- cross-posted to:
- privacyguides@lemmy.one
- hackernews@lemmy.smeargle.fans
seathru ( @seathru@lemmy.sdf.org ) English120•10 months agoNo company is going to legally go to bat for you for $10/mo. I love how Proton nonchalantly calls out the user’s dumb move in the article:
Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method. Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order…
Leraje ( @leraje@lemmy.blahaj.zone ) English32•10 months agoIt is worth noting though, that Proton doesn’t allow you to use certain domains for recovery addresses. Admittedly this was awhile ago and maybe things have changed there but when I first joined Proton they wouldn’t allow me to set a duck.com or simplelogin.com or addy.io address as a recovery email.
Obviously using an apple ID is stupid but Proton could make more of an effort too.
Canary9341 ( @Canary9341@lemmy.ml ) 25•10 months agoThey are actually quite aggressive about blocking disposable emails, most free services don’t work. I have used protonmail a few times for semi-disposable accounts that used disposable emails to sign up, and some of them were banned later.
/home/pineapplelover ( @pineapplelover@lemm.ee ) 3•10 months agoI actually set simplelogin as recovery lol
Railcar8095 ( @Railcar8095@lemm.ee ) 4•10 months agoSo they will ask proton again for the address where everything is being forwarded… Not a good plan.
It would be fun to daisy chain a bazillion emails, all forwarding to each other in circles and have the cops just call yahoo 20 times.
/home/pineapplelover ( @pineapplelover@lemm.ee ) 1•10 months agoBut all emails are encrypted so they can’t be read anyways.
Railcar8095 ( @Railcar8095@lemm.ee ) 6•10 months agoNo, only the ones on Proton. If you send or receive an email from outside, it’s unencrypted there.
But still, it’s little to no difference for law enforcement. They will get the real address and whichever little info Proton or the other provider has on you.
/home/pineapplelover ( @pineapplelover@lemm.ee ) 1•10 months agoAs far as I know, Simplelogin doesn’t store anything.
Railcar8095 ( @Railcar8095@lemm.ee ) 1•10 months agoNowhere they say to m that they can’t see what your final email address and they have your logging email too.
If you have a specific quote saying the opposite, please share
The Doctor ( @drwho@beehaw.org ) English8•10 months agoThing is, Protonmail has been telling people this from the very beginning. It’s like it gets rediscovered every year or so when somebody else gets busted.
azalty ( @azalty@jlai.lu ) 6•10 months agoProton does require a recovery email address if you sign up to a mail forwarding service or similar, right after creating the account. In that case the account remains locked if you don’t, so that’s just a lie
classic ( @classic@fedia.io ) 6•10 months agoWhat would be a more appropriate email address to use - or just no recovery email?
seathru ( @seathru@lemmy.sdf.org ) English17•10 months agoIt’s best for anonymity to not use one at all. Proton provides a recovery key to allow access to your account if you manage to lock yourself out. Keep that key somewhere safe/secure.
classic ( @classic@fedia.io ) 3•10 months agoThank you. Recovery key seems like a better route for sure
Zerush ( @Zerush@lemmy.ml ) 47•10 months agoLogically, any service, whether private or not, is required by law to reveal the user data they have, if there is a court order for a criminal investigation. Proton cannot refuse, if it does not want to face a complaint that could even lead to the closure of its service. That is, in this headline the “Proton Mail” can be replaced by any other email, host, chat, social network, VPN, Lemmy, it can occur in any of them. As said, read TOS and PP of what you use
umbrella ( @umbrella@lemmy.ml ) 2•10 months agoexcept they told users in the past that they dont have this informaion
Zerush ( @Zerush@lemmy.ml ) 10•10 months agoThey don’t have information about the content of the mails, but same as any other mail provider the account data and the IP, this is the data which they can provide to the police. The rest are informations from the ISP and from own investigations of the police itself. Because of this the title that “Proton discloses user data leading to arrest in Spain” is somewhat sensationalist.
