.
Andrex: > Do you wanna do naughty things?? Don't use such services do to so.Is that really what happened here?https://en.wikipedia.org/wiki/Stop_Cop_City
loteck: Where are the stories about all the other mail providers who routinely cough up everything about your email account, including full content, metadata, and full payment details, on a daily basis?Proton is one of the few services who accepts anonymous payment, and cannot themselves provide encrypted content in cleartext. They cannot save you from yourself, though.
rationalist: Sounds like Fastmail, except Fastmail is less sketchy and has better deliverability.
perching_aix: FDE stands for "Full Disk Encryption" in this context.