• VerseAndVermin@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    It looks more like multiple companies were needed to pin the individual. I don’t expect any company to not comply with legal requests. My understanding is this is why it’s important to know what information a company retains.

    For my own use, I have used Proton just to mitigate being a source of ad info and to get better service. I’m not interesting enough to overthrow anything.

    • Simon Müller@sopuli.xyz
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Most info came from the fact that they made the move to link their personal iCloud Mail as a recovery method.

      Infinite wisdom.

  • Zerush@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Logically, any service, whether private or not, is required by law to reveal the user data they have, if there is a court order for a criminal investigation. Proton cannot refuse, if it does not want to face a complaint that could even lead to the closure of its service. That is, in this headline the “Proton Mail” can be replaced by any other email, host, chat, social network, VPN, Lemmy, it can occur in any of them. As said, read TOS and PP of what you use

      • FutileRecipe@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        Out of curiosity, can you link where Proton said they don’t have the user’s recovery email, that the users themselves attached to their Proton account?

      • Zerush@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        They don’t have information about the content of the mails, but same as any other mail provider the account data and the IP, this is the data which they can provide to the police. The rest are informations from the ISP and from own investigations of the police itself. Because of this the title that “Proton discloses user data leading to arrest in Spain” is somewhat sensationalist.

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 months ago

    And then I am the one exaggerating… I’ll say it again, Proton is just another company that managed to find clever ways to profit from a group of people who value things such as “privacy”.

    They’re just a very large marketing effort with little to nothing to show but everyone is convinced they’re actually protecting users while they keep pushing proprietary / half open and non standard stuff as solutions for problems already solved with truly open tools, standards and protocols.

    • tranxuanthang@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Proton did nothing wrong here; in fact, it is working as intended.

      No email content or attachment was provided in this case because they (Proton) have nothing to give. Now, imagine if this user were using Gmail instead of Proton.

      The article title is clickbait and is trying to incite outrage from the crowd. Don’t fall for it.

      • TCB13@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        now, imagine if this user were using Gmail instead of Proton.

        Now imagine if the user was using Gmail + PGP… same end result. Proton delivered no extra value whatsoever.

    • OsrsNeedsF2P@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      Tutanota is what a lot of the XMR people use/endorse.

      For the record I used to use Protonmail and VPN, but one day my password just randomly stopped working and I lost access to everything. Switched over to Tutanota and Mullvad and have had zero issues since.

      • TurboHarbinger@feddit.cl
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        Bro this reads like an ad. You using VPN has nothing to do with YOU losing your password.

        Edit: might add this is the classic bad user you see in tech support.

        CAPS ON

        types password

        Login failed

        tries the same password several times

        gets locked out

        blames the service

        • OsrsNeedsF2P@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          Lmao you’re right. Removed the first part. It came to look like an ad because I posted my first thought, then came back with my second one and appended it.

          As far as the password goes, to this day I have no idea how it happened. I don’t want to admit I use the same password for everything, but ye know… it just stopped working for Proton one day.

    • telep@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      only as private as you make it. they are required by law when mandated by a warrant to release IP & other (unencrypted) data they have on you. use a proxy to connect & take other opsec measures to conceal your online identity just like other sensitive web browsing activities if you want to use email “privately”.

      this is really only helping anonymity though, as the email protocol has no built in encryption. unless you are using PGP it really isn’t apt for secure communication at all.

  • lemmyreader@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 months ago

    All the commenters suggesting that Proton is just a company and would always give in to legal requests and all other companies and any email provider would do the same, here’s some more to add. Yesterday I saw a now invalid toot comment from ProtonPrivacy on Mastodon Social where they wrote that it was Apple who was to blame and that Proton gave the recovery email address only because this was a case of a terrorism suspect suggesting that if that (terrorism) was not the case they would not have given in to the request. Today their comment sadly gives a 404 error. Searching a bit further this article comes up mentioning Proton and Wire :

    In the new resolution, the National Audience judge recalls that in January, in a judicial report he issued on the case, he highlighted a conversation from July 12th and 13th, 2020, about the king’s visits, which was included in the Tsunami investigative evidence, and of which he admits that until that point he had not made reference in his investigation which extends over the period from 2016 to 2022. Specifically, one of the people under investigation, the Girona businessperson Josep Campmajó, spoke to the figure named Xuxu Rondinaire, with profile @marietadelulllviu, about mobilizations in 2019, using the Wire messenger app. The judge has asked for the identification of this person, information now obtained by the Civil Guard, which details that they used Europol to ask the Swiss authorities for the Wire firm to identify the person behind this pseudonym, with a profile that is also used in Proton Mail, an encrypted email system. In the police cooperation form requesting the information, the Spanish officers indicate to the Swiss authorities that the investigation is for the crime of terrorism.

