phecda
Adrianna TanFor all the Proton fans
Jason Lefkowitz@skinnylatte Privacy-focused [ enormous asterisk ]
Big Ben
babydisambiguator
MenschAusDerMitte@skinnylatte @protonprivacy can you please explain?
Tim@skinnylatte i've had Proton for over a year now and like them. Anyone who is disappointed about this shouldn't be surprised. They have to obey Swiss law after all.
If you want a privacy-focused email provider, there aren't a lot of choices and Proton is still one of the best.
FreediverX@boojum @skinnylatte
What's the point of paying for a privacy-focused email provider that doesn't provide privacy?
What's the point of paying for a privacy-focused email provider that doesn't provide privacy?
Michael Santaly@freediverx @boojum @skinnylatte the issue here seems more to do with the credit card from what I’m reading
taylor@freediverx @boojum @skinnylatte That they will protect your privacy to the limit that they legally can, perhaps? A privacy-focused email provider that doesn't abide by the laws of the country they operate in stops existing pretty quickly.
If they can't structure their service in a way that avoids the collection and storage of personally identifiable customer data, then they have no business claiming they offer privacy. This is like charging a premium for the world’s most secure door lock when a burglar can easily enter your house by breaking a window.
Jeff Codes@freediverx @taylor @boojum @skinnylatte
Privacy is not anonymity.
Encryption allows the details of a message only be read by sender and receiver. That’s privacy. Email otherwise is inherently insecure and not private. Your email address and the subject are plain text in transit.
It’s not who you are, it’s what you say that is protected.
Keeping financial records may very well be part of Swiss law. I know they have to keep financials for 10 years.
@freediverx @boojum @skinnylatte How do you charge somebody's credit card regularly on a subscription basis without storing any PII or working with a third party that stores PII?
This is like charging a premium for the world’s most secure door lock when a burglar can easily enter your house by breaking a window.
In which case it would be ridiculous to blame the door lock company when somebody breaks your window.
I think a more apt analogy is that it's like a hotel charging a premium for a high-privacy room, but still giving their card records to the FBI when they come with a warrant for those records, telling them what credit card paid for which room.
The Fedilore Otter 🦦@taylor @freediverx @boojum @skinnylatte The company does not actually need to store the connection between the payment information and the email account.
@fedilore How would that work for recurring payments? For one-off payments, sure, you can take payment, mark the account as paid for a time period, and not keep that connection, but for a subscription, the card has to be associated with the account to be scheduled to pay it in the future.
@taylor Service One sells subscriptions and verifies subscription status using the hashed version of a key.
Service Two is the encrypted email service. It also stores an encrypted version of the unhashed key.
Service Two verifies your subscription with Service One the first time you check your email each month.
I'm sure there are easier or more secure ways to do it, but that's one way.
@taylor Even if the cops get the available information from both services, they can't connect them.
dexternemrodAnd this service already exists? Get me right: This sounds (from my amateurish point of view) like a great solution, but is there a service that can already be uses? Or is the idea that proton also creates this service? (Not sure if "timing attacks" could leave a track).
If you need anonymity most services can't help you and it depends on your OpSec.
@dexternemrod @taylor Signal already uses something similar.
Introducing Signal Secure Backups
In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet messages, important documents, or anything else you don’t want to lose forever. This explains wh...
@dexternemrod @taylor I'm not sure I understand. You mean third party?
@dexternemrod @taylor Oh! Sorry, I just meant two services run by the same company.
Two different computers running two different programs.
Gentleman Programmer@fedilore @taylor Could it be like this.
1. I enter my credit card details in Service One (S1).
2. S1 generates and stores a secret account number, SAN in a table with the credit card details.
3. S1 generates and stores a hash of SAN, HAN, and stores it separately as a paid account.
4. S1 gives me HAN, and I enter it into Service Two (S2) which stores it with my email address.
S2 can now verify that the account is paid, by querying HAN. But there's no way to get SAN and the credit card details from the email address.
?
@sjjh @taylor I'm going to point to what Signal actually does, since I don't really know what I'm talking about.
Introducing Signal Secure Backups
In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet messages, important documents, or anything else you don’t want to lose forever. This explains wh...
@fedilore @taylor
Thank you for the link. It says this.
> backup archives are stored without a direct link to a specific backup payment or Signal user account.
