Because proton put themselves into this position by making false advertising claims. Let's not forget this isn't the first time proton has given away the IP of an individual and last time was even worse because proton at the time was directly advertising they kept no IP logs which they had to quietly remove after giving the Swiss feds the IP.
They dont log by default, they log with a warrant, I guess. But still, hello, they are just companies, they don't owe you nothing. You should all use anonymous services wich will close in fee weeks or months as it's illegal to keep nothing
They dont log by default, they log with a warrant, I guess. But still, hello, they are just companies, they don't owe you nothing. You should all use anonymous services wich will close in fee weeks or months as it's illegal to keep nothing
Proton is not for activism. Treat it as bad as Gmail or outlook for that. Moon Of Alabama blog has lots of criticisms. If you want to be anal about using email for activism and whistleblowing, use a serious provider like Riseup or Disroot. All these Protons and Tutanotas are useless. They are only better than Gmail and Outlook.
There are some idiots that spread nonsense about me that I am paranoid or whatever. Yes I am proud of it, because they are the incompetent ones. Big Tech "security" shills and a lot of kiddies without experience do this.
Edit: I will take the liberty of recommending digdeeper's blog for email providers.
Are you trying to discredit Riseup and Disroot without evidence? Are you a fed by any chance, or a nasty troll? You can go read digdeeper's blog on email providers. If you disagree, you may continue to deny, troll and get banned for speaking nonsense.
I’ve never heard of those 2 providers and they don’t seem to be any better. I’m just looking for facts to back that and so far I haven’t seen any
Being skeptical doesn’t mean being a troll or a fed, wtf. I don’t know what you’re on but it seems cool
As for the « are you trying to discredit … without evidence » I want to answer « what can be asserted without evidence can also be dismissed without evidence »
If you have not dived deep into the rabbit hole, that is a you problem. What level of threat model and knowledge do you even have to be able to contest such claims, that you do not trust Riseup and Disroot? Denying facts and doubling down by not listening is a problem.
I gave you a place to look for facts. If you do not want to and just want to speak gibberish without listening or backing up your claims, you can go to Reddit or PrivacyGuides/Techlore/some shit youtuber and worship Protonmail or Apple Private Relay.
I’ve never heard of those 2 providers and they don’t seem to be any better.
You never heard of the other two providers but yet you already draw the conclusion that they don't seem to be better. What does "better" mean to you in this context ?
Yes. I am surprised people are downvoting me and upvoting him. He is the one who did no research, and I am on the opposite end of the spectrum. I write guides lol. This is privacy community. Anyone remotely serious about privacy must have heard of Riseup, Disroot, Posteo and others.
Exactly! I am not saying that Proton is some kind of virus but lots of folks are screaming "Proton! Proton!" (and "You have to think for yourself!" - Life of Brian) as if it is the only answer for privacy and security.
Riseup exists since about 1999 and is like Disroot non profit with focus on activism. Proton is like some other companies, I think, a response to the Snowden revelations, which is iirc 2013, a time after which self-hosting email (e.g. Mail in a box) became topical for a while and several other new email companies started to pop up.
It is very strange to me that Lemmy users are behaving in a reverse manner to how they should. Are they too young? Or are they too bad at privacy game, believing all this Proton/Graphene/Brave and whatever else is trendy?
rant
What if I were to stop being so aggressive and start accepting as a mod all this nonsense claimed by chest thumping randos? I think I now see why privacy communities are usually so shit. It is these moments where the seeds of falsehoods are implanted, and they become rumours and then gospel truths. Only when moderators have serious knowledge (qualified) and are defiant in the face of nonsense, can a community remain unspoilt. But qualification is also a problem, because "authorities" will try to hijack such an endeavour and ruin it.
It is very strange to me that Lemmy users are behaving in a reverse manner to how they should. Are they too young? Or are they too bad at privacy game, believing all this Proton/Graphene/Brave and whatever else is trendy?
It is indeed probably a new and young generation preferring to watch videos on their smart phones rather than reading from a desktop computer. YouTube (with its influencers and content creators) is very popular and that is unlikely to change any time soon. Problem is that getting privacy and also security right is not that simple. Take for example the Riseup and Disroot comments in this thread. I trust Disroot and Riseup to do the right thing, and I bet that handing over personal data would be about the last thing they would ever do. I guess this is difficult to understand for people who have nothing at all in common with activism and for that matter anti-capitalism.
