Proton Mail came under scrutiny for its role in a legal request by the Spanish authorities leading to the identification and arrest of a user.
  • @Alk@lemmy.worldEnglish
    1247 months ago

    This is non-news, like all tech companies, they are bound by law to do this. It happens more than 6000 times per year for Proton. However, this user just had bad opsec. Proton emails are all encrypted and cannot be read unless law enforcement gets your password, which Proton does not have access to. Even if Proton hands over all data.

    • @0x0@programming.devEnglish
      117 months ago

      Proton’s mails are encrypted… between proton accounts. Send an email to a hotmail account and bye-bye encryption. Proton does rely on PGP so you can use that if the recipient supports it.

      • Encrypt-KeeperEnglish
        177 months ago

        They mean encrypted at rest. As in, Proton cannot hand over a copy of all your emails to a law enforcement agency, they don’t have access.

        This means law enforcement would have to capture an unencrypted email in transit, or obtains your emails from either recipient individually.

  • @TheTimeKnife@lemmy.worldEnglish
    277 months ago

    Doesn’t look like Proton did anything wrong, they can’t fight these requests and he was caught by identifying information he linked to his account.

  • @BertramDitore@lemmy.worldEnglish
    267 months ago

    I don’t know much about the case beyond some very lazy peripheral searching, but it strikes me that Proton’s compliance isn’t an issue, but the requests themselves are totally unjustifiable and based on malicious prosecutions to nab some separatists on ridiculous terrorism charges for their nonviolent action and protests.

    This individual is suspected of being a member of the Mossos d’Esquadra (Catalonia’s police force) and of using their internal knowledge to assist the Democratic Tsunami movement.

    The requests were made under the guise of anti-terrorism laws, despite the primary activities of the Democratic Tsunami involving protests and roadblocks, which raises questions about the proportionality and justification of such measures.

    • gian English
      17 months ago

      Probably the request to Proton arrived from a Swiss judge, who received a request from Spanish judge, and he evaluated the request and decided that it has merit.

  • @Im_old@lemmy.worldEnglish
    167 months ago

    Proton a few years ago disclosed the IP address of the user of a certain mailbox upon request by LEA. That was enough to get the person found and arrested (I don’t remember what the case was about). They HAVE to comply with these requests, but they DON’T need to log/retain those info ETA: and I was wrong, thanks @Cheradenine@sh.itjust.works to set me straight. But I think the point still stands. I don’t want to be ALWAYS be tied to a VPN, there are some scenarios where I can’t use a VPN.

    That was the moment I decided to selfhost my email server.

    • @pressanykeynow@lemmy.worldEnglish
      37 months ago

      That was the moment I decided to selfhost my email server.

      So now the hosting you use will share the same(or likely much more) data if some government requests it.

      • @Im_old@lemmy.worldEnglish
        17 months ago

        They can get my encrypted drive. My domain name is registered to me so that’s clear it’s my email. But no content.

  • @Pohl@lemmy.worldEnglish
    797 months ago

    “Privacy” means two different things depending on the audience. For me privacy means that my information is not being used to advance some organizations commercial interest. For others it means that my information will never be shared with a government.

    Don’t advertise to me

    Or

    Don’t narc on me

    I guess I don’t really expect a company to resist pressure from government agencies on my behalf. Especially if I have been using their service to commit crimes in my country. If you are doing things your government would prefer you didn’t, hire a good lawyer and consult with them about what should be sent via email (spoiler, it’s nothing). The mafia doesn’t send emails, or put anything in writing, if you do crimes, you shouldn’t either.

    • @efstajas@lemmy.worldEnglish
      287 months ago

      I guess I don’t really expect a company to resist pressure from government agencies on my behalf.

      Personally, I expect them to resist to the extent possible by law. The cops need to follow a lot of rules to make legally binding requests for data. I understand that if they do, there’s not much a company can do other than hand out the info, but if there’s a legal way to deny such a request, I expect the company to pursue it.

      • @PM_Your_Nudes_Please@lemmy.worldEnglish
        57 months ago

        Pretty much. I’m not expecting a company to spend millions of dollars in court costs and lawyer fees on my behalf. But if it’s clear that the government is overreaching, the company should at least go “hey uhh judge, wtf?”

    • @xenoclast@lemmy.worldEnglish
      37 months ago

      Companies selling data don’t tend to be picky who they sell to. Governments and police buy data all the time.

      The best part is a government can buy data and and can change the rules on what is illegal.

      So, if they decide tomorrow that your innocent behavior is a threat, you’re now a criminal.

  • @flop_leash_973@lemmy.worldEnglish
    307 months ago

    As much as some of us may dislike it when a company does these kinds of things. You can’t really blame them for following the laws of the country that they are headquartered in.

    You can blame them for operating there to begin with in cases like Apple in China, but you could hardly blame them for following the laws of the US where they are headquartered for example.

    If the law of the land where the headquarters is requires them to give up the data they do have to partner nations then they don’t really have much choice in the long run if they want to continue to exist.

    • @ikidd@lemmy.worldEnglish
      137 months ago

      “Nobody’s going to jail for you” is pretty much the way to think about any cloud privacy service. They may not keep logs unless they’re required to, but in the end, they will comply to stay in business.

  • @asdfasdfasdf@lemmy.worldEnglish
    117 months ago

    What I am find curious about this is if a recovery email would have any weight in court. I can add whatever recovery email I want to an account. It doesn’t have to be mine.

  • @Alpha71@lemmy.worldEnglish
    227 months ago

    If you use ANYTHING other than face to face meetings when discussing something illegal, you get what you deserve.

  • @taanegl@lemmy.worldEnglish
    -57 months ago

    This is why you sign and encrypt the contents of email. If the recipient doesn’t have the public key, they can’t read the content.

    Allowing a service provider to “handle your keys” is tantamount to letting the fox watch the henhouse.

    Proton doesn’t provide IMAP/SMTP access for free accounts, so you won’t be able to encrypt emails locally.

    This ultimately is the tech version of “trust me bro”. This means you are as secure on Proton as you are on GMail, depending upon how you use the service.

  • @Sam_Bass@lemmy.worldEnglish
    17 months ago

    Yes its a good thing the result is what it is, but you watch, theyll try to use it as justification. And as a small(ish) fyi, try running a tracert on whatever site youre looking at. Unless you are directly connected to that site, there are likely multiple hops -domains- that your connection passes through to get from your machine to the target. Each one of those has the potential to read what youre doing and reporting on it.