By the way, the earlier posted article https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain had an update starting at the paragraph with title Update: Statement from Proton and additional commentary
- SecurityPro ( @SecurityPro@lemmy.ml ) 60•5 months ago
“helped” is very misleading. Companies can’t refuse to provide information they have when served a search warrant / court order. These companies DID NOT choose to provide the info on their own.
- Otter ( @otter@lemmy.ca ) English18•5 months ago
Yep, which I think is why it’s more important to see what data is being collected and stored, rather than giving up data based on how trustworthy an entity seems
If the tool doesn’t collect or log the data to begin with, then there’s nothing that can be stolen/taken/demanded
The solution in this case might be for Proton (and the other companies) to list out risks and data collection information along the way.
We need X in order to do Y. Read more on how Y works. Now here are some risks, and how to avoid them:
“helped” is very misleading. Companies can’t refuse to provide information they have when served a search warrant / court order. These companies DID NOT choose to provide the info on their own.
You are suggesting all these companies are completely helpless against legal requests. That is not correct. A company should first make clear that the legal request is actually completely legitimate and correct. After that they can look at whether they should provide the information or not.
See the data here :
- SecurityPro ( @SecurityPro@lemmy.ml ) 31•5 months ago
As someone who has worked fraud and online investigations, and both written and served search warrants; it is not an option. A probable cause affidavit is presented to a judge and if the judge agrees there is sufficient probable cause, a search warrant is issued. This is an order by the judge and not optional. The judge can hold the company in contempt if they refuse to obey his/her order.
- brunchyvirus ( @brunchyvirus@fedia.io ) 10•5 months ago
There is a great talk from the Lavabit CEO who discusses what happened to him and his company when they found out Snowden had an email at his company. I won’t link it since it’s YouTube but it’s an hour long but he talks about his experience with the FBI and the courts. You can search for M3AAWG 2014 Keynote, I highly recommend it.
👍 Here’s a written piece from Lavabit founder : https://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email
- refalo ( @refalo@programming.dev ) 9•5 months ago
Are you suggesting they didn’t do those things? Good info either way.
Also there IS another alternative, the lavabit way… just go out of business /s
- helenslunch ( @helenslunch@feddit.nl ) 7•5 months ago
A company should first make clear that the legal request is actually completely legitimate and correct.
What makes you think they didn’t do that?
- helenslunch ( @helenslunch@feddit.nl ) 4•5 months ago
Yep, also using “requests” when they were not at all, they were demands.
- Lettuce eat lettuce ( @Lettuceeatlettuce@lemmy.ml ) 31•5 months ago
Obligatory reminder:
Email is not a secure medium! If you need truly secure and/or anonymous communications, DON’T USE EMAIL!
Use a platform/protocol designed from the ground up for those things!
- Upstream7564 ( @Upstream7564@discuss.tchncs.de ) 19•4 months ago
I think it’s not the services fault that people aren’t aware of the limits of encrypted services. They are not going to shut everythin’ down just for a few people, if you need smth anonymous Proton is not for you.
Also, it’s your task to have good opsec. If you give your iCloud email to Proton which has personal information sticked to it, your fault.
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) English9•5 months ago
if you need smth anonymous Proton is not for you.
Oh it is for you, but you have to be careful. Proton won’t try to find out info you didn’t give them, but they can’t pretend that they don’t have info that they actually have. They run an onion service, and account recovery is made possible without a recovery contact.
- EngineerGaming ( @EngineerGaming@feddit.nl ) 6•5 months ago
I do not blame Proton for complying with a request - it is a completely expected action from a company. However, I would blame them for advertising that makes them seem safer than they are for people who don’t know better.
- helenslunch ( @helenslunch@feddit.nl ) 2•5 months ago
I would blame them for advertising that makes them seem safer than they are
What kind of advertising are you referring to exactly?
- N0x0n ( @N0x0n@lemmy.ml ) 4•5 months ago
Imagine talking about opsec and iCloud in the same sentence 🫣🤭
- refalo ( @refalo@programming.dev ) 2•5 months ago
They are not going to shut everythin’ down just for a few people
Although lavabit did…
- Upstream7564 ( @Upstream7564@discuss.tchncs.de ) 5•5 months ago
You can’t compare Lavabit to Proton.
And you can’t compare urself to Edward Snowden.
- helenslunch ( @helenslunch@feddit.nl ) 2•5 months ago
if you need smth anonymous Proton is not for you.
I mean, there are better options, but you can also use Proton anonymously. Just have to use it appropriately. If you use it to send your name to the FBI, there ain’t nothin Proton can do about that. Same if you link a recovery email linked to a personal account.
- Schwim Dandy ( @schwim@lemm.ee ) 10•5 months ago
“Proton does not require a recovery address, but in this case the terror suspect added one on their own. We cannot encrypt this data as we need to be able to send an email to that address if the terror suspect wishes to initiate the recovery process,…"
I love that proton kept referring to the user as the “terror suspect” repeatedly so we would know they’re really the good guy here.
Exactly. What makes this a bit complicated and maybe interesting from a historical point of view is that this is about Spain. A country which has been very slow with removing some of the “relics” from the fascist Franco era (Franco died in 1975) and at the same time having regions that long for independence like Basque country and Catalunya (and the post topic is related to that, Catalunya aiming for independence). Since the Twin Towers attacks in 2001 the words “terror suspect” and “terrorists” have been used much more often (also by ordinary “normies” people that I knew) and maybe not always rightly so.
- Schwim Dandy ( @schwim@lemm.ee ) 2•5 months ago
Thanks very much for the clarification to the context, I really appreciate it as someone who had no idea.
You’re welcome.
- ryannathans ( @ryannathans@aussie.zone ) 3•5 months ago
Well it was anti terror laws that were invoked…
- AnAnonymous ( @AnAnonymous@lemm.ee ) 3•5 months ago
OpSec fail, never ever use any personal info when you are dealing with something you don’t want to be indentified for, it include obviously recovery emails, usernames and passwords.
- SolarPunker ( @SolarPunker@slrpnk.net ) 2•5 months ago
Do not trust companies.