BingBong@sh.itjust.works
on 22 Dec 2025 15:44
nextcollapse
Without a link to the report or any other justification information this reads like a hit piece. The other important item to understand is what information actually could be released.
As much as I dunk on proton for their CEOs idiocy and lack of Linux support, I also push for accuracy and infographics are dangerous in that space.
I’ll see if I can link the relevant info once I get home and am not on a phone anymore.
cmc@lemmy.cleberg.net
on 22 Dec 2025 16:00
nextcollapse
The data they can hand is your acc creation information and which IP accessed the email. They can’t hand email content because of zero knowledge encryption, and they can’t hand VPN traffic because it’s not logged and they can’t be forced to log it. protonvpn.com/support/no-logs-vpn/
upstroke4448@lemmy.dbzer0.com
on 22 Dec 2025 16:13
nextcollapse
Stunner legal entity follows the law…
Fellas your VPN is not going to break the law for you.
Yep. That’s why when shopping for services, more weight should be put on what data they retain. It doesn’t matter if they comply with laws in the country they operate in if they have no data to hand over.
Tenderizer78@lemmy.ml
on 23 Dec 2025 00:30
collapse
I believe Australian laws state that if the government requests your data and they can’t hand it over, they’re required to build a method to track you. So practically speaking if you want true privacy you’d need to use the Tor network.
manuallybreathing@lemmy.ml
on 24 Dec 2025 09:50
collapse
Australian states are working on laws to impose fines on companies that don’t provide data in cases of ‘vilification’, under the pretense of catching ‘anonymous nazis’ or whatever. We’re cooked
Also if you call someone a nazi here, they sue you for defamation
vermaterc@lemmy.ml
on 22 Dec 2025 17:16
nextcollapse
I’m using Proton for privacy, not anonymity. I’ve literally put my name and surname in my email address. I don’t care if someone knows that me is me.
But I do care that no one is reading and/or automatically processing my mails.
ScoffingLizard@lemmy.dbzer0.com
on 22 Dec 2025 18:44
collapse
Same. My real name is on mine too. Everything you give an email to that isn’t Google is one more piece of data Google doesn’t have presumably. If those corrupt bastards collect the aggregate anyways, that still costs them money. If it’s automated, guess what? Aggregating our data still costs money, and data centers are expensive to maintain. Every little but matters.
vhstape@lemmy.sdf.org
on 22 Dec 2025 17:27
nextcollapse
Proton’s privacy policies state that they retain unencrypted metadata (addresses, timestamps, etc.) which are required to provide the service. This information may be disclosed to law enforcement. However, the actual content in your account is largely end-to-end encrypted. Law enforcement might request it, but without the keys to decrypt it they won’t be able to read your data.
Metadata tracking should be very concerning to anyone who cares about privacy because it inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out a network of relations is incredibly valuable. An intelligence agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand. So, in a twisted way, tools for private conversations that share their metadata with third parties, are perfect machines for mapping associations and identifying targets such as political dissidents.
ScoffingLizard@lemmy.dbzer0.com
on 22 Dec 2025 18:33
nextcollapse
My threat model is not mostly concerned with gov. That could change but anyb way we can make it harder and more expensive or to take data or just created competition for Google is start in the correct direction. Just don’t do anything important on Proton.
Right, understanding what your threat model is important. Then you can make a conscious choice regarding the trade offs of using a particular service, and you understand what your risks are.
vhstape@lemmy.sdf.org
on 22 Dec 2025 22:41
nextcollapse
I don’t disagree with you, but sending and receiving emails requires transmission of unencrypted metadata. There’s no easy way around it
Honestly, I suspect it makes very little difference in practice which one you’re using if you’re going to communicate with people outside Proton. If I use Gmail, and you send me an email from your Proton account, guess what happens.