    • starman2112@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      So proton will only give users’ information to governments if the government calls the user a terrorist. Good thing governments don’t just throw that word around willy-nilly!

    • Proton@mastodon.social
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      @lemmyreader Yes, the name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can’t decrypt data, but in terror cases Swiss courts can obtain recovery email.

    • pacology@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      Proton is just a company and would always give in to legal requests and all other companies and any email provider would do the same

      It’s amazing how people easily forget about lavabit and what a company that is committed to real privacy is about.

  • bufalo1973@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    Proton should look who was asking the disclosure. He’s a known far-right judge that opens cases like beer cans. And the “terrorist” group is marked as such because someone had a heart attack the same day there were protests in Catalonia.

    • AeonFelis@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      Does it matter? He’s still a judge with a judge’s authority. If their policy is to obey the law then the political views of the judge don’t change the fact that his order was lawful.

      • bufalo1973@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        So if a Russian judge had asked the same the outcome would be the same too? Or a Chinese one?

        • AeonFelis@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          Depends on what you mean by that:

          1. A Russian/Chinese judge ordering the disclosure of data about a Spanish citizen? Then no, because judges from one country should hold no jurisdiction over citizens of other countries (unless it’s about things these citizens did in the judge’s country - which is not the hypothetical case here)
          2. A Russian/Chinese born person who became a judge in Spain? Then yes, because the judge’s ethnicity should not be a factor on whether or not their authority is respected.
          3. A Russian/Chinese judge ordering the disclosure of data about a Russian/Chinese (respectively) citizen? Then this depends on whether or not Proton Mail is willing to stop doing business in Russia/China (again - respectively). Though I’m not sure if that will save them, since it may still be possible, even after the cut ties with that country, for the government to go after them using international treaties.

          At any rate, my point is that the decision of whether you obey the law or protect your users should be about the country as a whole, not about any specific judge employed by it. Choosing to obey some judges of the country while ignoring the warrants signed by other judges of the same country is just stupid. The country will not trust you to respect their authority and will not permit you to do business there, while the users will not trust you to keep your promise to protect them and won’t use your service.

  • BananaTrifleViolin@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 months ago

    I’m not sure how I feel about this news story.

    On the one side, it’s good to make sure people are aware of the limitations of secure email providers. However on the other the article almost reads as of this should be a surprise to people?

    I use Proton mail and pay for my account. I don’t pay for anonyminity - I pay for privacy. They are two very different things.

    The article talks about Opsec (operational security) and they’re right - if you need anonyminity then don’t use your personal apple email as a recovery address. That is a flaw in the user approach and expectations that unencrypted data held by Proton is also “secure”. Your basic details and your IP address are going to be recorded and available to law enforcement. Use a VPN or Tor to access the service and use another untraceable email for recovery, and pay via crypto if you want true anonymity. And even then there are other methods of anonymous or untraceable secure email that may be better than Proton mail (such as self hosted).

    But for most users like myself, if you’re not looking for anonyminity then Proton is fine as is. My email address is my name and I use it to keep my emails secure and not snooped on by Google etc.

    Proton advertises itself as private, secure and encrypted. It does not claim to offer anonymity.

    • Cataphract@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      All valid points made in an academic setting. I think the general consensus, and the points other users are trying to make, involve more transparency and proper presenting of the facts in their statements. I have parroted the “oh you should try proton, they’re more private and secure” to other people. This is a factual but misleading statement without the nuance of higher OPSEC fundamentals.

      Just look at their main landing page for proton mail.

      • Proton Mail’s end-to-end encryption and zero-access encryption ensure only you can see your emails. Not even Proton can view the content of your emails and attachments.

      • Proton Mail protects you from these digital spies and prevents companies from monitoring you.

      • your data is protected by some of the world’s strictest privacy laws.

      • From newsrooms, activists, and international organizations to academics, Nobel Prize winners, and movie characters, Proton Mail is the trusted choice for secure and private communication. Join over 100 million people worldwide who believe their online privacy is worth protecting.

      A common user will look at this and believe that by just having this account, they will be protected. There is no asterisk* beside e-mail recovery explaining the dangers of linking to another e-mail. In fact, a lot of their services promote linking e-mail because you can’t use third party verification if you haven’t setup your recovery e-mail and/or cell phone verification. I ran into this trying to help an older relative who’s paranoid about online accounts, ended up being more hoops and they were dissuaded because it always come down to “enter more information to continue…privately ;)”

      The front landing page should have a section explaining everything that’s being said here with vpn’s, alternative e-mails, and how to really protect yourself with anonymity. To a lot of people, Private+Secure=Anonymous. It’s not accurate, but unless you already know the things you have to do to protect your identity, it’s not very clear on what the average person should do.

