ProtonMail provides information used to identify email owner... : privacy

[-] Charger8232@lemmy.ml 215 points 1 month ago* (last edited 1 month ago)

Proton was legally ordered by the Swiss justice department to hand over the (severely limited) information about a law breaking organization's account. They had paid for Proton using a credit card instead of the anonymous payment methods Proton offers, and that is what Proton was forced to hand over. It was the organization's bad OpSec, not Proton willingly deanonymizing users.

[-] LytiaNP@lemmy.today 59 points 1 month ago

Hopefully people like you will be able to nip this in the bud before yet another joke of a controversy starts...

[-] NuXCOM_90Percent@lemmy.zip 56 points 1 month ago* (last edited 1 month ago)

You must be new here...

On the one hand, I really like how often Proton's shortcomings are highlighted. This SHOULD be a wake up call that you should never rely on a company to protect you and should instead focus on what you can do to ptorect yourself. And Proton... actually are pretty good in that regard. Connect from a burner/live image computer over public wifi using tor (or something similar) and their free accounts are STILL the gold standard for journalism and whistleblowers.

But the problem is that people are stupid and lazy (and many outlets actively benefit from "Eww, proton is bad. If only they had paid for NordVPN to really protect them from the FBI! ~Note, NordVPN provides no guarantees of protection~ ". So we just get stupidity.

[-] Charger8232@lemmy.ml 27 points 1 month ago

OP's title certainly doesn't help.

load more comments (3 replies)

[-] GreenShimada@lemmy.world 20 points 1 month ago* (last edited 1 month ago)

Really, this headline should be "Organization so poorly organized that they messed up having high-security email."

[-] halcyoncmdr@piefed.social 17 points 1 month ago

Not at all. Proton doesn't require any personal info at all. But if you pay with a credit card... That has your personal info tied to it. It's their fuck up paying with a credit card. Proton accepts other payment methods that aren't tied to your identity.

Proton is required by law to provide information they have when the courts say so.

[-] toynbee@piefed.social 8 points 1 month ago

So I'm not a criminal organization as far as I know, but if I did pay with a credit card originally can that be rectified without deleting and starting over?

[-] AmbitiousProcess@piefed.social 8 points 1 month ago

Proton uses Chargebee for payments, which has its own data retention policy of essentially "as long as we want to", but Proton does themselves keep limited data like the billing name, and last 4 digits.

Proton's privacy policy says nothing about a pre-set time delay after which they'd delete that data. They only claim that they "reserve our right" to remove your payment information if they think it's no longer valid. So theoretically, that might mean if your card's expiry date has passed, but that's not a confirmation.

The best way to reliably make sure Proton wouldn't have any info on you is to not have ever tied any real information about yourself or your payment info to that account.

load more comments (1 replies)

load more comments (3 replies)

[-] aldrik@oc.todon.fr 7 points 1 month ago

@Charger8232 @jrcruciani The bug is between keyboard and chair. It is always a problem to use crédit card.

load more comments (17 replies)

[-] JustEnoughDucks@feddit.nl 5 points 1 month ago

Yeah, I am no fan of proton and they have lied before (no log VPN logs magically finding logs for authorities and then later removing the no-log claim).

But this is literally just proton being legally compelled to hand over data the user willingly gave (not being harvested or de-encrypted). A nothing story.

load more comments (1 replies)

[-] North@lemmy.org 29 points 1 month ago* (last edited 1 month ago)

Some people in the comment section are really dumb switching to other alternatives thinking that Proton isn't trustworthy because they gave the information despite the organisation not using anonymous currency. What's ironic is that some of these people are switching to those alternatives where you can't even use anonymous currency.

Also, kind of a clickbait title.

[-] Innerworld@lemmy.world 21 points 1 month ago

Proton's response

[+] Ghostie@lemmy.zip 20 points 1 month ago* (last edited 2 weeks ago)

[deleted]

[-] geneva_convenience@lemmy.ml 11 points 1 month ago

Proton did some PR for Trump a while ago that didn't get them on everyones good side.

[-] pineapplelover@lemmy.dbzer0.com 5 points 1 month ago

Not this again...

For one, it was Andy Yen, posting on his personal rather than from Proton's account.

Second, if you follow the money, Andy Yen and Proton donates a lot of money to liberal organizations. They also campaign for Democrats actually.

