A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
@LittlePolarBear @404mediaco @Tutanota
Or pay in cash or crypto and don't use a recovery adress but recovery codes instead.
Nothing new here. It's the same issue for all mail providers. Proton is pretty clear about those issues and provides some solutions at least.
@LittlePolarBear @404mediaco @Tutanota And if you pay for Tuta with your credit card, Tuta will also provide those payment details when compelled by a court order.
The key, with either service, is to pay anonymously.
@marion_grau @iampytest1 @404mediaco
Edward Shone, head of communications for Proton AG, the company behind Proton Mail, told 404 Media in an email: “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT. Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law.” Functionally, though, the material was provided to the FBI.
@404mediaco It's worth reading
https://www.ivpn.net/blog/your-vpn-provider-wont-go-to-jail-for-you/
The phrase in the title is a common trope that comes up when VPN services are discussed. While this statement is technically correct, it can be misleading, as it implies that all providers handle law enforcement requests and prepare for worst case scenarios similarly, so their conduct cannot be a differentiating factor when you evaluate them.
@404mediaco Your VPN provider will not go to jail for five dollars
https://www.ivpn.net/blog/your-vpn-provider-wont-go-to-jail-for-you/
The phrase in the title is a common trope that comes up when VPN services are discussed. While this statement is technically correct, it can be misleading, as it implies that all providers handle law enforcement requests and prepare for worst case scenarios similarly, so their conduct cannot be a differentiating factor when you evaluate them.
They are required to store client identification data for 6 months by #Swiss law
Art. 22 SPTA
@manankanchu @jtb @404mediaco Which is very common practice worldwide - exact timelines vary, but in general it gets stored for quite some time. If you want your payments to be as invisible as possible, you find methods that cannot be directly traced to you. Mailing money, using a prepaid gift card, or cryptocoin via multiple layers of abstraction to make it hard to trace who each transaction involves.
This is a reminder of what data can and cannot be accessed. Proton might not be able to hand over the direct contents of your emails and whatnot, but data like this can be handed over if required.
Unluckily it's not that simple in Switzerland
ISPs are required to identify their customers, whichever way they do that - at least in cases, where Swiss network identifiers (like Swiss IP addresses for a VPN service) are being used.
If the ISP doesn't request ID card or other verification of physical address, etc. they can e.g. use payment details for certain services. In such case they are not allowed to accept anonymous payment like Bitcoin or other means ....
Desde cuando Protonmail tiene que proteger delincuentes? 💬
@404mediaco
Looks like this is behind a paywall. Chances are the actual culprit is the Swiss government. Court orders also exist in Switzerland I assume. There’s always the chance of exposing yourself via metadata.
@404mediaco From @protonprivacy on Reddit:
"First, let's correct the headline: Proton did not provide information to the FBI. What happened is that the FBI submitted a Mutual Legal Assistance Treaty (MLAT) request, which was processed by the Swiss Federal Department of Justice and Police. Proton operates exclusively under Swiss law, and we only respond to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is an important distinction." ...and more
@404mediaco According to @protonprivacy :
"No service can operate outside the law entirely, and Swiss law requires compliance with valid legal orders in serious criminal cases. What we can promise is that the legal bar in Switzerland is among the highest in the world, and our architecture ensures we have as little data as possible to hand over."
and
"For users who want maximum anonymity: use Proton with a VPN or Tor, pay with cash or cryptocurrency, and don't add a recovery email."
@404mediaco Here's the latest response from @protonprivacy as far as I can see, which includes a bit more detail than this just being a run-off-the-mill MLAT
"This wasn't a routine investigation. Swiss authorities determined that the legal threshold was met because a law enforcement officer was shot, and explosive devices were found during a protest in 2024. Switzerland has one of the strongest legal frameworks for privacy in the world, and its standard for granting international legal assistance is exceptionally high. This case met that standard. "
https://www.reddit.com/r/ProtonMail/comments/1rlt75p/comment/o8xtkgt/
Quinn Rhodes (he/him)
404 Media
LittlePolarBear
Seb
Azuaron
Michael Santaly
iam-py-test
Egon Willigh☮gen 🟥
Marion Grau
J. R. DePriest 
:EA DATA. SF:
NasaGuy 
ProScience 🇪🇺
davecb 🇨🇦
DrRac27
halfredgreenapple
Limón
Bill Halcyon
jtb
Matthias R. Koch
Senil
Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️
Xypress Privacy 🛡️
Frank Quednau
Mikill
Troed Sångberg
Tip
Frans Super 🇺🇦🇵🇸🍋 FKNZS🔻