ArcaneSlime@lemmy.dbzer0.com
on 22 Dec 2025 22:57
nextcollapse
Tbf I’m unaware of a messaging service be it chat or email or whatever that leaks no metadata, afaik they all kind of have to by nature of needing to know at least where the message is supposed to go, if not where it came from, too.
Like, if Bob messages Lisa, the service has to at least know to deliver the message to lisa, even if it didn’t also that it’s from Bob.
If you know of one I’m curious though!
manuallybreathing@lemmy.ml
on 24 Dec 2025 09:52
nextcollapse
The yanks were drone striking people in Iraq and Afganistan based on who was calling who, I’m certain they still do this kind of thing too. Your uncle’s an important guy and he calls you for your birthday? kablamo
protogen420@lemmy.blahaj.zone
on 24 Dec 2025 13:43
collapse
with email, the meta data leaking is at the protocol level, email is comically insecure and no matter funny encryption you do with pgp the protocol itself will leak data, and Proton’s advertisments as a secure private email provider are misleading in a fundemental level thanks to this, I do not see how any email provider could fix this other than making a whole new standard for an email-like protocol
email is a legacy tool that needs to be phased out and a sane better replacement has to be made, untill that there is little to no hope to not leaking email metadata to some degree since email is effectively required to create accounts in most web services
yup email is just fundamentally not the right tool for this
libre_warrior@lemmy.ml
on 22 Dec 2025 23:20
nextcollapse
I have started using message.casa.
hexagonwin@lemmy.sdf.org
on 23 Dec 2025 03:11
nextcollapse
Wasn’t their whole marketing point that they’ll have nothing meaningful to give out since everything’s properly E2E encrypted? Not sure how much the compliance rate matters when the provided data is useless. (They would need to comply in order to remain legally operating…)
gravitas@pie.gravitywell.xyz
on 23 Dec 2025 03:40
nextcollapse
No business is going to violate court orders on behalf of their users. What people need to learn is to not use the same provider for everything, vpn and email especially should be on different services.
cl4p_tp@lemmy.dbzer0.com
on 23 Dec 2025 04:42
nextcollapse
I don’t get why people think that any company for that matter would go to jail for a random dude online. They do hand over metadata and everything else is encrypted. Not even Proton can access that data. When served with a court order they have to hand it over. Now if it were GMail, they’d probably make a collage with your pics and share them. That’s the difference.
cl4p_tp@lemmy.dbzer0.com
on 24 Dec 2025 14:12
collapse
Basically comparing apples to oranges. Mullvad just does one thing or maybe two if you include the browser. Proton operates on a different scale. There’s going to be some data generated if you expect to use the whole suite without running into issues. I’ll accept your argument when mullvad operates on a similar scale with the same opsec.
I’m not buying ‘they need data cos they offer more products’. The companies have made different choices in how they build their software.
cassandrafatigue@lemmy.dbzer0.com
on 31 Dec 2025 07:28
collapse
Yeah but why would I pay for it?
cl4p_tp@lemmy.dbzer0.com
on 31 Dec 2025 08:09
collapse
Because, running such services costs money. And this is not a charitable organisation. GMail does this for free because they’re making money off of you with ads and by selling your data.
I really don’t get why this is so difficult to understand.
Would you run a cafe offering free coffee?
cassandrafatigue@lemmy.dbzer0.com
on 31 Dec 09:16
collapse
cafe offering free coffee
I actually did something pretty similar for a year or so, and I expect my reasons would be incomprehensible to you.
Everybody has their reasons and it doesn’t have to make sense to anyone else especially to a random person online like me. But just out of curiosity, what were you doing? If you don’t mind sharing it.
cassandrafatigue@lemmy.dbzer0.com
on 31 Dec 18:39
collapse
It was a little more involved, and it’s too identifiable.
Well if you can’t mention it, then there’s no debate.
cassandrafatigue@lemmy.dbzer0.com
on 01 Jan 06:02
collapse
I don’t want a debate; I’m just telling you you’re wrong, something very close to that and more involved does exist, I personally have executed on it, and you almost certainly wouldn’t understand why I did it.
