a.x61.sh

Privacy-Focused Proton Mail Aids FBI in Uncovering ‘Stop Cop City’ Protester’s True Identity (www.gadgetreview.com)
from StopTech@lemmy.today to privacy@lemmy.ml on 09 Mar 16:44
https://lemmy.today/post/48999632

cross-posted from: lemmy.zip/post/60387352

cross-posted from : lemmy.zip/post/60387297

Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.

#privacy

threaded - newest

pressedhams@lemmy.blahaj.zone on 09 Mar 17:07 next collapse

Oh so not privacy focused at all.

slevinkelevra@sh.itjust.works on 09 Mar 17:10 next collapse

They could have used a private payment method. Not saying it’s ok what happened, but they gotta comply with the local laws.

atropa@piefed.social on 09 Mar 17:19 next collapse

You want privacy ,go offgrid and pay cash for email provider ,never use a creditcard

atrielienz@lemmy.world on 09 Mar 18:24 next collapse

Privacy ≠ Anonymity.

They are not the same thing, and proton are very transparent about what they will and won’t do in this regard.

tastemyglaive@lemmy.ml on 10 Mar 03:26 collapse

I have no idea why anyone would even trust a company that passes off email as secure. That’s just not the way it was designed.

gravitas@lem.ugh.im on 09 Mar 17:12 next collapse

Im not a fan of proton, but this trend of blaming corps for individuals poor opsec (paying with a method linked to their real identity) is pretty lame.

Do people using these services actually expect a corporation to break laws or violate court orders on behalf of their users?

Proton regularly releases very clear info about how often they comply with legal orders, this isnt a secret and its certainly not protons fault that activists had poor opsec.

tastemyglaive@lemmy.ml on 10 Mar 03:22 collapse

It’s not something you can avoid by simply not using a credit card. Proton can, at their discretion (such as if you use VPNs outside the imperial core, in which case it happens reliably and instantly) lock you out of your entire account to demand a phone number. Vanishingly small % of people will not have their personal identity exposed by cell data & be ready to deal with losing their account on short notice. It’s the same shady tactic that Discord uses to get phone numbers from reluctant people and it should not be tolerated.

voxel@feddit.uk on 10 Mar 13:24 collapse

It is probably illegal depending on your jurisdiction and Swiss laws.

orca@orcas.enjoying.yachts on 09 Mar 17:39 next collapse

Proton handed over the info to the Swiss government under a specific law. The Swiss government then turned around and readily handed over that info to the FBI without telling Proton that’s what was going to happen.

It doesn’t make anyone innocent here. Just adding that for clarity because this headline I keep seeing is not correct.

64bithero@lemmy.world on 09 Mar 17:53 next collapse

Morality / Deepstate convos aside. I personally I can’t really fault proton on here. They are the only public provider I’ve seen with 0 tracking across any of their apps.

What they provided was payment info.

0x0@lemmy.zip on 09 Mar 19:11 collapse

Better than Tuta?

tastemyglaive@lemmy.ml on 10 Mar 03:23 collapse

Nope and Tuta doesn’t want phone numbers. I recommend it for quick stuff. They clearly track IPs but that’s easy to work around.

emotional_soup_88@programming.dev on 09 Mar 19:22 next collapse

In addition to what @gravitas@lem.ugh.im said, as long as any third party is involved in the handling of PII, there should be no expectation of privacy whatsoever. For instance, I use Mullvad VPN, but that is as much a political/ideological statement to me as it is but one countermeasure against malicious actors in a very complex cyber environment. I could go on about how Mullvad has proven over and over - through third party audits and through actual incident response - that they have zero data to hand over to the authorities. But I won’t, because that’s not the point here. The point is: if I was involved in something that made me interesting to the authorities in any capacity, putting my trust, privacy, security and life in the hands of one company would not be the way to go about it. Not even in Mullvad, which I otherwise use.

Good OpSec is not about relying on technical solutions. It’s about real-world threat modeling, assessment, having three backup plans and careful execution.

Is it morally questionable for Proton to cooperate with the authorities going after activists? Yes. Should there be any expectation of privacy and/or security from the end user’s point of view? No.

Manage your expectations and scheme accordingly.

tastemyglaive@lemmy.ml on 10 Mar 03:24 collapse

I think we can guess how little we ought to trust Mullvad by looking at its server list. They have Israel, the Baltic Israels, and the Asian Israels. Egregiously obvious.

hellfire103@lemmy.ca on 10 Mar 03:19 collapse

No email provider will go to court for you for €3.99 per month.

From the start of the article:

Key Takeaways

Proton Mail shared payment data with FBI through Swiss authorities via legal treaty

Credit card payments eliminate anonymity despite encrypted email content remaining secure

Third known disclosure reveals pattern of Swiss legal compliance over privacy promises