this post was submitted on 12 Mar 2026
794 points (91.3% liked)

Privacy

9206 readers
1442 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
794
signal w (lemmy.blahaj.zone)
submitted 1 day ago by not_IO@lemmy.blahaj.zone to c/privacy@lemmy.world
132 comments fedilink hide all child comments
 

mastodon: https://mastodon.social/@mshelton/116214301513839946

article: https://signal.org/bigbrother/district-of-columbia/

context: https://technologymagazine.com/cloud-and-cybersecurity/protonmail-under-fire-over-data-handover

you are viewing a single comment's thread
view the rest of the comments
[–] UnfortunateShort@lemmy.world 214 points 1 day ago* (last edited 1 day ago) (4 children)

Don't hate the player. You can't send mail with E2E encrypted headers and you can't leave payment data and expect Proton to violate regulations and delete it.

Signal has to deal with neither of these issues.

[–] asdfasdfasdf@lemmy.world 1 points 4 hours ago

Mullvad handles payment data in a much, much better way.

[–] sapetoku@sh.itjust.works 8 points 1 day ago (1 children)

The FBI had the payment data and served Proton with a subpoena, they had no choice but to tell which account it was for. The data is still encrypted, though.

[–] VitoRobles@lemmy.today 20 points 1 day ago (2 children)

The FBI did not serve the subpoena directly to Proton Mail.

"We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT," said Proton AG's head of communications, Edward Shone. "Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law."

https://www.msn.com/en-us/travel/news/privacy-focused-proton-mail-handed-protester-data-to-police/ar-AA1XH3R5

[–] XLE@piefed.social 4 points 22 hours ago

Meanwhile, on Proton's homepage:

Highest standards of privacy

Proton is incorporated and headquartered in Switzerland, meaning your data is protected by some of the world's strictest privacy laws.

The standard for email privacy

From newsrooms, activists, and international organizations to academics, Nobel Prize winners, and movie characters, Proton Mail is the trusted choice for secure and private communication.

[–] OhNoMoreLemmy@lemmy.ml 7 points 1 day ago* (last edited 1 day ago) (4 children)

Proton can do what it likes when it comes to messages being sent between different proton accounts. Use of meta data rich protocols like standard email, instead of, e.g., the signal protocol, is absolutely something they can be blamed for.

As is choosing operate from a jurisdiction that can comple them to collect IP addresses.

[–] artyom@piefed.social 40 points 1 day ago* (last edited 1 day ago) (1 children)

Use of meta data rich protocols like standard email, instead of, e.g., the signal protocol

Brother...its an email product though...if you can use Signal, use Signal. But it's a different product entirely.

When my bank sends me verification info and banking statements over Signal I'll be elated. Until then, we unfortunately have to continue dealing with email.

As is choosing operate from a jurisdiction that can comple them to collect IP addresses.

There is no such requirement. They collect them necessarily in order to function.

[–] OhNoMoreLemmy@lemmy.ml 2 points 1 day ago (1 children)

Brother...its an email product though...if you can use Signal, use Signal.

The point is there is no requirement for emails sent between different proton accounts to be as insecure as they are. 

This is something where there are known open source solutions that are just flat out better than what proton is using, and proton just can't be bothered. You can't fix the whole Internet, but proton just doesn't care enough to fix itself. 

There is no such requirement. They collect them necessarily in order to function.

By default proton doesn't log IP addresses. They're just not needed. But when ordered to they do.

https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

[–] artyom@piefed.social 2 points 1 day ago (1 children)

What insecurities are you referring to?

But when ordered to they do.

And your suggestion is...refusing to comply with the law?

[–] OhNoMoreLemmy@lemmy.ml -4 points 1 day ago (1 children)

I explained both these things in the first post you responded to. 

  1. Using email protocols between proton accounts means they need more meta data which is then given up on a search warrant. 
  2. If they cared about privacy they wouldn't be based out of Switzerland. They'd pick somewhere with more privacy rights.
[–] artyom@piefed.social 3 points 23 hours ago (1 children)

And I explained to you that Proton is an email service, not a chat app.

There is nowhere that has better privacy regulations than Switzerland.

[–] XLE@piefed.social 1 points 17 hours ago (1 children)

I think that when communication is between two users on the same platform, it at least could be more like a chat app. Proton distinguishes the uniqueness of this in its own documentation, so it was actually surprising to me when I heard the actual behavior isn't great. This isn't some marketing description either. It's pretty deep in their website.

Ironically, chat apps running over "email" servers actually look surprisingly private these days.

[–] artyom@piefed.social 1 points 17 hours ago

You can achieve the same level of privacy and security as chatmail by either not paying or paying with crypto.

[–] UnfortunateShort@lemmy.world 14 points 23 hours ago (1 children)

They are a Mail provider. You can't blame a mail provider for providing a mail service.

You are basically asking for them to make it seem like you send mail, but in reality you send the message via some other protocol when it's send to Proton users. At that point you might as well not send mail at all.

As for their jurisdiction: The data protection laws changed after they were founded. They are also lobbying against them and have in fact threatened to stop investing in or even leave Switzerland.

[–] OhNoMoreLemmy@lemmy.ml 3 points 23 hours ago

Yes, I think that a transparent upgrade that improves privacy is an obviously good thing.  

And seriously, they should have left. The law allows the Swiss government to force proton to alter the code run on their servers to satisfy requests from foreign governments. That is ridiculous.

[–] FundMECFS@piefed.zip 7 points 1 day ago (1 children)

The annoying part is them marketing themselves as like operating from Swiss “privacy haven” when swiss privacy laws aren’t that good and the parliament is actively destroying them as we speak.

[–] ReluctantlyZen@ani.social 3 points 19 hours ago

Switzerland used to be one of the best countries for it, but indeed not anymore. Proton is well aware and has already moved some infrastructure out of Switzerland.

[–] SuspiciousFlop8964@sh.itjust.works 3 points 23 hours ago

Which jurisdictions can't compel an email provider to log IP addresses? I've never heard of this

[–] socsa@piefed.social -1 points 17 hours ago

Right, so Proton is actually just pop privacy marketing with a side of Trump bootlicking, like everyone with actual cybersecurity credentials have been saying. Got it. There is literally no difference between Proton and Gmail besides ergonomics.