this post was submitted on 07 May 2024
519 points (94.5% liked)

Technology

57432 readers
4097 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
519
Proton Mail Discloses User Data Leading to Arrest in Spain (restoreprivacy.com)
submitted 3 months ago by [email protected] to c/[email protected]
106 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 52 points 3 months ago (1 children)

Doesn't look like Proton did anything wrong, they can't fight these requests and he was caught by identifying information he linked to his account.

[–] [email protected] 2 points 3 months ago (3 children)

They could disclose the fact that they might need to give that info to authorities and warn users of that.

They never mention it here for example https://proton.me/blog/protonmail-threat-model

[–] [email protected] 15 points 3 months ago* (last edited 3 months ago)

They do mention it on that page:

However, if presented with a valid order from a Swiss court involving a case of criminal activity that is against Swiss law, Proton Mail can be compelled to share account metadata (but not message contents or attachments) with law enforcement.

The only ever claim to encrypt message contents and attachments. And explicitly call out account meta data here as something they can hand over if requested by law enforcement. They also mention they are not good vs targeted and governmental level attacks:

There are, however, some risks for users facing a strong adversary, such as a government focusing all its resources on a very specific target.

And explicitly mention they might be compelled to log and give up information like ip adresses:

if you are breaking Swiss law, a law-abiding company such as Proton Mail can be legally compelled to log your IP address.

[–] [email protected] 7 points 3 months ago

https://proton.me/legal/law-enforcement

Here the mention clearly the data mentioned in the privacy policy which in turns clearly states that you MAY provide a recovery account which will be associated with your account. I also think that anybody that should be concerned for this should understand that law enforcement can get ALL the data the company has on you.

[–] [email protected] 2 points 3 months ago

It's basic common sense. I understand that some people simply don't have any.