If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
-
and with owners in the US, there's even more legal jeopardy potential. where the servers are located is less relevant than who owns them.
contrast that with Tuta, sure it's EU owned but you have to go through more layers to get to account details, and not as easily strong-armed.
though the French MS email saga from a while back makes it all muddier. French authorities will comply with requests made through the proper channels, a US judge said she didn't have to and demanded compliance - putting MS-France in non-compliance with the US court order, or non-compliance with French law.
All email providers that operate legally - including Tuta - must provide this info if they have it upon court request. If your threat model includes this risk, then having owners in a different country does not protect you at all.
To be clear, I like Tuta, but I haven't seen any evidence yet that they wouldn't be forced to do the same if they operate there. -
All email providers that operate legally - including Tuta - must provide this info if they have it upon court request. If your threat model includes this risk, then having owners in a different country does not protect you at all.
To be clear, I like Tuta, but I haven't seen any evidence yet that they wouldn't be forced to do the same if they operate there.agreed. however the reach of US courts is limited by entities that have no US ties. Tuta is still bound, and I expect that a properly processed request through German officials would result in a disclosure, but that requires a bit more rigour than I'd expect from an entity with US ties.
-
@evacide @cliffle @stinerman There is a thin line on logging stuff for user debug (being an isp/supplier for friends, i have some clue, not pretending it's expertise), therefor where is that line. also, i might understand that proton needs to comply with swiss law (which isn't up to date vs data retention and digital data, because totally f*ing legacy.) my short swiss citizen view : we're in deep shit with this and local politics dont care. ( i'm geneva's former pirate party founder and lost)
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide yeah proton has done this before and has made statements about it that proton is a privacy tool, not an anonymity tool. Hate to see it still though.
Its definitely good to make people more aware of this though, thanks.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide@hachyderm.io Glad that I paid them nothing while I was still using Proton Mail. -
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide cause of course
-
@evacide so the only real solution is to run your own mail server, because corporations will always do this if pressured?
-
-
-
@evacide@hachyderm.io Glad that I paid them nothing while I was still using Proton Mail.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide I support the idea that you should pay for your email service, if you value your privacy.
Using ANY commercial email service exposes you to surveillance and your identity being exposed. Especially if you use your iOS or Google device as a computer.
I continue to hold that Proton is better than a "free" gmail or microsoft account.
For example, I currently support my mastodon instance via Patreon. Patreon could and would expose my identity. They have my email. Still I persist. -
@Tekchip Feel free to reply to them while leaving me out of it.
@evacide More polite rebuttal than I could have managed.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide Privacy != Anonymity. Beware!
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide@hachyderm.io My reading and understanding of this, is that the Swiss govt order came from an MLAT request from the FBI, and not a US court warrant. Thus, the issue, to me, is how US law enforcement essentially uses MLAT to bypass what in the US could be withheld without an appropriate judicial review. Maybe I’m projecting a misunderstanding, but when I had to respond to such requests, in the ISP I ran, we would, generally, only comply with a legal warrant or order authorized by a court.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
Proton alternatives, for everyone's consideration:
️ Email: Tuta (free) or Proton (free tier)
VPN: Mullvad or IVPN (pay with Monero)
Password manager: Bitwarden (free)🥷
Email aliasing: Addy.io (pay with Monero) or SimpleLogin (belongs to Proton, but still, and Monero is an option apparently)Of course, those services and Monero might be honeypots, who knows. They're all FOSS as far as I'm tracking, but I didn't audit any of them personally. That's probably the best we've got I guess. And I believe some take cash payments too, if Monero isn't an option.
-
@evacide@hachyderm.io My reading and understanding of this, is that the Swiss govt order came from an MLAT request from the FBI, and not a US court warrant. Thus, the issue, to me, is how US law enforcement essentially uses MLAT to bypass what in the US could be withheld without an appropriate judicial review. Maybe I’m projecting a misunderstanding, but when I had to respond to such requests, in the ISP I ran, we would, generally, only comply with a legal warrant or order authorized by a court.
@steff A lot of people use Proton Mail because they think its location in Switzerland gives their data greater legal protections than it might have in the US or the EU. In some cases, this may be true, but as you can see in this example, these protections are not absolute.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide@hachyderm.io Fuck me, I've been trusting Proton to keep their heart and soul.
Not that I'm in the US or doing anything criminal, but it still sucks to lose trust.
I'm deeply locked in with Passmail and stuff tho, so it's not trivial to change providers.
-
Proton alternatives, for everyone's consideration:
️ Email: Tuta (free) or Proton (free tier) VPN: Mullvad or IVPN (pay with Monero) Password manager: Bitwarden (free)🥷
Email aliasing: Addy.io (pay with Monero) or SimpleLogin (belongs to Proton, but still, and Monero is an option apparently)Of course, those services and Monero might be honeypots, who knows. They're all FOSS as far as I'm tracking, but I didn't audit any of them personally. That's probably the best we've got I guess. And I believe some take cash payments too, if Monero isn't an option.
@victor_mori@infosec.exchange @evacide@hachyderm.io speaking of #Bitwarden, you could self-host #Vaultwarden
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide never understood why people liked them. I thought they were clowns ever since their first trivial reflected XSS when they initially launched
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide Anyone who thinks Proton, Tuta or any other company is going to disobey a court order to protect a user is delusional. Proton states upfront that for absolute anonymity, use a free account (or pay with cash or whatever) and only connect using their onion site. They've never given up the content of emails (cause its encrypted in such a way that they can't access). They've never given any log info for VPN use (cause they have a strict no logs policy). Its as simple as that.