Staraven1 ( @Staraven1@lemmy.blahaj.zone ) 33•10 months agoMaybe also just consider any email insecure by default ? Like it’s fcking email, having privacy, let alone security or anonymity is just like trying to mod a skateboard into a secure highway vehicule imho
Possibly linux ( @possiblylinux127@lemmy.zip ) English1•10 months agoIts more secure to use physical mail
crispy_kilt ( @crispy_kilt@feddit.de ) 28•10 months agoNot really news. Proton follows the law. If they get a Swiss court order they will comply.
If you want to do illegal (under Swiss law) things, proton won’t cover you.
Imprint9816 ( @Imprint9816@lemmy.dbzer0.com ) English25•10 months agoAnother case of a user with terrible opsec that proton will end up being blamed for.
lemmyreader ( @lemmyreader@lemmy.ml ) English15•10 months agoAll the commenters suggesting that Proton is just a company and would always give in to legal requests and all other companies and any email provider would do the same, here’s some more to add. Yesterday I saw a now invalid toot comment from ProtonPrivacy on Mastodon Social where they wrote that it was Apple who was to blame and that Proton gave the recovery email address only because this was a case of a terrorism suspect suggesting that if that (terrorism) was not the case they would not have given in to the request. Today their comment sadly gives a 404 error. Searching a bit further this article comes up mentioning Proton and Wire :
In the new resolution, the National Audience judge recalls that in January, in a judicial report he issued on the case, he highlighted a conversation from July 12th and 13th, 2020, about the king’s visits, which was included in the Tsunami investigative evidence, and of which he admits that until that point he had not made reference in his investigation which extends over the period from 2016 to 2022. Specifically, one of the people under investigation, the Girona businessperson Josep Campmajó, spoke to the figure named Xuxu Rondinaire, with profile @marietadelulllviu, about mobilizations in 2019, using the Wire messenger app. The judge has asked for the identification of this person, information now obtained by the Civil Guard, which details that they used Europol to ask the Swiss authorities for the Wire firm to identify the person behind this pseudonym, with a profile that is also used in Proton Mail, an encrypted email system. In the police cooperation form requesting the information, the Spanish officers indicate to the Swiss authorities that the investigation is for the crime of terrorism.
Proton ( @protonprivacy@mastodon.social ) 17•10 months ago@lemmyreader Yes, the name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can’t decrypt data, but in terror cases Swiss courts can obtain recovery email.
Chaotic Entropy ( @ChaoticEntropy@feddit.uk ) English13•10 months agoProton is a service provider, not your confederate.
bufalo1973 ( @bufalo1973@lemmy.ml ) 10•10 months agoProton should look who was asking the disclosure. He’s a known far-right judge that opens cases like beer cans. And the “terrorist” group is marked as such because someone had a heart attack the same day there were protests in Catalonia.
Ricky Rigatoni 🇺🇸 ( @rickyrigatoni@lemm.ee ) 1•10 months agoWas the heart attacked even in catalonia?
bufalo1973 ( @bufalo1973@lemmy.ml ) 1•10 months agoIn Barcelona IIRC. Taking a flight (also IIRC)
Ricky Rigatoni 🇺🇸 ( @rickyrigatoni@lemm.ee ) 2•10 months agoGovernments do the dumbest mental gymnastics to mark groups and individuals as undesireables.
darkphotonstudio ( @darkphotonstudio@beehaw.org ) 7•10 months agoThat was a short honeymoon.
Napain ( @Napain@lemmy.ml ) 5•10 months agoproton is untrustable
Possibly linux ( @possiblylinux127@lemmy.zip ) English3•10 months agoEmail is untrustable
Reawake9179 ( @Reawake9179@lemmy.kde.social ) 2•10 months agoThis is the second time, somehow people still defend them.
Chaotic Entropy ( @ChaoticEntropy@feddit.uk ) English11•10 months agoThis isn’t the second time, Proton complies with Swiss law regularly.
Reawake9179 ( @Reawake9179@lemmy.kde.social ) 1•10 months agoWow that makes it much better.
Chaotic Entropy ( @ChaoticEntropy@feddit.uk ) English2•10 months agoIt remains standard operating procedure for any law abiding company, and it benefits no one to pretend that it isn’t.
KillingTimeItself ( @KillingTimeItself@lemmy.dbzer0.com ) English2•10 months agoi fucking knew it.