Serious topics like privacy and self improvement have become very similar in people's perception. They are also just another thing to consume, as unhinged as it sounds. Everything must be consumed, everything must be rented. Everyone must live in a distorted perception of "safety", whose harbingers are fucking western corporations. It is insanity and it must be prevented from taking over Lemmy's communities atleast on main .ml instance, and I will do what is needed to prevent that, in places I moderate.
Serious topics like privacy and self improvement have become very similar in people’s perception. They are also just another thing to consume, as unhinged as it sounds. Everything must be consumed, everything must be rented. Everyone must live in a distorted perception of “safety”, whose harbingers are fucking western corporations. It is insanity and it must be prevented from taking over Lemmy’s communities atleast on main .ml instance, and I will do what is needed to prevent that, in places I moderate.
Oh so you believe that Proton wants to hand out user data? Absolutely not. It gives them bad publicity and discredits them.
Capitalism and activism has nothing to do with the subject. We’re here for privacy and anonymity. A good service is trustless. It’s not up to Disroot and Riseup to decide whether they’ll hand out user info or not. They subject to some legislation because of the country they’re based in, and I don’t think they’re willing to go to jail by not cooperating.
And you can spread your hate towards the younger generation and smartphones all you want, it only makes you more irrelevant. You didn’t write any argument as to why those services are better except “they’re activists” and “I trust them”, which doesn’t matter in any way.
Except with a VPN you’re not identified by the servers you connect to, so they can safely not log any traffic and as such, law enforcement can’t ask to hand out data about a specific account because they don’t know which account did it. Same goes for logging the IP of the account, because again, they don’t know which account it is, and can’t force a service to log all users for the sake of finding one.
It’s not true for mail services however, as the email address is your login and/or is linked to a specific account, forever and exclusively.
Disroot stores your IP address so there’s already that. Didn’t check the other one.
Except with a VPN you’re not identified by the servers you connect to, so they can safely not log any traffic and as such, law enforcement can’t ask to hand out data about a specific account because they don’t know which account did it. Same goes for logging the IP of the account, because again, they don’t know which account it is, and can’t force a service to log all users for the sake of finding one.
VPN and Tor and I guess i2p can disguise your IP address indeed.
It’s not true for mail services however, as the email address is your login and/or is linked to a specific account, forever and exclusively.
What I’m saying is that VPNs can legally not give out your info, while mail services can’t, because of the technical reasons I mentioned, and as such, it doesn’t make Proton any more faulty for handing out info that it would make Riseup or Disroot to do the same. At the end, they’re all legally required to comply and will do if asked to.
What is wrong with claiming sun rises from west, or sky is not blue, or a pedophile will not do bad things to kids? I am sure you can find the logic, and consider researching a little bit and making yourself knowledgeable before raising such absurd questions. Or maybe stop consuming privacy content from slimy YouTubers?
I should for sure trust a random guy on Lemmy with no arguments whatsoever and that criticizes well established services for no reason, and also criticizes all YouTubers with no distinction.
Yes you can trust Techlore, Privacy Guides, Proton, Brave, Graphene, Google, Apple, Microsoft and all the big companies. Also make sure you are a well behaved citizen and always obey politicians and whatever is shown on TV too. Never step out of line. You are a good boy. Never use crypto, only legal official public banks.
I can never take someone like you seriously, that has the audacity to lift fingers yet defend the "well established" scum blindly.
I referred you to digdeeper's blog for information on email providers, yet you refused. He has an indepth analysis, something you are incapable of performing for all notable email providers. So I do not think I have much reason to reason with you, since you were unwilling to listen from the beginning, and are continously defending the "well established".
If I see nonsense from anyone, I will not hesitate to use the hammer. Enough of this nonsense in privacy communities on Internet.
Oh and since you want to know who this random person is, I created r/privatelife and have a few good guides to my name, and have been using darknets for over a decade at this point. Significantly responsible for building up Lemmy to what it is today. So much for credentialism. What are yours?
Oh so you use the argument of authority now. Great.
I’ll check your thing. I would have enjoyed if you could have linked it because I’m a young stupid guy with a short attention span, but fine.
If you actually checked my profile you could’ve found out I’m pretty deep into Monero, and that’s pretty much what got me into Lemmy. Don’t make assumptions without knowing people.
