wakest likes your bugs ⁂RE: https://mastodon.social/@404mediaco/116178581339270397
Proton is a honey pot. If you are using it as an activist you should think twice about what its actually providing you.
heres the full article behind the paywall https://archive.ph/gx6U4 (yes I know archive.today has some serious issues too, but I don't have a better source to unpaywall links yet)
Proton doxxed @defendATLforest directly to the Swiss authorities which then handed the information directly to the FBI. The police have KILLED people defending the forest there. Tortuguita died for this movement https://en.wikipedia.org/wiki/Killing_of_Tortuguita
Hey @thefinalstrawradio, yall should probably cover this Proton situation...
Pretty interesting comment thread on the @404mediaco's Instagram post about this story https://www.instagram.com/p/DVhXbQfjMH-
404 Media on Instagram: "Privacy-focused email provider Proton Mail provided Swiss authorities with payment data that the FBI then used to determine who was allegedly behind an anonymous account affiliated with the Stop Cop City movement in Atlanta, according to a court record reviewed by 404 Media. The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties. Edward Shone, head of communications for Proton AG, the company behind Proton Mail, told 404 Media in an email: “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT. Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law.” Functionally, though, the material was provided to the FBI. “Proton accepts payments via cryptocurrency, cash, and also credit card. If you use a credit card, we do have access to the payment identifier which can be used to identify the credit card holder from the card issuer. We check all legal orders received from Swiss authorities and we understood that a law enforcement officer was shot and explosive devices were involved, and we verified that Swiss legal requirements were met,” he added. The FBI search warrant affidavit does not mention a shooting. Police killed Manuel Paez Terán in January 2023 at a forest protest after they fired a gun at police from inside a tent injuring an officer, records reviewed by The Guardian showed. Before the shooting, police fired pepper balls into their tent, the records showed. @evystadium has more. Read at 404media.co"
13K likes, 659 comments - 404mediaco on March 5, 2026: "Privacy-focused email provider Proton Mail provided Swiss authorities with payment data that the FBI then used to determine who was allegedly behind an anonymous account affiliated with the Stop Cop City movement in Atlanta, according to a court record reviewed by 404 Media. The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties. Edward Shone, head of communications for Proton AG, the company behind Proton Mail, told 404 Media in an email: “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT. Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law.” Functionally, though, the material was provided to the FBI. “Proton accepts payments via cryptocurrency, cash, and also credit card. If you use a credit card, we do have access to the payment identifier which can be used to identify the credit card holder from the card issuer. We check all legal orders received from Swiss authorities and we understood that a law enforcement officer was shot and explosive devices were involved, and we verified that Swiss legal requirements were met,” he added. The FBI search warrant affidavit does not mention a shooting. Police killed Manuel Paez Terán in January 2023 at a forest protest after they fired a gun at police from inside a tent injuring an officer, records reviewed by The Guardian showed. Before the shooting, police fired pepper balls into their tent, the records showed. @evystadium has more. Read at 404media.co".
an "article" about this situation on X https://x.com/DoingFedTime/status/2030108076531995016 that has some information I hadn't seen. I say "article" cause it seems like its def all put together by an AI but regardless has sources I hadn't seen mentioned here
they are actively making security training videos making it look like they are against ICE and on the "our side" but then they are providing no guardrails to the fact that if you pay for any of their products the ways they are advertising, they will give your personal information to the government.
The Tech ICE Uses To Find You
@benjordan made a good video about this situation with actual advice that proton could implement to avoid this situation in the future https://www.instagram.com/p/DVjuTPcEeBE
Benn Jordan 🎛️ on Instagram: "I pay good money for a service to actively help protect my privacy. NOT for a company to brigade journalists covering instances of privacy being compromised."
6,000 likes, 274 comments - bennjordan on March 6, 2026: "I pay good money for a service to actively help protect my privacy. NOT for a company to brigade journalists covering instances of privacy being compromised.".
Semitones@liaizon @benjordan Compare this to Signal, who famously only gives out the date an account was registered, and the last time it was online, since that's all their organization knows about you.
I will have to figure out how to read Instagram comments. https://codeberg.org/proxigram/proxigram/wiki/Instances
@liaizon @benjordan Does any company accept payments this way? (You buy a gift card* with your credit card, that gift card goes into a pool of other gift cards of equal value, and you are entitled to use a random gift card to pay for your subscription. )
* technically a certificate? Idk.
* technically a certificate? Idk.
