- cross-posted to:
- privacy@lemmy.ml
You must log in or # to comment.
They gave payment data to the authorities, because, guess what, they HAVE to provide whatever is subpoenaed. Did they provide emails, IP addresses? Doesn’t say any of that. There’s the option of paying with crypto, but the imbeciles that know they are going to be at risk of being found, paid with a credit or debit card.
404 media is more of the same sensationalism laden bullshit out there. Make a fucking Strom out of a drop of water.
ITT people who believe you have to comply with government orders and call themselves anarchists
just really sad to call yourself a privacy company and then feed your customer to the gestapo
people can end up as embarrassing footnotes in history a number of different ways, but being a dishonest coward company in the privacy sphere is basically speedrunning it
I never trusted ProtonMail. Right when you sign up, you’re constantly bombarded with advertisements to upgrade to pro. They’re plastered everywhere with obnoxious banners.
I get that they’re a business and they need money to operate, but the ads are so obnoxiously “in your face” that in my mind their priority isn’t your privacy, it’s your money.
Tutamail is the better service.
They’re a paid service with a free tier — of course they promote upgrades. That’s literally how freemium products work.
But ads for a paid plan don’t suddenly mean the privacy model is fake. By that logic every privacy service with a free tier would be “untrustworthy.”
If you prefer Tuta, fine — but pretending Proton exists only to grab money is a pretty shallow take.
Oh boy, their man fawning over Trump is aging like fine milk.
Proton the company that prides itself protecting privacy when it is literally the law of the country they are in. It is like a cabby advertising that they have license and insurance.
Protón don’t promise anonymity If you use your credit card to pay protón services. Maybe he has to learn more about OPSEC. 🤷♂️
Please, using crypto alone isn’t going to do shit. The barrier to entry for truly anonymous usage is not something most people will ever accomplish.
Privacy is effectively dead but yet we have a company trying to advertise about it. Proton has always been marketing garbage meant to attract people’s money.
Garbage company with no ethics other than taking care of their pocket book.
You’re mixing up privacy and anonymity. Encryption alone doesn’t make you anonymous — that’s true — but Proton never claimed it would. Their promise is that email content is end-to-end encrypted, which is why they can’t hand over the messages themselves.
In the case reported by 404 Media, the identification came from payment information, not from breaking encryption. If you pay with a credit card, your identity is already tied to the account. That would happen with any service under a legal jurisdiction.
The real takeaway isn’t that Proton is “garbage”, it’s that most people misunderstand what encryption actually protects.
I was talking about both. The fact that Proton exists as a middle man to expose a customer is the reality of the situation. Do you think they score points for blaming their customer!? I really have a hard time dealing with shills for corporations.
The real takeaway is the way Proton advertised itself was a fucking lie and now they have to spend all their time back peddling while shills like you do PR for them.
Garbage company with to leaders who say stupid shit about politics they don’t understand and make idle threats to their own government saying they are going to move like the little fascist bitches they are.
Proton didn’t “expose” the user by breaking encryption. According to the reporting, the identification came from payment information, which any company legally has to keep and can be compelled to provide under a court order. The email content remained encrypted.
This isn’t unique to Proton — any service operating under a legal jurisdiction is a potential middleman if it stores identifiable data. That’s exactly why anonymity requires Tor, anonymous payments, and strict OPSEC, not just encrypted email.
So the real lesson isn’t that encryption is fake; it’s that privacy tools don’t automatically give anonymity, and many people expect them to.
Proton, if it cared, could have taken any number of steps to mitigate this problem. Like I said, they created a false image of what they provided to the public and have been back peddling ever since. I get it you don’t see it that way and that you don’t view yourself as a shill.
You’re still confusing two completely different things: privacy and anonymity. Encryption protects the content of messages, not every piece of metadata around an account. Proton has always been clear about that.
In the 404 Media case, the identification came from payment information, not from Proton breaking encryption. If someone pays with a credit card, their identity is already tied to the account. That would happen with any provider under legal jurisdiction.
Honestly, the way you’re framing this suggests you don’t really understand how encryption, metadata, and OPSEC work. Encryption ≠ anonymity. Anyone who actually works in security knows that.
Is there any private way to have emails forwarded from a service like GMail to Proton? I know you could forward to an alias on the Proton account, or alternatively forward through a third party (which you would then have to also trust), but I want to hear from people who know more on the topic than me.
Private from what? Google sees the forwarded emails anyway.
Yes, that’s basically what I was getting at. So it sounds like as long as Google knows the account emails are being forwarded to (can see the headers) there is no notion of privacy.
The way email forwarding works is: email is being received in full (by Google in your case), they look up processing rules, and send a copy to your Proton account, then optionally delete it.
The only thing you protect yourself from this way is Google knowing your IP address every time you check email. They have seen the contents and all headers of forwarded messages.