I checked this page https://digdeeper.club/articles/email.xhtml#disroot and surprise surprise, no real arguments apart from quoting stuff from disroot's website. Disroot has a worse privacy policy than Proton, stores email unencrypted. You’re basically trusting Disroot not to do harmful things, which is a red flag when you could recommend services that do things properly.
If that’s the best source you have, I seriously doubt your knowledge.
I do not think you understand how email even works, do you? It is funny you trust Proton, even though they disallow logging in without their app or JavaScript stuffed web UI. Also, how are you verifying Proton's encryption keys on their end? It tells a lot about your level of knowledge, honestly. You do not even understand how email or encryption works, yet you have the balls to claim Disroot is worse than Proton. Go play Roblox, kid. Reddit seems to be at your level. If you PGP your messages/emails on your own, or use OMEMO or similarly good algorithm with full key ownership, only then is encryption verifiable and valid. People like you just like to validate shit like Proton snitching.
Also what about authority? My authority is formed from sheer hard work done without taking a single donation. I write guides for privacy and anonymity and built a community through this expertise. And unlike a lot of agenda based nonsense and worthless SEO filler disguised as guides, I offer honest and good solutions. And I did skim your profile, and found nothing notable other than usage of XMR. Do you know what is the worst criticism about me behind my back? I am paranoid. Go figure.
You can’t encrypt received unencrypted mail (except if you use POP but it’s not an option if you have multiple devices), but you’re right about one thing, it’s that we can’t trust that proton doesn’t store the encryption keys. Although it is still safer to go with them because if they did, they would either have given the mails to the govs, exposing them (which didn’t happen), or they just wouldn’t hand out your mails, which is better than nothing.
You really have a problem with people. You can only attack personally or throw baseless insults.
I talked a lot about XMR, but also talk about session, Firefox and its privacy, file sharing like torrents, pirated stuff, VPNs… and I haven’t been very active on lemmy. But I don’t see how that gives you any more power in that conversation, knowing how bad you handled it.
You’re just saying the same thing over and over while not understanding that what you propose is no different (or even worse), and that your pseudo arguments are empty and invalid. Just stop.
it’s that we can’t trust that proton doesn’t store the encryption keys. Although it is still safer to go with them because if they did, they would either have given the mails to the govs, exposing them
You have trouble reading the room and what you are even saying. Do you not realise there are now multiple instances where Proton has snitched on activists? Riseup, Disroot and others have not. They do not store logs, wipe everything every day or week and are not marketing nonsense to people.
I have a problem with delusional people who cannot understand things, but are ready to argue about anything to win the internet debate at all costs. Yes I am aggressive about it, because the privacy community is a bunch of close minded self-proclaimed experts with nothing to show for it. I have seen this ad nauseam for years upon years now.
The fact that you really believe in the nonsense that Proton is better than something activists use with a lot of proven trust is sheer fucking insanity. On top of it, you trust the "well established" liars more than whatever you assume the other people or endeavours are. There is very less room to talk through with folks like you, who already are deep into the trench and refuse the handed down rope. I trust Proton barely more than Gmail or Outlook in that it does not scan my emails for ad/revenue purposes. If you think they have encryption, you are a joke.
You react to small disagreements with insults, accusations of the user being a fed and threats of censorship (banning him because you disagree with him). I have no idea if you're an admin on lemmy and actually have the power to do this, but this is fairly downvoteable in my view.
What if I started allowing idiots claiming Apple is privacy friendly and people should absolutely trust Google Nest speakers because Google is a big company?
Disagreements are not small, when someone attempts to establish alternative reality as facts. This is why the bold stance is necessary.
Let me ask, how many years have you been deeply into the privacy endeavours? And I mean deeply. 2? 3? 5 years? I was using Tor before I hit teenagehood. You need a certain level of authority to keep such problems at bay, when one is unwilling to listen, act proud of not researching and double down on their nonsense takes. Maybe you like the shitty advice given on Reddit or other garbage privacy communities where Brave, Pixel and iPhone are recommended, but this is not going to be one. Privacy communities are full of half knowledge loonies and grifters, and there is almost no defense against it.