Jackson Mostoller@liaizon very “pay us so you don’t have to be a security expert—but also, lol you should’ve been a security expert if you actually wanted us to protect you”
Lord Tom Klopf of CZ 
@mostol @liaizon probably Tuta is better but email is just not architected to be anonymous or private. Ultimately you depend on the provider not to screw you over. Or you can run your own email server but that is beyond the technical skills of most folks that need it. And then you’re saying, ‘I’m running a mail server here, come get me’ . IMHO running some kind of messaging service over Tor is the safest option.
The Final Straw Radio@liaizon proton appears less a honeypot than a business that operates in legal jurisdictions under a TOS, required to give info they have to governments during investigations.
Movements and individuals shouldn't consider info they give up safe to such a project (payment info, legal IDs, contact info).
Such concerns require services where anonymous payment is possible or no payment is required
This thread gives some smart challenges to the question of security v useability
https://bsky.app/profile/activistchecklist.org/post/3mgdwg4zn5c2d
Movements and individuals shouldn't consider info they give up safe to such a project (payment info, legal IDs, contact info).
Such concerns require services where anonymous payment is possible or no payment is required
This thread gives some smart challenges to the question of security v useability
https://bsky.app/profile/activistchecklist.org/post/3mgdwg4zn5c2d
ActivistChecklist.org (@activistchecklist.org)
🧵 Today’s news: Proton turned over payment info for a Stop Cop City account. Not good — it's state repression in action. Controversial opinion: We don't think this means all activists should abandon Proton for docs/email. It depends on your threat model. Let's explore. (Long thread incoming 👇) [contains quote post or other embedded content]
Saoirse@thefinalstrawradio @liaizon so what's a good alternative?
@MousyAesthete @liaizon the link I edited in above gives a few options but more importantly suggests threat assessment to guide you to the option that makes the most sense for your needs.
Take away: the tradeoff between ease of use and likely need/threat needs to be balanced out
Take away: the tradeoff between ease of use and likely need/threat needs to be balanced out
@thefinalstrawradio @liaizon thank you. Threat modelling is always the first step when thinking about privacy, and email seems like it's always the wrong tool for the kinds of communications that a hostile state actor would want to get access to. I think what's concerning about Proton (and I say this as a Proton user) is that their marketing has always made or at least implied claims that they can't possibly achieve given the nature of email
@thefinalstrawradio I think you miss what I mean by honey pot. They are advertising themselves as a secure safe place for journalists and activists. If that was actually the case they should not be collecting credit card information that they can be forced to hand over in the first place. I agree in an ideal world that people should know better then to give credit card information linking themselves to such a thing, but that is simply not the world we live in.
@liaizon ah, seeing your point. Yup, not the perfect world and these points need to be repeated
Cassandrich@thefinalstrawradio @liaizon But Proton's CEO is also fash-aligned. From the "wikileaks rapists, drug dealers, csam peddlers, qanon" school of privacy not the "antifascist & anarchist" school of privacy.
wuffel
hipgnose@liaizon I think in this case every email provider would need to comply to local laws and give the same data, right? Because they can't operate with credit card without read access to this data.
I remember Mullvad had nice alternative payment options, but I can't see how a credit card payment would be different there for example, but I don't know if i'm missing something
@hipgnose they advertise themselves as a Security and Privacy product to people who then think it is SAFE for them to give personal data to Proton cause they are a "privacy respecting" email provider. There is ways to make money without collecting peoples credit card info and assigning it to the registered account. This is why projects like https://njal.la exist
shadowwwind@liaizon @hipgnose and they do provide cash and crypto payment options.
They never claimed to provide anonymity
https://proton.me/blog/how-to-send-an-anonymous-email
They never claimed to provide anonymity
https://proton.me/blog/how-to-send-an-anonymous-email
@shadowwwind @hipgnose i'm sorry but thats bullshit, they claim they are the most trusted secure email provider and go on and on about how much you can trust them https://proton.me/mail/security this says absolutely nothing about what they do with your credit card data after they trick you into signing up for a pro account. if they are advertising themselves as trusted by journalists and they they proudly hand over personal data about their users to the feds they are predatory...
@shadowwwind @hipgnose in this page they don't list any alternative payment options, only ones that have KYC
John McChesney-Young@liaizon @shadowwwind @hipgnose They provide instructions on alternate forms of payment here: https://proton.me/support/payment-options. It's unclear to me why they don't show all options to start with, but they do offer them.
@shadowwwind @hipgnose yes they are also a business that has to "follow the law". I would be interested to know what information they do save on their accounts, and I would also be critical of them if they start handing over personal data like proton does and still make the claims they make. they are also very upfront about accepting payment that you can set up not tied to a government name and getting the full thing they offer
Justin@justin I just tried this, and its just loading archive.today in an iframe... why would you want to do that?