So you are wrong, the world is bigger than you think, and the example of what you thought was hyperbole is a thing someone who randomly saw your Lemmy comment had basically done before.
And that you have a poor grasp of what motivates people.
Lol. It’s really difficult to take anything you say seriously anymore because you claim to have figured out everything about someone online with just a few sentences, basically classifying you along the lines of a troll. So I hope you succeed in your ventures and wish you a very happy new year.
cassandrafatigue@lemmy.dbzer0.com
on 01 Jan 06:44
collapse
I’m saying your horizons are too close and people, even insufferable assholes, are better than you apparently believe possible.
NGC2346@sh.itjust.works
on 23 Dec 2025 22:05
nextcollapse
Any way to know if we are among the 32k+ disclosed users ?
If they sold it to the government then I want my cut of the name money, if I’m on that list. If every piece of crap business/corporation is requiring me to give my name and then sells my name, I deserve at least 50% of that dosh! Class action anyone?
threaded - newest
Without a link to the report or any other justification information this reads like a hit piece. The other important item to understand is what information actually could be released.
As much as I dunk on proton for their CEOs idiocy and lack of Linux support, I also push for accuracy and infographics are dangerous in that space.
I’ll see if I can link the relevant info once I get home and am not on a phone anymore.
The link is at the top of the image: proton.me/legal/transparency
The data they can hand is your acc creation information and which IP accessed the email. They can’t hand email content because of zero knowledge encryption, and they can’t hand VPN traffic because it’s not logged and they can’t be forced to log it. protonvpn.com/support/no-logs-vpn/
Stunner legal entity follows the law…
Fellas your VPN is not going to break the law for you.
Yep. That’s why when shopping for services, more weight should be put on what data they retain. It doesn’t matter if they comply with laws in the country they operate in if they have no data to hand over.
I believe Australian laws state that if the government requests your data and they can’t hand it over, they’re required to build a method to track you. So practically speaking if you want true privacy you’d need to use the Tor network.
Australian states are working on laws to impose fines on companies that don’t provide data in cases of ‘vilification’, under the pretense of catching ‘anonymous nazis’ or whatever. We’re cooked
Also if you call someone a nazi here, they sue you for defamation
I’m using Proton for privacy, not anonymity. I’ve literally put my name and surname in my email address. I don’t care if someone knows that me is me.
But I do care that no one is reading and/or automatically processing my mails.
Same. My real name is on mine too. Everything you give an email to that isn’t Google is one more piece of data Google doesn’t have presumably. If those corrupt bastards collect the aggregate anyways, that still costs them money. If it’s automated, guess what? Aggregating our data still costs money, and data centers are expensive to maintain. Every little but matters.
Proton’s privacy policies state that they retain unencrypted metadata (addresses, timestamps, etc.) which are required to provide the service. This information may be disclosed to law enforcement. However, the actual content in your account is largely end-to-end encrypted. Law enforcement might request it, but without the keys to decrypt it they won’t be able to read your data.
Metadata tracking should be very concerning to anyone who cares about privacy because it inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out a network of relations is incredibly valuable. An intelligence agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand. So, in a twisted way, tools for private conversations that share their metadata with third parties, are perfect machines for mapping associations and identifying targets such as political dissidents.
My threat model is not mostly concerned with gov. That could change but anyb way we can make it harder and more expensive or to take data or just created competition for Google is start in the correct direction. Just don’t do anything important on Proton.
Right, understanding what your threat model is important. Then you can make a conscious choice regarding the trade offs of using a particular service, and you understand what your risks are.
I don’t disagree with you, but sending and receiving emails requires transmission of unencrypted metadata. There’s no easy way around it
Right, which really suggests that email is not the right medium if you want genuine privacy.
Okay, but people still need emails for basic services and accounts, so would you rather them use Gmail or Proton?
