A lot of people talking about dumping Proton right now are misunderstanding what actually happened.

Feds were able to coerce the Swiss government to coerce Proton to hand over whatever data they had on an anonymous Stop Cop City email address, that was being investigated for terrorism.

That metadata included credit card details information for the account, which is very difficult to anonymize.

Proton offers cash payments to work around this obvious security flaw.

If you must pay for a Proton account for a radical project, pay with cash (you can mail it) or washed crypto (Monero -> Bitcoin).

All credit card payments are traceable, even to a privacy-focused company.

Your security model should not rely on a business to fight the state on your behalf.

Your email or VPN provider is not going to risk prison time for your $5/mo. It's just not going to happen, at least for anything commercial. Tuta and every other email privacy-focused email company will comply with court orders.

Trying to find the perfect email provider is a fool's errand. It doesn't exist.

You can however anonymize your useage of privacy friendly services like Proton, Tuta, or Mailbox by not entering your credit card number, phone number, name, personal email, or IP to that account.

RE: https://hachyderm.io/@evacide/116178700239265110

hot take: @protonprivacy didn’t fail you. YOUR OPSEC failed you.

encryption ≠ anonymity. these are not the same thing and never have been.

Proton did exactly what they said they’d do - encrypted your emails and complied with lawful Swiss legal orders. that’s the whole deal. that’s what you signed up for.

the credit card you used to pay for your “anonymous” account was never part of the encryption. that was always traceable. that was always a liability.

and here’s the kicker - Proton literally accepts Monero and cash. they gave you the tools. you chose the Visa.

#infosec #opsec #privacy #ProtonMail #threatmodeling #monero​​​​​​​​​​​​​​​​

PSA: @signalapp remains the most secure, privacy-preserving general purpose IM app safely and easily usable by non-techies.

👉 Don't let some randos on social media convince you otherwise.

If your very specific information security requirements meant you'd need to be using some other tool, you would have already known that, and would not be taking advice from social media posts. 👀

Vegetables are healthier than red meat.
Vaccines work and are safe.
Signal is secure.

#InfoSec #Signal

🔗 The 4 apps that actually respect privacy:

1. Drip - Open source, zero tracking
2. Euki - Built by Women Help Women (iOS)
3. Periodical - Open source (Android)
4. Cicle - E2EE, works offline (Android)

Use any of these. Just stop using Flo/Clue.

Boost this. People need to know.

#Privacy #ZeroKnowledge #CyberSecurity #DataPrivacy #ReproductiveRights #Women