Also, proton didn’t hand anything to the FBI, they got served by the swiss government and gave it them… Which might be a technicality, but they do not hand out information to foreign agencies
Comment on let's kill proton mail
stoy@lemmy.zip 1 day ago
I saw a post about this earlier, it is a nothingburger.
The user in question paid for his account with a personal credit card, he didn’t use an anonymous payment alternative which are available.
Proton has stated that they will comply with law enforcement requests, but are working to maintain as few logs as possible.
This is an opsec failure on the user’s side.
This is not Proton handing IDs of their customers to the government on a silver platter, this is their customer not understanding the service they use.
tuhriel@discuss.tchncs.de 9 hours ago
mushroomman_toad@lemmy.dbzer0.com 1 day ago
People shouldnt need to think about opsec to have private emails. False advertising on Protonmails part, and government policy issue in the countries in question.
tuhriel@discuss.tchncs.de 9 hours ago
It’s not false advertising. Just because a company advertises with privacy, it doesn’t mean they are bullet prove.
they don’t sell your data, they actually have very little data to share at all, but they do follow the swiss law.
They even publish which kind of requests they get: proton.me/legal/transparency
stoy@lemmy.zip 23 hours ago
Arguing about what people should or should not have to do is pointless.
It changes nothing and removes the debate from being practical to being theoretical.
ChristerMLB@piefed.social 31 minutes ago
Expecting everyone to be good at opsec is not a practical solution
stoy@lemmy.zip 3 minutes ago
Well, not everyone needs to be good at opsec, most people are fine as is.
Most people are not working against the government either.
But if you are going against the government, or any large and powerful entity, you absolutely need good, reliable opsec.
When the police comes knocking on your door, you can’t just blame Proton for not informing you about not using your own CC to sign up for your service.
This isn’t a playground, you are dealing with the big boys now, and they have far more tools than you have, unless you learn and adapt, you will get burnt.
So while you are right that bot everyone can be expected to be good at opsec, that isn’t the issue.
The issue is that this was an opsec failure of the guy, it wasn’t Proton messing up.
mushroomman_toad@lemmy.dbzer0.com 23 hours ago
It’s not theoretical. Protonmail should not have handed over the personal data for victims of political persecution.
stoy@lemmy.zip 22 hours ago
They clearly give you options to avoid this scenario, this is not on Proton, this is simply an opsec fail of the user.
Don’t get me wrong, opsec is hard, exhausting and just annoying, it needs discipline and constant focus, you only need to fail once for it to be ineffective.
The customer signed up for Proton, but didn’t follow their guidelines for anonymity, that is not a failure of proton, it is a failure of the user.
gravitas@pie.gravitywell.xyz 19 hours ago
How do you think it would play out if protob refuses lawful orders from a court in the country they operate in?
I do think proton does a lot of misleading advertising, but its still on the user to research and have good opsec. Paying with a card when crypto is an option, using the same service for both email and a vpn, using that service from a public wifi near where you are known to live while actively doing crimes.. Proton is running a business not a criminal protection racket.
starblursd@lemmy.zip 17 hours ago
It’s not false advertising. They don’t log your account usage, they must comply with swiss law, user ignored the anonymous payment methods and used a personal card for an account for illegal acts.
The policy clearly states that they must comply with swiss law enforcement, and never claimed that payment info or metadata is encrypted.
User error
mushroomman_toad@lemmy.dbzer0.com 15 hours ago
Where on their website does it say that fascists can subpoena your payment information on their website? All I see is false advertising saying that no one can read your emails and that their service is secure.
starblursd@lemmy.zip 7 hours ago
Oh I’m sorry I didn’t realize that the credit card you used = the content of emails… Must be a new slang term I’m not familiar with.
Their policy states they must comply with Federal Swiss law enforcement. They cannot give the content of emails as they are end-to-end encrypted and they are zero logs. They are however required to cooperate and give what isn’t encrypted. ie payment info/backup email(if added) if the user had been smart and used one of the anonymous payment methods, they would have told law enforcement. Sorry we don’t have anything that can help
gurty@lemmy.world 23 hours ago
Agreed - Proton is a tool for security but it isn’t a hired babysitter for your personal info.