    • Coasting0942@reddthat.com
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Proton is the only one I know of who takes mailed cash.

      This was all an opsec problem. And not even an “exposed my ip address because a software bug leaked it” it was an “here’s my usual email address in case I get locked out”.

      The cops didn’t need to break into proton email. They just asked the backup email address for that stuff.

  • TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    Proton is not for activism. Treat it as bad as Gmail or outlook for that. Moon Of Alabama blog has lots of criticisms. If you want to be anal about using email for activism and whistleblowing, use a serious provider like Riseup or Disroot. All these Protons and Tutanotas are useless. They are only better than Gmail and Outlook.

    There are some idiots that spread nonsense about me that I am paranoid or whatever. Yes I am proud of it, because they are the incompetent ones. Big Tech “security” shills and a lot of kiddies without experience do this.

    • azalty@jlai.lu
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Not sure how they’re better than proton is terms of compliance and anonymity

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        How to tell you know nothing about privacy, security and anonymity without telling me that directly. Proton is a fucking snitch for activists.

        • azalty@jlai.lu
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          Source: trust me bro

          It’s just that more people use proton so more of them have their identity leaked. I don’t see how the terms of these 2 companies are better

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            6 months ago

            Are you trying to discredit Riseup and Disroot without evidence? Are you a fed by any chance, or a nasty troll? You can go read digdeeper’s blog on email providers. If you disagree, you may continue to deny, troll and get banned for speaking nonsense.

            • azalty@jlai.lu
              link
              fedilink
              arrow-up
              0
              ·
              6 months ago

              I’ve never heard of those 2 providers and they don’t seem to be any better. I’m just looking for facts to back that and so far I haven’t seen any

              Being skeptical doesn’t mean being a troll or a fed, wtf. I don’t know what you’re on but it seems cool

              As for the « are you trying to discredit … without evidence » I want to answer « what can be asserted without evidence can also be dismissed without evidence »

              • lemmyreader@lemmy.ml
                link
                fedilink
                English
                arrow-up
                0
                ·
                6 months ago

                I’ve never heard of those 2 providers and they don’t seem to be any better.

                You never heard of the other two providers but yet you already draw the conclusion that they don’t seem to be better. What does “better” mean to you in this context ?

                • TheAnonymouseJoker@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  edit-2
                  6 months ago

                  Yes. I am surprised people are downvoting me and upvoting him. He is the one who did no research, and I am on the opposite end of the spectrum. I write guides lol. This is privacy community. Anyone remotely serious about privacy must have heard of Riseup, Disroot, Posteo and others.

                • azalty@jlai.lu
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  6 months ago

                  Their privacy policy. They log IP addresses and are not immune to legal actions, and as such, are not really better than Proton in terms of legal actions

              • TheAnonymouseJoker@lemmy.ml
                link
                fedilink
                arrow-up
                0
                ·
                edit-2
                6 months ago

                If you have not dived deep into the rabbit hole, that is a you problem. What level of threat model and knowledge do you even have to be able to contest such claims, that you do not trust Riseup and Disroot? Denying facts and doubling down by not listening is a problem.

                I gave you a place to look for facts. If you do not want to and just want to speak gibberish without listening or backing up your claims, you can go to Reddit or PrivacyGuides/Techlore/some shit youtuber and worship Protonmail or Apple Private Relay.

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        Well, that is partially true. But email with PGP used by both users is not bad. Funnily, Nuegia owner tried to scold me over holding this view that you hold, few years ago.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          PGP doesn’t protect anything but message contents. Additionally, if you key it compromised all of your messages are compromised.

  • Freuks@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    I don’t understand why people blame Proton, instead of OPSEC. A company complies with law, won’t go to jail for you, what they are thinking ?

      • Freuks@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        They dont log by default, they log with a warrant, I guess. But still, hello, they are just companies, they don’t owe you nothing. You should all use anonymous services wich will close in fee weeks or months as it’s illegal to keep nothing

        • You999@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          They dont log by default, they log with a warrant, I guess. But still, hello, they are just companies, they don’t owe you nothing. You should all use anonymous services wich will close in fee weeks or months as it’s illegal to keep nothing

          If you look though my comment history you’ll see I’m a huge advocate for tor/I2P instead of VPNs

  • Staraven1@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Maybe also just consider any email insecure by default ? Like it’s fcking email, having privacy, let alone security or anonymity is just like trying to mod a skateboard into a secure highway vehicule imho