Their privacy policy. They log IP addresses and are not immune to legal actions, and as such, are not really better than Proton in terms of legal actions
Their privacy policy. They log IP addresses and are not immune to legal actions, and as such, are not really better than Proton in terms of legal actions
You’re the ones defending a service yet you don’t know that. Seems like someone who just found out the service can do better research. But hey, thanks for not being overly aggressive and claiming to know everything like this other guy.
You’re the ones defending a service yet you don’t know that. Seems like someone who just found out the service can do better research. But hey, thanks for not being overly aggressive and claiming to know everything like this other guy.
I simply asked you a question and thanks for pointing out more details. I have decided to trust Riseup and Disroot for reasons in the past. It is up to me to care about my privacy and security when there is the need for it. Other people will use Google Gmail with GnuPG, that up to them.
Well, that is partially true. But email with PGP used by both users is not bad. Funnily, Nuegia owner tried to scold me over holding this view that you hold, few years ago.
PGP doesn’t protect anything but message contents.
Indeed, be careful with choosing your email subject line when using GnuPG to encrypt.
Additionally, if you key it compromised all of your messages are compromised.
Yes, maybe for some people it is. I once knew a person who created a new GnuPG key every few months. It is also recommended in some howtos that making your key never expire is a bad idea.
Proton should look who was asking the disclosure. He's a known far-right judge that opens cases like beer cans. And the "terrorist" group is marked as such because someone had a heart attack the same day there were protests in Catalonia.
Does it matter? He's still a judge with a judge's authority. If their policy is to obey the law then the political views of the judge don't change the fact that his order was lawful.
A Russian/Chinese judge ordering the disclosure of data about a Spanish citizen? Then no, because judges from one country should hold no jurisdiction over citizens of other countries (unless it's about things these citizens did in the judge's country - which is not the hypothetical case here)
A Russian/Chinese born person who became a judge in Spain? Then yes, because the judge's ethnicity should not be a factor on whether or not their authority is respected.
A Russian/Chinese judge ordering the disclosure of data about a Russian/Chinese (respectively) citizen? Then this depends on whether or not Proton Mail is willing to stop doing business in Russia/China (again - respectively). Though I'm not sure if that will save them, since it may still be possible, even after the cut ties with that country, for the government to go after them using international treaties.
At any rate, my point is that the decision of whether you obey the law or protect your users should be about the country as a whole, not about any specific judge employed by it. Choosing to obey some judges of the country while ignoring the warrants signed by other judges of the same country is just stupid. The country will not trust you to respect their authority and will not permit you to do business there, while the users will not trust you to keep your promise to protect them and won't use your service.
And then I am the one exaggerating... I'll say it again, Proton is just another company that managed to find clever ways to profit from a group of people who value things such as "privacy".
They're just a very large marketing effort with little to nothing to show but everyone is convinced they're actually protecting users while they keep pushing proprietary / half open and non standard stuff as solutions for problems already solved with truly open tools, standards and protocols.
Proton did nothing wrong here; in fact, it is working as intended.
No email content or attachment was provided in this case because they (Proton) have nothing to give. Now, imagine if this user were using Gmail instead of Proton.
The article title is clickbait and is trying to incite outrage from the crowd. Don't fall for it.
No company is going to legally go to bat for you for $10/mo. I love how Proton nonchalantly calls out the user's dumb move in the article:
Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method. Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order...
At any point in the process, does it warn you about setting up recovery with personal email addresses?
Feels like with as much as Proton advertises nowadays as a privacy protecting service, they need to be taking into consideration that a lot of their customers now are going to be average users who don't know anything about proper OpSec. They should be much clearer about what things they can't protect you from.
It shouldn't be in a press release like this, they should be explaining the difference between privacy and anonymity to the customer. It's not like their marketing team isn't aware of the fact most people don't know any better.
It's in their best interests, too, because it doesn't matter how many times you say "we provide privacy not anonymity", the headlines are a bad look.
It is worth noting though, that Proton doesn't allow you to use certain domains for recovery addresses. Admittedly this was awhile ago and maybe things have changed there but when I first joined Proton they wouldn't allow me to set a duck.com or simplelogin.com or addy.io address as a recovery email.
Obviously using an apple ID is stupid but Proton could make more of an effort too.
They are actually quite aggressive about blocking disposable emails, most free services don't work. I have used protonmail a few times for semi-disposable accounts that used disposable emails to sign up, and some of them were banned later.
