A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
-
@egonw ProtonMail isn't based out of the US. The government of the country it is based out of demanded this information, and provided it to the FBI under a MLAT.
@iampytest1 ah, right. sorry, my bad
-
@iampytest1 @404mediaco You can't reveal what you don't know—that's where the mistake lies.
@NoMAD they can't not have payment information. They offer anonymouspayment options, and the free version doesn't require any PII at all.
-
@proscience in what way am I wrong?
I might have misread the article; if I did, I can edit my post. -
@404mediaco
I guess I need to move to @Tutanota -
A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@404mediaco so, even the respected Proton no longer guarantees privacy or security!
-
A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@404mediaco I don't see how they could avoid storing the payment information if they want to collect payments. And if they are legally required by the Swiss government to provide that information, what can they do?
-
@404mediaco I don't see how they could avoid storing the payment information if they want to collect payments. And if they are legally required by the Swiss government to provide that information, what can they do?
They are required to store client identification data for 6 months by #Swiss law
Art. 22 SPTA
-
A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@404mediaco@mastodon.social
After that French climate activist, every gov on earth knows how to obtain data from Proton Mail.
They just need to ask the Swiss government to request data, instead of requesting data directly from Proton AG.
Stopgap measure:
Use Tor Browser to access Proton Mail
Do not pay (money is always easier to trace than network packets)
Turn off all security logging feature in Proton account settings
#ProtonMail #ProtonAG -
@404mediaco
I guess I need to move to @Tutanota@LittlePolarBear @404mediaco @Tutanota How would Tuta have helped you here? You think they’re defying a court warrant on your behalf?
-
@iampytest1 @404mediaco For those who are threat modeling risks it’s worth noting this person was not charged with any crimes. So the US will request sensitive info that doesn’t lead to anything worth criminal charges, but Proton and the Swiss will hand it over without seemingly much protest
“404 Media is not publishing the person’s name because they don’t appear to have been charged with a crime, according to searches of court databases.”
Put another way, Proton and the Swiss will hand over user info of folks free of criminal charges to the US government.
@sylvie Not saying the subpoena here is justified, but subpoenaing records is a normal part of the investigate process which can come before a person is charged. The article doesn't say when this occurred or why they weren't charged, and without more detail on the facts the subpoena was based on, its hard to say what the FBI knew when it issued it and what it learned afterwards afterwards.
The question here is what are the terms of the MLAT between the US and the Swiss government, and what rules the FBI and the Swiss government have for handling this.
I'm not familiar with the FBI's internal workings, and I know nothing about Swiss law or the details of the MLAT.
Edit: obviously that isn't the right section of the Justice Manual. -
@404mediaco Hmmn, I have a free account there, but there are arguably other ways for a Swiss court to identify me. IP would, but I use TOR.
Any thoughts folks, on how to de-anonymise me?@davecb @404mediaco E-Mail content and metadata would be the most obvious way. If you ever used this account for anything that could be linked somehow to your identity they could easily deanonymize you. And otherwise it depends on who wants to get your PII and how many resources do they have. If they have enough ressources they can deanonymize everybody and tor will not help you. But for most people that should be fine I think.
-
@davecb @404mediaco E-Mail content and metadata would be the most obvious way. If you ever used this account for anything that could be linked somehow to your identity they could easily deanonymize you. And otherwise it depends on who wants to get your PII and how many resources do they have. If they have enough ressources they can deanonymize everybody and tor will not help you. But for most people that should be fine I think.
@davecb @404mediaco other than that I guess you use the Tor Browser (and not just a standard browser routed over Tor) on a somewhat save OS (no Windows, macOS, Android etc but something like Linux/GrapheneOS)?
-
@LittlePolarBear @404mediaco @Tutanota How would Tuta have helped you here? You think they’re defying a court warrant on your behalf?
@wonkothesane @404mediaco @Tutanota It's fine, I learned something today. That's what the Internet is for.
-
@cloud @iampytest1 @404mediaco Proton’s transparency policy could be read as Proton being capable of contesting the orders Proton believes fails to meet Swiss criteria. It does not specify if the aggregate contested orders include contesting with the Swiss government. “contested” contrasts with the “rejected” language when describing requests made directly to Proton by foreign entities, so Proton contesting requests made through the Swiss government would be a fair interpretation by users in my opinion. Further, Proton says that it hands over data if Swiss law is broken. Thus, it might be reasonable to assume Proton only hands over data if there is provided evidence an account was used by someone breaking foreign law similar to Swiss law. There being no criminal charges pressed in the US suggests that maybe there was no law US or otherwise violated, but info was given anyways to the US.
Obviously we don’t have full context, but we know from Proton’s transparency policy, Proton alleges they contest orders… and from 404media reporting that no charges were filed against the person… which is why this news report is bound to be frustrating and concerning for those who thought the bar for sharing info via MLATs might be more rigorous
-
@sylvie Not saying the subpoena here is justified, but subpoenaing records is a normal part of the investigate process which can come before a person is charged. The article doesn't say when this occurred or why they weren't charged, and without more detail on the facts the subpoena was based on, its hard to say what the FBI knew when it issued it and what it learned afterwards afterwards.
The question here is what are the terms of the MLAT between the US and the Swiss government, and what rules the FBI and the Swiss government have for handling this.
I'm not familiar with the FBI's internal workings, and I know nothing about Swiss law or the details of the MLAT.
Edit: obviously that isn't the right section of the Justice Manual.@iampytest1 Yes agreed. One might think MLATs were used for more serious criminal offenses which is why the little context provided is bound to cause concerns for those directly within or planning travel to the US. That no criminal charges were pressed, but the US sought info, and that info was provided will ideally cause some interesting discourse on MLATs. For example, US and Switzerland vs US and Germany
-
@davecb @404mediaco other than that I guess you use the Tor Browser (and not just a standard browser routed over Tor) on a somewhat save OS (no Windows, macOS, Android etc but something like Linux/GrapheneOS)?
@DrRac27 @404mediaco Linux, for something that would be considered "restricted" (in the sequence restricted, confidential, secret and top secret)
-
A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
Desde cuando Protonmail tiene que proteger delincuentes?
-
They are required to store client identification data for 6 months by #Swiss law
Art. 22 SPTA
@manankanchu @jtb @404mediaco Which is very common practice worldwide - exact timelines vary, but in general it gets stored for quite some time. If you want your payments to be as invisible as possible, you find methods that cannot be directly traced to you. Mailing money, using a prepaid gift card, or cryptocoin via multiple layers of abstraction to make it hard to trace who each transaction involves.
This is a reminder of what data can and cannot be accessed. Proton might not be able to hand over the direct contents of your emails and whatnot, but data like this can be handed over if required.
-
J jeppe@uddannelse.social shared this topic
