Not exactly the best article. Proton complied with a lawful Swiss request. Their ToS clearly state what they can provide if requests are lawful.
The Proton user had bad opsec by using a credit card to pay for the account.
Had Proton just turned data over to an out of jurisdiction LEA, then it's more of a complaint. But they followed their policy and law here.
Proton offers a Tor address for accounts requiring anonymity rather than just privacy. The crux of this is on the account user
> The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties.
Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?
Although I guess the server location didn't matter in this case since all they wanted was the billing information and the credit card info to identify the person.
This should surprise exactly nobody after it was disclosed back in [checks notes] 2021 that ProtonMail gave up user data to law enforcement and also changed their TOS.
Man 404 Media is really crushing it lately. Thanks to the team!
Proton Mail complied with a legal demand they had no choice but to comply with, providing the basic shred of information the user willingly and knowingly provided.
You want to be anonymous? Don't use your credit card! Don't connect from your home internet connection. (I don't know whether this person did because I can't read the story due to login-requirement). Either way, total non-story. Anyone whose potential adversary is a powerful government should already know this stuff.
Either way, Proton didn't help the FBI. The article title is deceptive and implies a degree of insidiousness or dishonesty that has not been demonstrated by Proton in this case.
As a proton user I know I am not completely anonymous. I pay them for their bundle of services because I get VPN, encrypted password storage and email that isn't scanned for ads and other purposes.
Privacy and anonymity are a gradient. If I needed real opsec from government threats I wouldn't tie a credit card to a service.
Does Proton store the payment information tied to an account for the duration of a potential chargeback period or indefinitely?
Whether they store such info for cryptocurrency payments as well (no chargeback risk) would be telling.
Unsurprising.
If you don't want to receive the punishment for thought crimes, which is being threatened outright more loudly every day, it's increasingly difficult to actually have a dissenting voice online. Don't believe me? Set up a linux VM, Mullvad VPN with a killswitch, then run Tor browser. You MAY be able to get a TutaMail account, which requires a backup e-mail that disappears after a short period of time (allegedly), and then a Proton account with the TutaMail account as your required backup there, but all of the privacy-first "anonymous" services require some form of verification. Then, if the social media network isn't blocking you from signing up via a Tor exit nodes outright, you are immediately shadow banned.
I remain very annoyed with the massive number of engineers that are making it possible for people who can't figure out how to check their e-mail to utilize advanced technology to spy on us, steal our tax money, pervert the technologies we build, and indiscriminately murder innocent people.
We are a community of greedy ladder pullers and that's so disappointing.
Where are the stories about all the other mail providers who routinely cough up everything about your email account, including full content, metadata, and full payment details, on a daily basis?
Proton is one of the few services who accepts anonymous payment, and cannot themselves provide encrypted content in cleartext. They cannot save you from yourself, though.
Wouldn't make more sense to not store information (or have it encrypted without proton having access to it), so they would have nothing to share even if they were forced to comply?
As it should be. All corporations must follow the law. If the police has an order signed by a judge then it is lawful and a necessity for society to work to follow the law.
What is horrifying are big corporations giving access to all user data without recourse. That my data in Europe is send to the USA and accessed without limits by their goverment is a crime and a very dangerous situation.
- Fighting crime in an open criminal case with judge oversight is a very good thing and part of keeping the rule of law.
- Collecting data from all users without probable cause is a crime and will have nefarious consequences for all of us.
Know the difference.
Proton won’t lock me out of my email because I accidentally sang a copyrighted song in a Youtube video. That’s why I use it, not because it’s the pirate bay for email.
Proton = Privacy Theater. Always has been.
> A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
Using Proton for privacy and security is quite ignorant. They are known to support legal requests without ever challenge that request. At least Yahoo has way better record than Proton. I use Proton, but never for privacy reason. It is as good as hotmail and yahoo mail. If you truly care privacy do it in another country. So qq mail and yandex mail have zero chance being look at by any western authorities. And the same with if you distrustful of China and Russia which cant look into Google mail.
As memers say, of all things that didn't happen, this one didn't happen the most.
Dumb Lavabit with extra privacy-washed marketing.
Why is there a paywall AND anti-aging snake oil ads? Pick one. If that's the type of ad you sell it signals to me the site is absolutely not worth the subscription.
> Proton did not provide any information to the FBI ... Swiss justice department > This is an important distinction
Not really, that's a minute procedural distinction without a difference.
> can only happen after all Swiss legal checks are passed.
Oh, don't worry, US also has some "checks", just as useful!
> we understood that a law enforcement officer was shot and explosive devices were involved
And now you're just compounding your fail by siding with the notorious liars against your own customers.
Let me guess .. they weren't going after a "protestor" like the headline would try to lead you to believe.
"Authorities were investigating [them] for their connection to arson, vandalism and doxing"
And there it is.
People will never understand, Proton is a privacy based email server, it is not the dark web where you can do as you please without consequences.
Proton only has access to your IP and device ID, not your data. With IP and device ID, you can easily track an user like finding the ISP, etc.
Do you wanna do naughty things?? Don't use such services do to so.
And ironically,this 404 Media is the only place I found covering this information and they require you to login to read the whole thing.
Hmmmmmmmmmmmmmmmmmmmmm red flag big time!!!!
Wild that it says this on their site:
>Sign up with no phone number: Get a private email account without handing over more personal data than necessary, making it harder for advertisers, data brokers, and other services to track you online.
I guess it doesn't mention law enforcement so ¯\_(ツ)_/¯
Well I guess Proton cannot be trusted. You know what they say, centralization corrupts absolutely
Thank you for sharing. I was trialing Proton Mail but I will move away from it because of this. This is some teenage level crime and legitimate protesting that it threw away its reputation for.
This is feedback from Proton Mail Team I got about this matter:
"Thank you for reaching out and sharing your concern. We understand why this story is alarming, and we want to give you a clear picture of what actually happened.
First, Proton did not provide any information to the FBI. The data was obtained by the Swiss Federal Department of Justice through a Mutual Legal Assistance Treaty (MLAT) process. Proton operates exclusively under Swiss law and only responds to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is clearly stated in our TOS and Privacy Policy.
In this specific case, Swiss authorities determined that the legal bar was met because a law enforcement officer had been shot, and explosive devices were involved during an incident in 2024. Switzerland has one of the strictest privacy frameworks in the world, and legal assistance is only granted in cases involving serious criminal matters.
Importantly, the only information that could be disclosed was a payment identifier because the user chose to pay by credit card although Proton accepts gift cards, cryptocurrency and cash. No emails, no message content, and no communications metadata were handed over. This actually demonstrates how little data Proton holds by design, our end-to-end encryption means we cannot access email content even if ordered to.
We hope this provides some reassurance. Please don't hesitate to reach out if you have any further questions.
Best Regards, The Proton Mail Team"