Submitted 1 day ago by schizoidman@lemmy.zip to technology@lemmy.world
cross-posted from : lemmy.zip/post/60387297
Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.
No, they responded to a legal request by the swiss government to provide banking details.
Sounds just like Proton in the article:
Proton AG clarified they shared no data directly with the FBI — technically accurate but missing the point.
The fuck is the point? That banking details are subpeonable?
Proton is clear that they complie with legsl government requests and post stats about how many they fight and handover. They offer private ways to use the service and if you dont take them thats on you.
Europe bullied them out of their tax haven status a decade or so back. Germany and others made them hand over tax scofflaw account details. It was in the papers don’t remember the year.
And that’s why I only use Proton’s free tiers. If they are going to openly support Dementia Don and openly hand out their users to fascist governments like Spain or the US, then I can at least do my part by being a financial burden to them.
This is one of the most insane and detached takes I’ve ever seen
They complied with Swiss law. Only the name on the credit card was given.
Could’ve paid with crypto, choose not to.
I’m not sure entering the ponzi scheme that is cryptocurrencies would have helped in this case.
or even cash
Yeah using a public ledger would have saved the FBI having to get a warrant, especially given how in bed crypto-exchanges are with Trump
We still blaming basic OpSec mistakes on Proton?
Sad to see the Swiss are still complying with demands from a fascist regime.
If you’re going to be doing illegal shit in your activism, you should consider using anonymous communication methods like SimpleX.
Remember when Switzerland was neutral?
When was that? They took in the Nazi gold.
Switzerland is not a safe jurisdiction.
My question is what’s the legal requirements for payments? How long do they have to keep transaction records and do they have to connect this too accounts? This should be available in the ToS(but cannot find this). Compare with Mullvad (mullvad.net/en/help/no-logging-data-policy)
I’m pretty sure proton offers a crypto payment of some form. Which would mean if this person had used that instead of a credit card, theoretically there wouldn’t be anything to subpoena.
I signed up for a proton account and they immediately suspended it for “suspicious activity.”
My IP is on some foreign blacklist I found out. No option to appeal or anything, no explanation, I would have to verify my account with personal information which defeats the purpose.
Garbage company, 100% handing information to the cia and israel I bet.
More and more I consider just self hosting. Does have obvious drawbacks though 😅
Even some commercial less well known mail providers are sometimes blocked by big players like gmail and outlook for anti-spam reasons.
Just set up dkim, SPF, and dmarc properly and you should be good.
Self hosted my mail for decades, the only issue i’ve had is Hotmail/outlook, who have blacklisted my IP with no way to unblock it.
Gmail is pretty good
proton mail and tutanota(?) are both walled garden faking it as if theyre super safe
Proton has a history of breaking its promise to users. Does Tuta?
This marks Proton’s third known disclosure to authorities. They previously handed over a recovery email for a Catalan Democratic Tsunami activist and were forced to log a French climate activist’s IP address via Europol — despite claiming they don’t log IPs by default.
Each case followed the same script: foreign law enforcement pressure, Swiss legal compliance, user anonymity compromised. Like watching the same Netflix thriller where the plot twist stops being surprising.
The frustrating part is all the simps telling you that E2EE makes it safe, nah the same way they can log the IP of a user when asked, they can use the JavaScript they send you when you open protonmail to upload whatever emails they want access to, or your to key.
If you want E2EE use GPG, otherwise you’re just pretending.
floquant@lemmy.dbzer0.com 1 day ago
Again, they did not “aid” nor “give” that information. They were legally obliged to do so. There was never a choice. This could’ve happened with literally any company, E2EE stops them from being forced to turn over the emails themselves, but basic account metadata (creation date, payment methods, contact details, potentially IP access logs) will always be available. What you can do is limit the amount of information a provider requires/saves (for which Proton is a good choice) or don’t rely on a company at all and roll your own email server.
idlesheep@piefed.blahaj.zone 1 day ago
In fact, knowing that the only thing Proton was able to hand over was the credit card identifier is pretty solid proof that they in fact cannot access (and thus provide access to) your email and its contents.
If full anonimity is the goal then stick to crypto or cash payments, because credit card always leaves a trail.
Venator@lemmy.nz 18 hours ago
In this case, wouldn’t rolling your own email server make it even easier to find you, since they’ll just have to look up who registered the domain you used for your email address?
floquant@lemmy.dbzer0.com 11 hours ago
Depending on how you register the domain, there are some registrars that require no info at all. One of those paid with Monero creates no links to your identity.
But yes, self-hosting does not shield you from court orders. If they find you they can still access your shit, depending on how much your country’s infosec police gives a shit and/or how closely they cooperate with US agencies.
joe@lemmy.world 1 day ago
Yeah, it’s the distinction between “anonymous” and “private”.
RIotingPacifist@lemmy.world 23 hours ago
They litterally gave information they were legally required to
Except it doesn’t, E2EE in browser is pointless, they send your browser the code that does the dycription, they can just as easily send your browser code that does decyption & uploads the contents to themselves.
Yes doing actual E2EE emails is harder because both ends need to use an email client and configure it to do encryption, but for amost all scenarios protonmail is no more technically secure than any other webmail provider.
I think offering per-user encryption that makes it harder for the company to data mine your emails is good, I just wish people would stop believing companies selling you “secure solutions”.
In this case defendtheatlantaforest would have been more secure if they used any free email provider and GPG, yet there’s a cult-of-produce around protonmail as if it’s offering you a level of security that it can’t.
tb_@lemmy.world 9 hours ago
Furthermore, you can pay with bitcoin or even cash (sent to their HQ by mail). That way they’d have even less on you.
veniasilente@lemmy.dbzer0.com 7 hours ago
With the caveat that in some of their procedures they (seem to?) require to append account information in the mail, so if the postage can be traced back to you that’s an issue.