Privacy

47021 readers

1176 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Privacy-Focused Proton Mail Aids FBI in Uncovering ‘Stop Cop City’ Protester’s True Identity (www.gadgetreview.com)

submitted 1 day ago by StopTech@lemmy.today to c/privacy@lemmy.ml

15 comments fedilink hide all child comments

cross-posted from: https://lemmy.zip/post/60387352

cross-posted from : https://lemmy.zip/post/60387297

Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.

top 15 comments

sorted by: hot top controversial new old

[–] hellfire103@lemmy.ca 9 points 1 day ago

No email provider will go to court for you for €3.99 per month.

From the start of the article:

Key Takeaways

Proton Mail shared payment data with FBI through Swiss authorities via legal treaty

Credit card payments eliminate anonymity despite encrypted email content remaining secure

Third known disclosure reveals pattern of Swiss legal compliance over privacy promises

[–] gravitas@lem.ugh.im 50 points 1 day ago (1 children)

Im not a fan of proton, but this trend of blaming corps for individuals poor opsec (paying with a method linked to their real identity) is pretty lame.

Do people using these services actually expect a corporation to break laws or violate court orders on behalf of their users?

Proton regularly releases very clear info about how often they comply with legal orders, this isnt a secret and its certainly not protons fault that activists had poor opsec.

[–] tastemyglaive@lemmy.ml 3 points 1 day ago (1 children)

It's not something you can avoid by simply not using a credit card. Proton can, at their discretion (such as if you use VPNs outside the imperial core, in which case it happens reliably and instantly) lock you out of your entire account to demand a phone number. Vanishingly small % of people will not have their personal identity exposed by cell data & be ready to deal with losing their account on short notice. It's the same shady tactic that Discord uses to get phone numbers from reluctant people and it should not be tolerated.

[–] voxel@feddit.uk 0 points 15 hours ago

It is probably illegal depending on your jurisdiction and Swiss laws.

[–] orca@orcas.enjoying.yachts 21 points 1 day ago* (last edited 1 day ago)

Proton handed over the info to the Swiss government under a specific law. The Swiss government then turned around and readily handed over that info to the FBI without telling Proton that’s what was going to happen.

It doesn’t make anyone innocent here. Just adding that for clarity because this headline I keep seeing is not correct.

[–] 64bithero@lemmy.world 10 points 1 day ago (1 children)

Morality / Deepstate convos aside. I personally I can’t really fault proton on here. They are the only public provider I’ve seen with 0 tracking across any of their apps.

What they provided was payment info.

[–] 0x0@lemmy.zip 2 points 1 day ago (1 children)

Better than Tuta?

[–] tastemyglaive@lemmy.ml 2 points 1 day ago

Nope and Tuta doesn't want phone numbers. I recommend it for quick stuff. They clearly track IPs but that's easy to work around.

[–] emotional_soup_88@programming.dev 7 points 1 day ago* (last edited 1 day ago) (1 children)

In addition to what @gravitas@lem.ugh.im said, as long as any third party is involved in the handling of PII, there should be no expectation of privacy whatsoever. For instance, I use Mullvad VPN, but that is as much a political/ideological statement to me as it is but one countermeasure against malicious actors in a very complex cyber environment. I could go on about how Mullvad has proven over and over - through third party audits and through actual incident response - that they have zero data to hand over to the authorities. But I won't, because that's not the point here. The point is: if I was involved in something that made me interesting to the authorities in any capacity, putting my trust, privacy, security and life in the hands of one company would not be the way to go about it. Not even in Mullvad, which I otherwise use.

Good OpSec is not about relying on technical solutions. It's about real-world threat modeling, assessment, having three backup plans and careful execution.

Is it morally questionable for Proton to cooperate with the authorities going after activists? Yes. Should there be any expectation of privacy and/or security from the end user's point of view? No.

Manage your expectations and scheme accordingly.

[–] tastemyglaive@lemmy.ml 0 points 1 day ago

I think we can guess how little we ought to trust Mullvad by looking at its server list. They have Israel, the Baltic Israels, and the Asian Israels. Egregiously obvious.