Proton was legally ordered by the Swiss justice department to hand over the (severely limited) information about a law breaking organization’s account. They had paid for Proton using a credit card instead of the anonymous payment methods Proton offers, and that is what Proton was forced to hand over. It was the organization’s bad OpSec, not Proton willingly deanonymizing users.
Yeah, I am no fan of proton and they have lied before (no log VPN logs magically finding logs for authorities and then later removing the no-log claim).
But this is literally just proton being legally compelled to hand over data the user willingly gave (not being harvested or de-encrypted). A nothing story.
Hopefully people like you will be able to nip this in the bud before yet another joke of a controversy starts…
You must be new here…
On the one hand, I really like how often Proton’s shortcomings are highlighted. This SHOULD be a wake up call that you should never rely on a company to protect you and should instead focus on what you can do to ptorect yourself. And Proton… actually are pretty good in that regard. Connect from a burner/live image computer over public wifi using tor (or something similar) and their free accounts are STILL the gold standard for journalism and whistleblowers.
But the problem is that people are stupid and lazy (and many outlets actively benefit from "Eww, proton is bad. If only they had paid for NordVPN to really protect them from the FBI! ~Note, NordVPN provides no guarantees of protection~ ". So we just get stupidity.
OP’s title certainly doesn’t help.
You must be new here…
On the one hand, I really like how often Proton’s shortcomings are highlighted. This SHOULD be a wake up call that you should never rely on a company to protect you and should instead focus on what you can do to ptorect yourself. And Proton… actually are pretty good in that regard. Connect from a burner/live image computer over public wifi using tor (or something similar) and their free accounts are STILL the gold standard for journalism and whistleblowers.
But the problem is that people are stupid and lazy (and many outlets actively benefit from "Eww, proton is bad. If only they had paid for NordVPN to really protect them from the FBI! ~Note, NordVPN provides no guarantees of protection~ ". So we just get stupidity.
@Charger8232 @jrcruciani The bug is between keyboard and chair. It is always a problem to use crédit card.
B…But…Swiss evil?
Some people in the comment section are really dumb switching to other alternatives thinking that Proton isn’t trustworthy because they gave the information despite the organisation not using anonymous currency. What’s ironic is that some of these people are switching to those alternatives where you can’t even use anonymous currency.
Also, kind of a clickbait title.
This instance really wants to dislike Proton.
You really want to give your email provider your phone number. “Privacy” for instances that assemble botnets and block VPNs doesn’t even include avoiding metadata collection. You guys are simply very salty and lazy that the best-advertised options are all connected to NATO intelligence agencies. Which really should be obvious to any person that hasn’t thrown their intuition in the garbage due to its interference with their entertainment. You really bought the Swiss Nazi neutrality ploy, closing in on a century past its expiration date. Is this not bleak?
It’s an observation. Who’s salty? Source me every one of your claims as it pertains to Proton.
Literally a reply from a block of salt.
Who? them or me? I just wanted to see where the user was getting their claims from because they leveled a lot of shitty assumptions my way for no reason and I just wanted to learn.
So salty then.
Lol. Guess so. Thanks for the laugh.
Use monero.
Being secure online and being anonymous online is not the same. Proton only promises one of those.
They have a .onion site. Use it always.
And don’t pay with a credit card if you’re committing crimes lmao
I’ve been a paid protonmail user for years. What should I use instead?
If you don’t give information to Proton AG which they can be legally forced to hand over, you’re alright.
If you’re worried Proton could identify you to authorities, either just make a new Proton account and pay anonymously (cryptocurrency or cash by mail), since that’s the only way this person was identified, or you could use what I’d consider to be the next-best, which is Tuta.
Nowhere near as slick a UI, less overall offerings (only email and calendar), but it costs less and generally provides similar security and privacy to Proton. Though again, you’d have to pay via private means, otherwise you’re gonna get identified by the same mechanism this person was if the government really decided to come after you by your account.
this person said it once, but I’ll say it again.
the same thing can happen on Tuta unless you pay with an anonymous method. these are privacy focused email providers, they are not anonymous email providers. they keep as little data on you as they need, but if you’re paying with a credit card then obviously you have your real name tied to the account.
Create a new account in Tor Browser. Pay with monero.
Never link your old account to your new account. Never write your name. Never email anyone off proton mail, unless you setup PGP first. Never login to your new account in a browser other than Tor Browser.
Proton is the best option, but tech can’t fix stupid.
Being secure online and being anonymous online is not the same. Proton only promises one of those.
I just switched from proton to mailbox. Mailbox gives you a say so over what happens when law enforcement asks for your account info.
Mailbox.org doesn’t have the option for anonymous payments beyond payments in cash, which was the reason for the article in the first place.
It does t matter if you have the ability to simply delete all of your account info.
It doesn’t matter if they keep it anyways. Always assume anything you put on someone else’s servers is there forever.
That image doesn’t say anything about law enforcement tho?
