If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide Privacy != Anonymity. Beware!
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide@hachyderm.io My reading and understanding of this, is that the Swiss govt order came from an MLAT request from the FBI, and not a US court warrant. Thus, the issue, to me, is how US law enforcement essentially uses MLAT to bypass what in the US could be withheld without an appropriate judicial review. Maybe I’m projecting a misunderstanding, but when I had to respond to such requests, in the ISP I ran, we would, generally, only comply with a legal warrant or order authorized by a court.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
Proton alternatives, for everyone's consideration:
️ Email: Tuta (free) or Proton (free tier)
VPN: Mullvad or IVPN (pay with Monero)
Password manager: Bitwarden (free)🥷
Email aliasing: Addy.io (pay with Monero) or SimpleLogin (belongs to Proton, but still, and Monero is an option apparently)Of course, those services and Monero might be honeypots, who knows. They're all FOSS as far as I'm tracking, but I didn't audit any of them personally. That's probably the best we've got I guess. And I believe some take cash payments too, if Monero isn't an option.
-
@evacide@hachyderm.io My reading and understanding of this, is that the Swiss govt order came from an MLAT request from the FBI, and not a US court warrant. Thus, the issue, to me, is how US law enforcement essentially uses MLAT to bypass what in the US could be withheld without an appropriate judicial review. Maybe I’m projecting a misunderstanding, but when I had to respond to such requests, in the ISP I ran, we would, generally, only comply with a legal warrant or order authorized by a court.
@steff A lot of people use Proton Mail because they think its location in Switzerland gives their data greater legal protections than it might have in the US or the EU. In some cases, this may be true, but as you can see in this example, these protections are not absolute.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide@hachyderm.io Fuck me, I've been trusting Proton to keep their heart and soul.
Not that I'm in the US or doing anything criminal, but it still sucks to lose trust.
I'm deeply locked in with Passmail and stuff tho, so it's not trivial to change providers.
-
Proton alternatives, for everyone's consideration:
️ Email: Tuta (free) or Proton (free tier) VPN: Mullvad or IVPN (pay with Monero) Password manager: Bitwarden (free)🥷
Email aliasing: Addy.io (pay with Monero) or SimpleLogin (belongs to Proton, but still, and Monero is an option apparently)Of course, those services and Monero might be honeypots, who knows. They're all FOSS as far as I'm tracking, but I didn't audit any of them personally. That's probably the best we've got I guess. And I believe some take cash payments too, if Monero isn't an option.
@victor_mori@infosec.exchange @evacide@hachyderm.io speaking of #Bitwarden, you could self-host #Vaultwarden
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide never understood why people liked them. I thought they were clowns ever since their first trivial reflected XSS when they initially launched
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide Anyone who thinks Proton, Tuta or any other company is going to disobey a court order to protect a user is delusional. Proton states upfront that for absolute anonymity, use a free account (or pay with cash or whatever) and only connect using their onion site. They've never given up the content of emails (cause its encrypted in such a way that they can't access). They've never given any log info for VPN use (cause they have a strict no logs policy). Its as simple as that.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide This...seems perfectly normal? Like, what was Proton's alternative here?
-
-
@Tekchip Feel free to reply to them while leaving me out of it.
-
@evacide This...seems perfectly normal? Like, what was Proton's alternative here?
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide Yes, that's following the law. All reputable companies follow the law.
I'm not a big fan of 404 media for the way they try and hype things that people might need info on or be ignorant of, but use terms of sensationalism.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide use cyberfear and their related mailum
-
@evacide so the only real solution is to run your own mail server, because corporations will always do this if pressured?
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide aren't their servers based in Switzerland
-
@private_brewing @evacide I guess? It's definitely nontrivial because they have to deal with recurring payments (so they need _some_ way to charge the card even if someone isn't logged in, since paid accounts are not subject to auto-deletion).
The rhetoric around this has been pretty shitty too because *of course* Proton is going to comply by sharing whatever little info they have if ordered by a Swiss court - they make that exceptionally clear.
-
@private_brewing @evacide I guess? It's definitely nontrivial because they have to deal with recurring payments (so they need _some_ way to charge the card even if someone isn't logged in, since paid accounts are not subject to auto-deletion).
The rhetoric around this has been pretty shitty too because *of course* Proton is going to comply by sharing whatever little info they have if ordered by a Swiss court - they make that exceptionally clear.
@private_brewing @evacide And like, most alternatives would do *exactly* the same thing when ordered by courts in their jurisdiction. Other than Tutanota and perhaps a few others, most have access to *more* information, and some of the big ones *proactively* share information.
The fact that some people have the gall to sit here saying that Proton, a company, should refuse to share info after being ordered by a Swiss court is ludicrous.
-
@private_brewing @evacide And like, most alternatives would do *exactly* the same thing when ordered by courts in their jurisdiction. Other than Tutanota and perhaps a few others, most have access to *more* information, and some of the big ones *proactively* share information.
The fact that some people have the gall to sit here saying that Proton, a company, should refuse to share info after being ordered by a Swiss court is ludicrous.
@private_brewing @evacide And I agree with you that the best option perhaps would be designing a payments system that allows all of their usecases without storing payment tokens or whatever in "plaintext" (meaning accessible to the company). Given the care they put into literally every single one of their products, I find it hard to believe that they would not have implemented this if it were trivial.
-
If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@evacide
I don't know why people are so surprised by this. Few people bother to read it but Proton do spell out about data disclosure and law enforcement in their privacy agreements etc.
https://proton.me/legal/privacy
️