The downfall of this is all because he thought Gail Slater would be a good pick and the entirety of the privacy community thought he undid all of his privacy advocacy and foundation overnight.

https://scribe.rip/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e

load more comments (1 replies)

load more comments (6 replies)

[-] jjlinux@lemmy.zip 18 points 1 month ago

They gave payment data to the authorities, because, guess what, they HAVE to provide whatever is subpoenaed. Did they provide emails, IP addresses? Doesn't say any of that. There's the option of paying with crypto, but the imbeciles that know they are going to be at risk of being found, paid with a credit or debit card.

404 media is more of the same sensationalism laden bullshit out there. Make a fucking Strom out of a drop of water.

[-] quick_snail@feddit.nl 10 points 1 month ago

Use monero.

[-] glitching@lemmy.ml 7 points 1 month ago* (last edited 1 month ago)

article in case you can't read it: ~~lemmy.ml/post/44086795~~ edit: better link in a reply.

proton coulda put up a fight, a loud one, for optics sake if nothing else. rolling over on any (and by implication, all) request should be the last straw in their long line of snafus; by way of "death by a thousand cuts", I would never entrust them with anything of importance.

signal demonstrated that you could decouple payment info from user data and a shop that touts the privacy part of their offerings coulda at least mimic such a thing.

edit 2: fuck any and all pay-with-crypto shills and the horse they rode in on.

[-] cypherpunks@lemmy.ml 5 points 1 month ago

article in case you can’t read it: https://lemmy.ml/post/44086795

that link only has two paragraphs of the article; there are 8 more in the full article here on archive.org

load more comments (5 replies)

[-] hamid@crazypeople.online 7 points 1 month ago

ITT people who believe you have to comply with government orders and call themselves anarchists

[-] BigTuffAl@lemmy.zip 7 points 1 month ago

just really sad to call yourself a privacy company and then feed your customer to the gestapo

people can end up as embarrassing footnotes in history a number of different ways, but being a dishonest coward company in the privacy sphere is basically speedrunning it

[-] hackitfast@lemmy.world 7 points 1 month ago

I never trusted ProtonMail. Right when you sign up, you're constantly bombarded with advertisements to upgrade to pro. They're plastered everywhere with obnoxious banners.

I get that they're a business and they need money to operate, but the ads are so obnoxiously "in your face" that in my mind their priority isn't your privacy, it's your money.

Tutamail is the better service.

[-] Scrollone@feddit.it 5 points 1 month ago

Plus, the owner of Proton said that Trump also did good things.

That was the straw that broke the camel's back.

load more comments (2 replies)

[-] quick_snail@feddit.nl 6 points 1 month ago

They have a .onion site. Use it always.

[-] OccasionallyFeralya@lemmy.ml 8 points 1 month ago

And don’t pay with a credit card if you’re committing crimes lmao

[-] Doomsider@lemmy.world 4 points 1 month ago* (last edited 1 month ago)

Oh boy, their man fawning over Trump is aging like fine milk.

Proton the company that prides itself protecting privacy when it is literally the law of the country they are in. It is like a cabby advertising that they have license and insurance.

[-] redpulpo@lemmy.world 4 points 1 month ago

Protón don’t promise anonymity If you use your credit card to pay protón services. Maybe he has to learn more about OPSEC. 🤷‍♂️

[-] Doomsider@lemmy.world 4 points 1 month ago

Please, using crypto alone isn't going to do shit. The barrier to entry for truly anonymous usage is not something most people will ever accomplish.

Privacy is effectively dead but yet we have a company trying to advertise about it. Proton has always been marketing garbage meant to attract people's money.

Garbage company with no ethics other than taking care of their pocket book.

[-] redpulpo@lemmy.world 5 points 1 month ago

You’re mixing up privacy and anonymity. Encryption alone doesn’t make you anonymous — that’s true — but Proton never claimed it would. Their promise is that email content is end-to-end encrypted, which is why they can’t hand over the messages themselves.

In the case reported by 404 Media, the identification came from payment information, not from breaking encryption. If you pay with a credit card, your identity is already tied to the account. That would happen with any service under a legal jurisdiction.

The real takeaway isn’t that Proton is “garbage”, it’s that most people misunderstand what encryption actually protects.

load more comments (12 replies)

Privacy

A place to discuss privacy and freedom in the digital world.

Some Rules

Related communities