- cross-posted to:
- privacyguides@lemmy.one
- hackernews@lemmy.smeargle.fans
You must log in or register to comment.
No company is going to legally go to bat for you for $10/mo. I love how Proton nonchalantly calls out the user’s dumb move in the article:
Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method. Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order…
It is worth noting though, that Proton doesn’t allow you to use certain domains for recovery addresses. Admittedly this was awhile ago and maybe things have changed there but when I first joined Proton they wouldn’t allow me to set a duck.com or simplelogin.com or addy.io address as a recovery email.
Obviously using an apple ID is stupid but Proton could make more of an effort too.
They are actually quite aggressive about blocking disposable emails, most free services don’t work. I have used protonmail a few times for semi-disposable accounts that used disposable emails to sign up, and some of them were banned later.
I actually set simplelogin as recovery lol
So they will ask proton again for the address where everything is being forwarded… Not a good plan.
It would be fun to daisy chain a bazillion emails, all forwarding to each other in circles and have the cops just call yahoo 20 times.
But all emails are encrypted so they can’t be read anyways.
No, only the ones on Proton. If you send or receive an email from outside, it’s unencrypted there.
But still, it’s little to no difference for law enforcement. They will get the real address and whichever little info Proton or the other provider has on you.
As far as I know, Simplelogin doesn’t store anything.
Nowhere they say to m that they can’t see what your final email address and they have your logging email too.
If you have a specific quote saying the opposite, please share
Thing is, Protonmail has been telling people this from the very beginning. It’s like it gets rediscovered every year or so when somebody else gets busted.
Proton does require a recovery email address if you sign up to a mail forwarding service or similar, right after creating the account. In that case the account remains locked if you don’t, so that’s just a lie
What would be a more appropriate email address to use - or just no recovery email?
It’s best for anonymity to not use one at all. Proton provides a recovery key to allow access to your account if you manage to lock yourself out. Keep that key somewhere safe/secure.
Thank you. Recovery key seems like a better route for sure
Logically, any service, whether private or not, is required by law to reveal the user data they have, if there is a court order for a criminal investigation. Proton cannot refuse, if it does not want to face a complaint that could even lead to the closure of its service. That is, in this headline the “Proton Mail” can be replaced by any other email, host, chat, social network, VPN, Lemmy, it can occur in any of them. As said, read TOS and PP of what you use
except they told users in the past that they dont have this informaion
They don’t have information about the content of the mails, but same as any other mail provider the account data and the IP, this is the data which they can provide to the police. The rest are informations from the ISP and from own investigations of the police itself. Because of this the title that “Proton discloses user data leading to arrest in Spain” is somewhat sensationalist.
Maybe also just consider any email insecure by default ? Like it’s fcking email, having privacy, let alone security or anonymity is just like trying to mod a skateboard into a secure highway vehicule imho
Its more secure to use physical mail
Not really news. Proton follows the law. If they get a Swiss court order they will comply.
If you want to do illegal (under Swiss law) things, proton won’t cover you.
Another case of a user with terrible opsec that proton will end up being blamed for.
All the commenters suggesting that Proton is just a company and would always give in to legal requests and all other companies and any email provider would do the same, here’s some more to add. Yesterday I saw a now invalid toot comment from ProtonPrivacy on Mastodon Social where they wrote that it was Apple who was to blame and that Proton gave the recovery email address only because this was a case of a terrorism suspect suggesting that if that (terrorism) was not the case they would not have given in to the request. Today their comment sadly gives a 404 error. Searching a bit further this article comes up mentioning Proton and Wire :
In the new resolution, the National Audience judge recalls that in January, in a judicial report he issued on the case, he highlighted a conversation from July 12th and 13th, 2020, about the king’s visits, which was included in the Tsunami investigative evidence, and of which he admits that until that point he had not made reference in his investigation which extends over the period from 2016 to 2022. Specifically, one of the people under investigation, the Girona businessperson Josep Campmajó, spoke to the figure named Xuxu Rondinaire, with profile @marietadelulllviu, about mobilizations in 2019, using the Wire messenger app. The judge has asked for the identification of this person, information now obtained by the Civil Guard, which details that they used Europol to ask the Swiss authorities for the Wire firm to identify the person behind this pseudonym, with a profile that is also used in Proton Mail, an encrypted email system. In the police cooperation form requesting the information, the Spanish officers indicate to the Swiss authorities that the investigation is for the crime of terrorism.
@lemmyreader Yes, the name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can’t decrypt data, but in terror cases Swiss courts can obtain recovery email.
Proton is a service provider, not your confederate.
Proton should look who was asking the disclosure. He’s a known far-right judge that opens cases like beer cans. And the “terrorist” group is marked as such because someone had a heart attack the same day there were protests in Catalonia.
Was the heart attacked even in catalonia?
In Barcelona IIRC. Taking a flight (also IIRC)
Governments do the dumbest mental gymnastics to mark groups and individuals as undesireables.
That was a short honeymoon.
proton is untrustable
Email is untrustable
This is the second time, somehow people still defend them.
This isn’t the second time, Proton complies with Swiss law regularly.
Wow that makes it much better.
It remains standard operating procedure for any law abiding company, and it benefits no one to pretend that it isn’t.
i fucking knew it.