not_IOlet's kill proton mail
stoyI saw a post about this earlier, it is a nothingburger.
The user in question paid for his account with a personal credit card, he didn’t use an anonymous payment alternative which are available.
Proton has stated that they will comply with law enforcement requests, but are working to maintain as few logs as possible.
This is an opsec failure on the user’s side.
This is not Proton handing IDs of their customers to the government on a silver platter, this is their customer not understanding the service they use.
People shouldnt need to think about opsec to have private emails. False advertising on Protonmails part, and government policy issue in the countries in question.
Arguing about what people should or should not have to do is pointless.
It changes nothing and removes the debate from being practical to being theoretical.
It’s not theoretical. Protonmail should not have handed over the personal data for victims of political persecution.
They clearly give you options to avoid this scenario, this is not on Proton, this is simply an opsec fail of the user.
Don’t get me wrong, opsec is hard, exhausting and just annoying, it needs discipline and constant focus, you only need to fail once for it to be ineffective.
The customer signed up for Proton, but didn’t follow their guidelines for anonymity, that is not a failure of proton, it is a failure of the user.
Maybe they’ve changed the website, but when I started using Proton, they never gave me any warning about paying with a credit card.
And that is why you would have failed at opsec.
You can’t demand warnings about stuff like that all the time, YOU need to teach yourself these things.
You can’t rely on anyone else for your own opsec.
That is the entire argument here.
The guy should have read up on protecting his anonymity before he started his activities.
Opsec fails have brought down many, many people.
From darknet site owners, to government agency operations, to countries at war and more.
Opsec sounds easy at first, but it is extremely difficult, and you can’t rely on anyone else doing your job for you.
You need to develop OCD like habits, you need to understand why they are needed, and what you are giving away when breaking them.
You imply that a warning would have prevented the guy from using his credit card, I don’t think it would have made any difference, the guy would either not understand at all, or just ignore it
Unless he intuitively understood that Proton was required to retain cc numbers for X years, and that these cc numbers were tied to a specific transaction, his account and his identity, I just don’t see him taking a warning serious.
This is the real world, it isn’t fair, it doesn’t care, you need to care about this for your self preservation.