Privacy-Focused Proton Mail Aids FBI in Uncovering ‘Stop Cop City’ Protester’s True Identity
cross-posted from: lemmy.zip/post/60387352
cross-posted from : lemmy.zip/post/60387297
Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.
Privacy-Focused Proton Mail Aids FBI in Uncovering ‘Stop Cop City’ Protester’s True Identity - Gadget Review
Proton Mail gave FBI payment data from Swiss servers, proving encrypted email privacy has limits when governments use legal treaties to demand user information.C. da Costa (Gadget Review)
pressedhams
in reply to StopTech • • •slevinkelevra
in reply to pressedhams • • •atropa
in reply to pressedhams • • •atrielienz
in reply to pressedhams • • •Privacy ≠ Anonymity.
They are not the same thing, and proton are very transparent about what they will and won't do in this regard.
A🔻atar of 🔻engeance
in reply to pressedhams • • •gravitas
in reply to StopTech • • •Im not a fan of proton, but this trend of blaming corps for individuals poor opsec (paying with a method linked to their real identity) is pretty lame.
Do people using these services actually expect a corporation to break laws or violate court orders on behalf of their users?
Proton regularly releases very clear info about how often they comply with legal orders, this isnt a secret and its certainly not protons fault that activists had poor opsec.
A🔻atar of 🔻engeance
in reply to gravitas • • •Voxel
in reply to A🔻atar of 🔻engeance • • •orca
in reply to StopTech • • •Proton handed over the info to the Swiss government under a specific law. The Swiss government then turned around and readily handed over that info to the FBI without telling Proton that’s what was going to happen.
It doesn’t make anyone innocent here. Just adding that for clarity because this headline I keep seeing is not correct.
64bithero
in reply to StopTech • • •Morality / Deepstate convos aside. I personally I can’t really fault proton on here. They are the only public provider I’ve seen with 0 tracking across any of their apps.
What they provided was payment info.
0x0
in reply to 64bithero • • •A🔻atar of 🔻engeance
in reply to 0x0 • • •durinn
in reply to StopTech • • •In addition to what @gravitas@lem.ugh.im said, as long as any third party is involved in the handling of PII, there should be no expectation of privacy whatsoever. For instance, I use Mullvad VPN, but that is as much a political/ideological statement to me as it is but one countermeasure against malicious actors in a very complex cyber environment. I could go on about how Mullvad has proven over and over - through third party audits and through actual incident response - that they have zero data to hand over to the authorities. But I won't, because that's not the point here. The point is: if I was involved in something that made me interesting to the authorities in any capacity, putting my trust, privacy, security and life in the hands of one company would not be the way to go about it. Not even in Mullvad, which I otherwise use.
Good OpSec is not about relying on technical solutions. It's about real-world threat modeling, assessment, having three backup plans and careful execution.
Is it morally questionable for Proton to c
... Show more...In addition to what @gravitas@lem.ugh.im said, as long as any third party is involved in the handling of PII, there should be no expectation of privacy whatsoever. For instance, I use Mullvad VPN, but that is as much a political/ideological statement to me as it is but one countermeasure against malicious actors in a very complex cyber environment. I could go on about how Mullvad has proven over and over - through third party audits and through actual incident response - that they have zero data to hand over to the authorities. But I won't, because that's not the point here. The point is: if I was involved in something that made me interesting to the authorities in any capacity, putting my trust, privacy, security and life in the hands of one company would not be the way to go about it. Not even in Mullvad, which I otherwise use.
Good OpSec is not about relying on technical solutions. It's about real-world threat modeling, assessment, having three backup plans and careful execution.
Is it morally questionable for Proton to cooperate with the authorities going after activists? Yes. Should there be any expectation of privacy and/or security from the end user's point of view? No.
Manage your expectations and scheme accordingly.
A🔻atar of 🔻engeance
in reply to durinn • • •Hellfire103
in reply to StopTech • • •No email provider will go to court for you for €3.99 per month.
From the start of the article: