evacideIf you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
cliffle@evacide I've been following the articles on this, and was curious -- you would know this better than I -- does it sound like they were in a position where they had a legal alternative?
@cliffle This is exactly what they have already said they would do, but it is very common for me to encounter people who use Proton Mail who do not expect this.
maya_b 🇨🇦and with owners in the US, there's even more legal jeopardy potential. where the servers are located is less relevant than who owns them.
contrast that with Tuta, sure it's EU owned but you have to go through more layers to get to account details, and not as easily strong-armed.
though the French MS email saga from a while back makes it all muddier. French authorities will comply with requests made through the proper channels, a US judge said she didn't have to and demanded compliance - putting MS-France in non-compliance with the US court order, or non-compliance with French law.
Schroedinger's PossumAll email providers that operate legally - including Tuta - must provide this info if they have it upon court request. If your threat model includes this risk, then having owners in a different country does not protect you at all.
To be clear, I like Tuta, but I haven't seen any evidence yet that they wouldn't be forced to do the same if they operate there.
choomba@schroedingerspossum @maya_b @cliffle This is exactly it. It's bad opsec to leave data your provider can hand over. Any company must and will comply with local law. It's your responsibility to not leave a paper trail. Proton, like a few other service providers like Mullvad, offers cash payments via mail. If you don't use that or stick to a free plan, that's on you.