A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.

I saw this over on reddit and people complaining that they “betrayed” their user base. It’s amazing how many people think just because they’re privacy based that means they won’t respond to a lawful court order.

  • Assassassin@lemmy.dbzer0.comEnglish
    688·
    1 day ago

    I don’t really see how proton is the bad guy here. If they gave VPN logs, sure, they claim to not keep those. They make no claims that their email service is completely anonymous, though. If you’re going to do something that riles up the feds, use a disposable email or pay for email using a method that isn’t easily traceable. If this person had done that, proton wouldn’t have had any info to respond to the subpoena with.

    • ItWasntMe@discuss.onlineOPEnglish
      433·
      1 day ago

      Honestly it’s my take. I have proton. I know i’m paying with a credit card so if they were served a warrant for my information, they’d get it. BUT they wouldn’t get anything from my email because 1) It’s encrypted and 2) it’s encrypted with my own key and not the one generated by Proton when you create an account. I casually wonder if someone didn’t fully understand the nuance of things like this in the modern surveilance state.

      • Atherel@lemmy.dbzer0.comEnglish
        151·
        1 day ago
        1. It’s encrypted and 2) it’s encrypted with my own key

        None of this is of any use if the mailbox of the sender or recipient of the email is not also encrypted.

      • Assassassin@lemmy.dbzer0.comEnglish
        142·
        1 day ago

        Yeah, I’m also using proton and knew about this type of situation happening before. If I was going to do something illegal/disruptive enough to attract the attention of police, I simply would not attach my personal email to it. I just don’t see why anyone would think that the police won’t have a way of tracing a service that you paid for with banking details in your name back to you. It’s just shitty opsec.

    • lambalicious@lemmy.sdf.orgEnglish
      62·
      1 day ago

      Proton is in the bad, or at least in the wrong, for keeping PII about a client to identify via payment option (and did extra wrong by not securing it enough). Honestly, this could all have been avoided if Proton offered a one-time payment service, like SDF does, so that once the payment is received the connecting information can be deleted or expired (or even better: never collected). But a rent-seeking grift model such as subscriptions likely precludes this capability.