🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉

Proton Mail's payment data aided the FBI in unmasking an anonymous "Stop Cop City" protester's identity, per court docs. 🔍Swiss authorities shared the credit card details after a legal order—highlighting privacy limits despite end-to-end encryption. Proton stresses anonymous payment options like crypto or cash to avoid traces. 📧⚖️ https://cyberinsider.com/proton-mail-payment-data-helped-fbi-identify-stop-cop-city-account-holder/ #ProtonMail #Privacy #StopCopCity #Newz

Moral of the story don't be an idiot, use tor when using Proton for activism & don't rely on their🔑1/4

Proton Mail payment data helped FBI identify ‘Stop Cop City’ account holder

Privacy-focused email provider Proton Mail supplied payment-related subscriber data to Swiss authorities that was later shared with the FBI.

CyberInsider
Mar 6 at 6:28pmWeb
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Mar 6
2/4 #protonmail quote "Use Tor for anonymous access
There is a difference between security/privacy, and anonymity. As we wrote in our public threat model (published back in 2014), “The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as Proton Mail can be legally compelled to log your IP address.” This cannot be changed due to how the internet works. However…
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Mar 6

3/4 "…we understand this is concerning for individuals with certain threat models, which is why since 2017, we also provide an onion site for anonymous access (we are one of the only email providers that supports this). " source:

https://proton.me/blog/climate-activist-arrest

And for communication between each other, use either Signal or Molly (Android only) https://molly.im/

Important clarifications regarding arrest of climate activist | Proton

We would like to provide important clarifications regarding the case of the climate activist who was arrested by French police.

Proton
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Mar 6

4/4 Set your number to invisible so that no one can get ahold of it. Set an individual nickname which you delete after establishing contact, then create a new one.

Go to Settings > Privacy > Phone Number.

Set Who can see my number to Nobody (hides it from everyone except saved contacts). Set Who can find me by my number to Nobody (prevents lookups via your number). Both Nobody

Use a Username Instead

In Settings > Profile > Username, create a unique username (e.g., yourname.1234).

Show threadAlexa FontanillaMar 6
@nemo
#PosrOfTheWeek (season 3):
Privacy-focused email provider Proton Mail provided Swiss authorities with payment data that the FBI then used to determine who was allegedly behind an anonymous account affiliated with the Stop Cop City movement in Atlanta, according to a court record reviewed by 404 Media.
Show threadAlexa FontanillaMar 6
@nemo
The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties. In this case, the Proton Mail account was affiliated with the Defend the Atlanta Forest (DTAF) group and Stop Cop City movement in Atlanta, which authorities were investigating for their connection to arson, vandalism and doxing.
Show threadAlexa FontanillaMar 6
@nemo
Broadly, members were protesting the building of a large police training center next to the Intrenchment Creek Park in Atlanta, and actions also included camping in the forest and lawsuits. Charges against more than 60 people have since been dropped.
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Mar 6
@AlexaFontanilla2024 Wouldn't have happened with me 🤷
Show threadಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)Mar 6

@nemo ...this had nothing to do with their encryption or security, though. This person paid for a Proton Mail account (even though there is a free tier) *with their own credit card*. Who does that and still expects to be anonymous?

(1) A free Proton account was likely *more than enough*.
(2) If they really needed a paid account, they should have paid with cash.

None of this reflects badly on Proton, who gave the minimum information when compelled.

Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Mar 6

@chiraag Yeah, exactly 💯 I was also like… hmm, do they offer Monero? Nope… but they do offer a free account when used with Tor only… and with a second strong PGP key one could still use it as a literal mailbox. I would highly recommend using Signal primarily for important stuff — their encryption is bulletproof. But not interception-proof, as seen in cases where agents infiltrated Signal groups.

https://www.independent.co.uk/news/world/americas/us-politics/fbi-signal-immigration-new-york-ice-agents-b2870049.html

This wasn't due to a hack, but rather infiltration.

FBI hacked into Signal group chats of immigration activists who watched court proceedings in New York, report says

The FBI allegedly described the activists, who observe court cases to ensure good legal practices, as ‘anarchist violent extremist actors’

The Independent
Show threadಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)Mar 6
@nemo Yeah...that just speaks to not enough vetting (and moles are nothing new anyway).
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Mar 6

@chiraag Humans always are the weakest link everywhere. 🤷

https://xkcd.com/538/

Security

xkcd
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Mar 6

@chiraag I know 💯 💡 ✅ "None of this reflects badly on Proton, who gave the minimum information when compelled."

I don't diss Proton they are awesome and I love their services ❤️ 💚 🙏