It doesn't seem to be specific about how the payment details are separated from the Signal user account though. Maybe they use the anonymous credentials mentioned here.
https://signal.org/blog/signal-private-group-system/
Technology Preview: Signal Private Group System
Groups are inherently social, and Signal is a social app. Whether you’re planning a surprise party, discussing last night’s book club meeting, exchanging photos with your family, or organizing something important, group messaging has always been a key feature of Signal. Signal provides private gr...
Bogdan Buduroiu@freediverx @taylor @boojum @skinnylatte
> If they can't structure their service in a way that avoids the collection and storage of personally identifiable customer data, then they have no business claiming they offer privacy
Well they have, they give you the option of mailing them cash to pay for your service, that the person in question chose to use their credit card just shows bad judgment of their threat model and bad OPSEC.
> This is like charging a premium for the world’s most secure door lock when a burglar can easily enter your house by breaking a window.
Exactly, you hit the nail on the head, the person had bad opsec, like using Tor and Tails to go ahead and sign into your Gmail address before doing something the state disapproves of. Tech really isn't the issue in this case
Michael WestergaardThey can and do. Proton accepts payment in cash and rape dollars ("crypto"), but the user evidently decided not to use that.
Proton is not at fault here, the US government is primarily at fault for abusing the judicial system, and the dissenter is secondarily at fault for not including a corrupt government in their threat model and using one of the several options available to them.
Proton is not at fault here, the US government is primarily at fault for abusing the judicial system, and the dissenter is secondarily at fault for not including a corrupt government in their threat model and using one of the several options available to them.
Jo - pièce de résistance@freediverx @boojum @skinnylatte I’d want my money back. There should be a class action because everyone has been actually paying for nothing.
RussianChineseDeepStateSock@freediverx @boojum @skinnylatte tell me, friends: does anyone know what happens to your access to protonmail in the US if protonmail refuses a legal subpoena?
Yayyy we did it. We did it, everyone.
Eric Schultz@freediverx @boojum @skinnylatte I have complaints about Proton but I don't think this is reasonable. You can't accept credit card payments without ending up with enough personal data to get back to the credit card holder. I think this is more a problem of an economic system that makes anonymous payments impractical.
Nathan A. Stine@wwahammy @freediverx @boojum @skinnylatte they do support cash (USD, EUR, CHF) as a payment method. You just have to tell them which account to credit.
Tim Lavoie@freediverx @boojum @skinnylatte It's all about the threat model, except most of their customers probably don't have one (yet).
Beanface42@freediverx @boojum @skinnylatte What is the point of paying something with a credit card if you want to remain anonymous?
@freediverx @boojum @skinnylatte imagine trying to hold a privacy focused email provider responsible for...... responding to legal subpoenas from states in which they do business.
Yes, lets pretend that is a real critique, and hope people just dont think very deeply about the matter.
k3ym𖺀@boojum @skinnylatte 10000% this.
Campbell Jones@skinnylatte I jumped off of them for unrelated reasons. This just reinforces my decision.
@serebit @skinnylatte unless you’re planning on self hosting there is literally no other email service you could jump to that hasn’t done the same thing.
@k3ym0 @skinnylatte I mean yeah, but I'll put it this way: Proton sells its service on how unbelievably private it is and how they'd never give away your identity. When they turn around and do it, it stings far more than another company who never made those promises doing the same. Kinda like Target and DEI: it was a complete 180 from the way they'd sold their brand.
@serebit @skinnylatte what got him was paying for his “anonymous” account with his Platinum Visa like a normie buying socks on Amazon.
Proton handed over the payment identifier, Swiss authorities passed it to the FBI, and suddenly your anonymity has a name on it.
if you’re not paying with Monero or cash, you don’t have an anonymous email. you have encrypted email with a billing address. those are very different things.
Carl_This really should be front and centre of the discussion. They complied with a valid Swiss court order, as stated on their ToS.
The account holders opsec is the issue if they required full anonymity (possible? Another discussion).
This whole thing is the same as the statement "Your VPN provider won't go to jail for your $5".
If they were served with an administrative warrant from an out of jurisdiction LEA and complied, then WAY more to be upset over.
HTPC NZ@chroma0 @k3ym0 @serebit @skinnylatte exactly, why is it so hard for people to undertsnd this? guess from a US lens they look at it, oh my local cop without even a magistrate warrent got everything from the us corp, so court orders in another county holds the same weight as that email the cop sent through.
@chroma0 @k3ym0 @serebit @skinnylatte the disconnect here is that people think proton is offering something it has never claimed to offer. They will obey all warrants issued to them under Swiss law. They will hand over all personal data they have on you. They have never said otherwise. It is incumbent on the user to give them a minimum of personal info.
