Mastodawn

So if you're using Proton thinking it's "privacy-focused", it turns out they're giving data to the Feebs now. https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/

Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester

A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.

404 Media

Show thread

Bill, organizer of stuff Mar 5

@adrienne I'm no defender of Proton (looking for an offroad from them, actually), but in this case, they were compelled by legal action from the Swiss government to hand over payment data. Since the payor had used a credit card that traced back to an individual, the Swiss government could find that person. And the FBI somehow (legally?) got ahold of the data from the Swiss. This circumstance is not unique to Proton - it would apply to any legally operating business with credit card customers. 🤦

Show thread

Weird Socks

@wcbdata @adrienne
This is also not new. It's happened several times before.
I'm a Proton anti-fan, just to be clear. I don't use them and won't until their leadership is not Maga-adjacent.
But this seems like some folks might be confusing privacy with anonymity.

Show thread

Malstrøm

🧉Mar 5

@ohmu @wcbdata @adrienne It's happened before *and* Proton has always been transparent about it. And not "buried in the TOS" transparent.

Anyone surprised or outraged by this needs to start considering their threat model before using a service, and understand what you're signing up for.

Show thread

WesDym Mar 6

@malstrom Honestly, "Our company is bound by the laws of the country we're in" isn't some obscure fact, but a constant reality that grown-ups don't need to be told.

Also 'buried' in the TOS: Water is wet, fire is hot, the sky is blue, etc.

Show thread

rk: it’s hyphen-minus actually Mar 5

@ohmu @wcbdata @adrienne

The problem is there’s not much that can be done, ultimately. If you run your own mail server, you’re exposed in a million ways: domain registrar, hosting provider, etc. Short of some sort of “account identifier and pay with an envelope of cash in a hole in a tree every month” anonymous mail hosting isn’t a thing.

Encrypted-at-rest is nice but honestly it does add a fair amount of friction and I’m getting old.

Show thread

just adrienne Mar 6

@rk @ohmu @wcbdata i don't know anything about Posteo but apparently they firewall your payment data away from your account data somehow? So they might be an alternative. https://furry.engineer/@ysegrim/116181161858800673

Ysegrim (@[email protected])

@[email protected] @[email protected] @[email protected] While Posteo.de stores your payment details (they have to), they do not connect it to your account. The only information connected to your account is _that_ you paid. Meaning, while they already straight out reject a third of their requests for formal incorrectness (and file complaints), last year they never provided any user/payment data because they straight up do not store it. https://posteo.de/en/site/transparency_report

Furry.Engineer - Duct tape, hotfixes, and poor soldering!

Show thread

Bill, organizer of stuff Mar 6

@adrienne @rk @ohmu Thank you!