Like duh don’t email your mom with a detailed plan on how you’re gonna do a terrorist attack. Crazy idea, I know.
Honestly, I suspect it makes very little difference in practice which one you’re using if you’re going to communicate with people outside Proton. If I use Gmail, and you send me an email from your Proton account, guess what happens.
Tbf I’m unaware of a messaging service be it chat or email or whatever that leaks no metadata, afaik they all kind of have to by nature of needing to know at least where the message is supposed to go, if not where it came from, too.
Like, if Bob messages Lisa, the service has to at least know to deliver the message to lisa, even if it didn’t also that it’s from Bob.
If you know of one I’m curious though!
The yanks were drone striking people in Iraq and Afganistan based on who was calling who, I’m certain they still do this kind of thing too. Your uncle’s an important guy and he calls you for your birthday? kablamo
exactly
with email, the meta data leaking is at the protocol level, email is comically insecure and no matter funny encryption you do with pgp the protocol itself will leak data, and Proton’s advertisments as a secure private email provider are misleading in a fundemental level thanks to this, I do not see how any email provider could fix this other than making a whole new standard for an email-like protocol
email is a legacy tool that needs to be phased out and a sane better replacement has to be made, untill that there is little to no hope to not leaking email metadata to some degree since email is effectively required to create accounts in most web services
yup email is just fundamentally not the right tool for this
I have started using message.casa.
Wasn’t their whole marketing point that they’ll have nothing meaningful to give out since everything’s properly E2E encrypted? Not sure how much the compliance rate matters when the provided data is useless. (They would need to comply in order to remain legally operating…)
No business is going to violate court orders on behalf of their users. What people need to learn is to not use the same provider for everything, vpn and email especially should be on different services.
I don’t get why people think that any company for that matter would go to jail for a random dude online. They do hand over metadata and everything else is encrypted. Not even Proton can access that data. When served with a court order they have to hand it over. Now if it were GMail, they’d probably make a collage with your pics and share them. That’s the difference.
Don’t collect data and there’s nothing to handover mullvad.net/…/mullvad-vpn-was-subject-to-a-search…
Basically comparing apples to oranges. Mullvad just does one thing or maybe two if you include the browser. Proton operates on a different scale. There’s going to be some data generated if you expect to use the whole suite without running into issues. I’ll accept your argument when mullvad operates on a similar scale with the same opsec.
I’m not buying ‘they need data cos they offer more products’. The companies have made different choices in how they build their software.
Yeah but why would I pay for it?
Because, running such services costs money. And this is not a charitable organisation. GMail does this for free because they’re making money off of you with ads and by selling your data.
I really don’t get why this is so difficult to understand. Would you run a cafe offering free coffee?
I actually did something pretty similar for a year or so, and I expect my reasons would be incomprehensible to you.
Everybody has their reasons and it doesn’t have to make sense to anyone else especially to a random person online like me. But just out of curiosity, what were you doing? If you don’t mind sharing it.
It was a little more involved, and it’s too identifiable.
Well if you can’t mention it, then there’s no debate.
I don’t want a debate; I’m just telling you you’re wrong, something very close to that and more involved does exist, I personally have executed on it, and you almost certainly wouldn’t understand why I did it.
So you are wrong, the world is bigger than you think, and the example of what you thought was hyperbole is a thing someone who randomly saw your Lemmy comment had basically done before.
And that you have a poor grasp of what motivates people.
Lol. It’s really difficult to take anything you say seriously anymore because you claim to have figured out everything about someone online with just a few sentences, basically classifying you along the lines of a troll. So I hope you succeed in your ventures and wish you a very happy new year.
I’m saying your horizons are too close and people, even insufferable assholes, are better than you apparently believe possible.
Any way to know if we are among the 32k+ disclosed users ?
If they sold it to the government then I want my cut of the name money, if I’m on that list. If every piece of crap business/corporation is requiring me to give my name and then sells my name, I deserve at least 50% of that dosh! Class action anyone?