Proton sells an email service with messages they can't decrypt. They do not sell anonymity.
David Penfold 
@stinerman @chroma0 @k3ym0 @serebit @skinnylatte
They tried to sell it as that until the French environmental activists got dobbed in. Now it's just services like VPN they sell as being anonymised.
I knew about the Swiss law in 2015 when I binned a privacy-oriented Swiss document management system (for many reasons, including this).
It's not incumbent on the user to have to cloak their IP address. Use Tuta instead. Why can't Proton just not log this information?
@davep @chroma0 @k3ym0 @serebit @skinnylatte
Proton doesn't log IP addresses. In the case Adrianna is referencing, they had to give the info of the payment processor to the Swiss authorities, who gave it to the FBI, who got the identity of the user.
Use Tuta all you want. People should! I guarantee that they will follow German/EU law when served with a legal request.
@stinerman @chroma0 @k3ym0 @serebit @skinnylatte
Interesting re the French activisits, "ProtonMail explicitly says it will be forced to log and hold users’ IP addresses if they are found to be in violation of Swiss laws."
So I guess they could potentially be forced to do the same for VPN users etc.
ProtonMail caves in to French authorities’ demands for user IP addresses
Encrypted email website ProtonMail passes user’s IP address to French authorities, leading to arrest of climate activistA French climate activist has been arrested after the private email service ProtonMail cooperated with authorities after a court ruling, logging details of a user before providing it to the police to identify a French citizen.On Monday, Andy Yen, the founder and CEO of Proton, the company behind the Swiss email provider ProtonMail,
@stinerman @chroma0 @k3ym0 @serebit @skinnylatte
Also, "In his statement, Yen said that the contents of the arrested person’s emails are encrypted and could not be accessed, even by Proton. Under Swiss law, email and VPN (virtual private network) services are treated differently, Yen wrote, claiming that sister company ProtonVPN cannot be compelled to log user data and hand it over to the relevant authorities."
It would be interesting to see whether the law specifically applies to email and not VPN services. It seems an odd distinction to make.
@davep @stinerman @chroma0 @serebit @skinnylatte Tuta and Proton have the exact same policy on logging IP addresses:
Tuta: "By default, we don’t record IP addresses of our users. Therefore, IP addresses can only be recorded for a single user account after we received a valid German court order for a real time monitoring (TKÜ), but not for the past."
https://tuta.com/blog/transparency-report#guide-to-types-of-requested-data
Proton: "From time to time, Proton may be legally compelled to disclose certain user information to Swiss authorities, as detailed in our Privacy Policy. This can happen if Swiss law is broken. As stated in our Privacy Policy, all emails, files and invites are encrypted and we have no means to decrypt them."
William PietriI just looked at their front page and their signup flow. The big print says "Secure email that protects your privacy", and I don't see anything saying, "Oh, but pay us in cash if you really want that." I think it's reasonable that users expect their privacy to be protected. (I also think it's reasonable that people who know the domain deeply scoff at that, because they know better. But definitionally, most people don't know what experts know.)
@chroma0 @k3ym0 @serebit @skinnylatte The out of jurisdiction LEAs will just go via a Swiss judge and they have to comply. The question is why they're logging IP addresses etc.
moin 
WakinUniverseJo@WakinUniverseJo @skinnylatte I switched to https://forwardemail.net. It doesn't currently have a web UI, so I use Thunderbird with it.
Free Email Forwarding for Custom Domains - #1 Open Source Email Service 2026
Get free email forwarding for custom domains. Send & receive as [email protected] with unlimited aliases, 10GB storage, IMAP/POP3/SMTP & 100% open-source security. Trusted by 500K+ users. Setup in 2 minutes.
@serebit @skinnylatte thanks a bunch
scully@skinnylatte @serebit their embrace of crypto is what made me leave.
lil5@rickscully @skinnylatte @serebit
Ironic, had proton accepted Monero, compliance wouldn’t have been possible.
Joris Meys@lil5
You can send cash for crying out loud.
https://proton.me/support/payment-options
Or you can use monero to buy vouchers on proxyStore : https://dys2p.com/en/2025-09-09-proton.html
Don't blame Proton for that user being an idiot.
@JorisMeys @rickscully @skinnylatte @serebit I stand corrected. The fault is still on Proton's marketing, people specifically use their email to attempt to be anonymous. No where in the signup process does it warn you that:
1. not using a VPN or tor (no i2p support)
2. using a creditcard or bank transfer will be logged.
And again anonymity is not privacy, but that's no excuse not to inform.