"helped" is very misleading. Companies can't refuse to provide information they have when served a search warrant / court order. These companies DID NOT choose to provide the info on their own.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Yep, which I think is why it's more important to see what data is being collected and stored, rather than giving up data based on how trustworthy an entity seems
If the tool doesn't collect or log the data to begin with, then there's nothing that can be stolen/taken/demanded
The solution in this case might be for Proton (and the other companies) to list out risks and data collection information along the way.
We need X in order to do Y. Read more on how Y works. Now here are some risks, and how to avoid them:
Yep, also using "requests" when they were not at all, they were demands.
Obligatory reminder:
Email is not a secure medium! If you need truly secure and/or anonymous communications, DON'T USE EMAIL!
Use a platform/protocol designed from the ground up for those things!
I think it's not the services fault that people aren't aware of the limits of encrypted services. They are not going to shut everythin' down just for a few people, if you need smth anonymous Proton is not for you.
Also, it's your task to have good opsec. If you give your iCloud email to Proton which has personal information sticked to it, your fault.
Imagine talking about opsec and iCloud in the same sentence 🫣🤭
They are not going to shut everythin’ down just for a few people
Although lavabit did...
You can't compare Lavabit to Proton.
And you can't compare urself to Edward Snowden.
if you need smth anonymous Proton is not for you.
I mean, there are better options, but you can also use Proton anonymously. Just have to use it appropriately. If you use it to send your name to the FBI, there ain't nothin Proton can do about that. Same if you link a recovery email linked to a personal account.
I do not blame Proton for complying with a request - it is a completely expected action from a company. However, I would blame them for advertising that makes them seem safer than they are for people who don't know better.
I would blame them for advertising that makes them seem safer than they are
What kind of advertising are you referring to exactly?
This is near the top on their landing page:
With Proton, your data belongs to you, not tech companies, governments, or hackers.
In the EU, one's IP address can be considered private data as it can be used for identification. So far Proton has been caught handing over alternative email addresses and IP addresses, meaning their primary USP isn't really accurate. At least not insofar as governments are concerned. I understand this occurred via Swiss court order, but they should not be headquartered in Switzerland. Panama has a history of rejecting foreign interference. All unencrypted data should be stored in Panama.
Privacy is simply not a binary concept. Proton is as private as it can possibly (and legally) be, so I don't think that checks out.
Proton is as private as it can possibly (and legally) be
That's clearly inaccurate, since they could be headquartered in Panama, and store their data there. That would make them immune to Swiss court orders. There are already hosts which provide server space in Panama for exactly this reason.
That would make them immune to Swiss court orders.
LOL you can't be serious. They would just be subject to Panamanian court orders.
They are located in Switzerland specifically because it's the most privacy-respecting country on the planet. If they get a court order in Switzerland, they're gonna get one literally anywhere else.
LOL you can’t be serious. They would just be subject to Panamanian court orders.
Yes, and since Panama has a long history of telling foreign nations to fuck off, data is much safer there than in Switzerland. At least as a non-Panamanian. You claim Switzerland is the "most privacy-respecting country on the planet," but I'd like to see the evidence. Since they comply with every court order, then I would argue one's data is no safer in Switzerland than most other European countries. Which is to say, completely unsafe from most Western governments.
Since they comply with every court order
What makes you think that?
Because they are required to by law in Switzerland, and would face sanction if they did not.
That's not entirely correct, and in fact they do successfully challenge a large number of them.
Lavabit did, back in the day.
Back in the day.
This makes me feel old.
“Proton does not require a recovery address, but in this case the terror suspect added one on their own. We cannot encrypt this data as we need to be able to send an email to that address if the terror suspect wishes to initiate the recovery process,..."
I love that proton kept referring to the user as the "terror suspect" repeatedly so we would know they're really the good guy here.
Exactly. What makes this a bit complicated and maybe interesting from a historical point of view is that this is about Spain. A country which has been very slow with removing some of the "relics" from the fascist Franco era (Franco died in 1975) and at the same time having regions that long for independence like Basque country and Catalunya (and the post topic is related to that, Catalunya aiming for independence). Since the Twin Towers attacks in 2001 the words "terror suspect" and "terrorists" have been used much more often (also by ordinary "normies" people that I knew) and maybe not always rightly so.
Thanks very much for the clarification to the context, I really appreciate it as someone who had no idea.
You're welcome.
Well it was anti terror laws that were invoked..
Why has proton written somewhere exactly what data can be handed over to police? if there is, they need to be promoting this information more
https://proton.me/legal/law-enforcement
They never said they will fight law enforcement, this is the 1000th time this happens.
If you sign up for a service using real information that can be traced to you (as in this case: home address, personal email) and then do illegal* things with the account, don’t.
The * here is that what the alleged protester allegedly did or said is irrelevant. And the article is pretty clickbaity, unless the author was unaware of how online accounts work.
OpSec fail, never ever use any personal info when you are dealing with something you don't want to be indentified for, it include obviously recovery emails, usernames and passwords.
Do not trust companies.