No, only the ones on Proton. If you send or receive an email from outside, it's unencrypted there.
But still, it's little to no difference for law enforcement. They will get the real address and whichever little info Proton or the other provider has on you.
Oh, nice! Where was the VPN server, if you remember? Also heard of it being possible on a real Android device, but not on an Android VM so even harder to fake.
It's best for anonymity to not use one at all. Proton provides a recovery key to allow access to your account if you manage to lock yourself out. Keep that key somewhere safe/secure.
Thing is, Protonmail has been telling people this from the very beginning. It's like it gets rediscovered every year or so when somebody else gets busted.
Proton does require a recovery email address if you sign up to a mail forwarding service or similar, right after creating the account. In that case the account remains locked if you don’t, so that’s just a lie
Still, it wasn’t optional for me, so I’m pretty annoyed that they’re saying it.
You can remove the mail after but indeed, I won’t trust proton with not keeping that info. The mail has to be entered in the recovery email field, and then sends mail to the recovery email when you have unread mail. So it’s not a one-time mail sent with a code.
All the commenters suggesting that Proton is just a company and would always give in to legal requests and all other companies and any email provider would do the same, here's some more to add. Yesterday I saw a now invalid toot comment from ProtonPrivacy on Mastodon Social where they wrote that it was Apple who was to blame and that Proton gave the recovery email address only because this was a case of a terrorism suspect suggesting that if that (terrorism) was not the case they would not have given in to the request. Today their comment sadly gives a 404 error. Searching a bit further this article comes up mentioning Proton and Wire :
In the new resolution, the National Audience judge recalls that in January, in a judicial report he issued on the case, he highlighted a conversation from July 12th and 13th, 2020, about the king's visits, which was included in the Tsunami investigative evidence, and of which he admits that until that point he had not made reference in his investigation which extends over the period from 2016 to 2022. Specifically, one of the people under investigation, the Girona businessperson Josep Campmajó, spoke to the figure named Xuxu Rondinaire, with profile @marietadelulllviu, about mobilizations in 2019, using the Wire messenger app. The judge has asked for the identification of this person, information now obtained by the Civil Guard, which details that they used Europol to ask the Swiss authorities for the Wire firm to identify the person behind this pseudonym, with a profile that is also used in Proton Mail, an encrypted email system. In the police cooperation form requesting the information, the Spanish officers indicate to the Swiss authorities that the investigation is for the crime of terrorism.
@lemmyreader Yes, the name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can't decrypt data, but in terror cases Swiss courts can obtain recovery email.
So proton will only give users' information to governments if the government calls the user a terrorist. Good thing governments don't just throw that word around willy-nilly!
I used to use Protonmail and VPN, but one day my password just randomly stopped working and I lost access to everything. Switched over to Tutanota and Mullvad and have had zero issues since.
Lmao you're right. Removed the first part. It came to look like an ad because I posted my first thought, then came back with my second one and appended it.
As far as the password goes, to this day I have no idea how it happened. I don't want to admit I use the same password for everything, but ye know.. it just stopped working for Proton one day.
only as private as you make it. they are required by law when mandated by a warrant to release IP & other (unencrypted) data they have on you. use a proxy to connect & take other opsec measures to conceal your online identity just like other sensitive web browsing activities if you want to use email "privately".
this is really only helping anonymity though, as the email protocol has no built in encryption. unless you are using PGP it really isn't apt for secure communication at all.
Maybe also just consider any email insecure by default ? Like it's fcking email, having privacy, let alone security or anonymity is just like trying to mod a skateboard into a secure highway vehicule imho
Logically, any service, whether private or not, is required by law to reveal the user data they have, if there is a court order for a criminal investigation.
Proton cannot refuse, if it does not want to face a complaint that could even lead to the closure of its service. That is, in this headline the "Proton Mail" can be replaced by any other email, host, chat, social network, VPN, Lemmy, it can occur in any of them.
As said, read TOS and PP of what you use
Out of curiosity, can you link where Proton said they don't have the user's recovery email, that the users themselves attached to their Proton account?
They don't have information about the content of the mails, but same as any other mail provider the account data and the IP, this is the data which they can provide to the police. The rest are informations from the ISP and from own investigations of the police itself. Because of this the title that "Proton discloses user data leading to arrest in Spain" is somewhat sensationalist.
