New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Proton Mail has allegedly logged and shared IP address of activist with authorities
Just a reminder that you are (almost) never really safe if you are trying to stay anonymous.
Comments
It is impossible to be anonymous in modern society. If you are born in hospital and registered - game over. To be anonymous is a privilege.
ProtonMail was NEVER safe and private and anonymous.
It was just their marketing-gimmick.
Sad for their paid account holders!
Another one bites the dust.
I, for one, know many people that trusted them (probably) more than they should have.
Here is Proton's blog post response: https://protonmail.com/blog/climate-activist-arrest/
BS response. Apparently Swiss law is very flexible. To their defense, they did always say that they are bound by Swiss law, they just didn't explain said country's flexibility in receiving orders from foreign governments.
I mean does anyone of you expected anything else if there comes lawful order? They can try to fight them, they can delay, but in the end they must respect the law.
You're absolutely right, it's just that many of us had more faith in Switzerland's 'neutrality' than we should have. Disposable emails as well as Tails are probably the future as far as this is concerned.
ProtonMail's entire Terms and Conditions of 50000 words in single sentence (taken from their blog post)
As a Swiss company, we must follow Swiss laws
the end.
if you think you're actually anonymous with that shit, you're a retard.
of course they log your shit and of course they will give it away if they have to cover their asses.
if you want to commit crimes, put more thought into being anonymous. using some meme email service won't protect you if you get in big enough trouble. you need to have multiple layers of anonymity, not just blindly put your trust in some company
So activism is now a crime? What's next?
Guys, what's wrong with all of you? Really. Stop living in fake world of fakes from everywhere. Try to spend a little bit more time and search for the source yourself.
These news comes from ONE TWITTER MESSAGE, as a SOURCE.
The source that can ruin reputation of company (any) because some idiot in internet said: "ok, they leak our data, here is a proof, screenshot".
And boom -> all newspaper -> "The most secure company leaked data of their clients, while they promise to protect it".
Try to analyze the shit that you eat from display.
And investigate yourself.
I can be wrong, but the TechCrunk = bullshit site, with garbage news without any proofs.
This is not about journalism, this is shithole.
Sorry for emoation, i tired to live in the world of tons of fakes with a lot of bullshit every single day from anywhere. And when you trying to investigate what exactly happened -> you realize that there were no problem at all, or the problem not so serious like people and newspapers said.
proton mail has a blog post abt it deam can you read?
This is outside of the Soviet Putin sphere. We in the West enjoy many liberties, and once they get abused, we react...
Their blog post gives interesting context: https://protonmail.com/blog/climate-activist-arrest/
I can't imagine anyone ever expected them to defy any obligations by Swiss law.
if you want to do shit that will get you arrested then maybe dont rely on some random company to protect you
True.
Understanding your own freedom (not to vaccinate or holding your money in cash for example).
The expectation that one would expect a company to protect them from their legal obligations is one I've come to view as massively flawed for more than I originally thought. The more I think about Ladar and what he went through with Lavabit, the more I realize it wasn't just himself that got screwed for protecting Snowden. Every other paying customer also had to pay the price for it. So you could argue it's not even just self preservation for the companies, it's also about their obligations to their customers.
I mean, imagine letting one customer take down all of the rest of your customers. Then imagine being called selfish for not letting it happen. Hell, if you would let it happen there would even be a clear path for a competitor to get you shutdown.
The question here, is not to be "Anonymous" that is near impossible.
You always leave traces, even if you don't leave. One day it will happen and you will be catch. Unless you live in a country with poor skilled police investigators.
The best way is to make it harder to find, connect, relate with your "eventually" activity, making things harder currently is the best way, misleading pratices and proofs that is what you can be "saved" and considered to be "safe" until a day.
For example, person who have "warez" website, always should have their disks, computer encrypted and if possible with TAILS, Whoenix etc. Do you think they do it? Most of them no.
Easy to find logs > No encryption > No Security > No privacy > Caught up.
Seems like a reasonable law enforcement request that they legally have to comply with.
This is just a story of bad opsec by this activist. If they connected over the protonmail .onion site then this story wouldn't have happened, they'd probably even be fine if they connected over some free public wifi.
The problem here is ProtonMail saying it promotes anonymity as in "it doesn’t log IP addresses by default" when it actually it logs everything, including activity of an activist.
F*ck ProtonMail !!!
The situation even worst than.
On the day when the news shoot to news sites over the world does not has any proofs and any source of the information to verify, everyone was point to twitter comment URL. Nothing more. That's why for me everything that sounds like a fake and bullshit.
But you've show to me even worst thing. I.E. they confirm that they did awful thing, and they confirm that some random internet user unknown in the internet can shoot a twit and break a lot of things because other media will catch the hype-train and will duplicate the news over the internet with light speed.
This is nightmare in my opinion.
Because:
Providers can only share what you're willing to give them.
Seems strange to use ProtonMail as an activist that'll draw that sort of attention and not use their Onion service or similar.
Yes! that's the exact point. ProntonMail was advertising that they don't log IPs but indeed they log your every move and surrender it when asked (legally by local court).
Well, after all its a business. The local court can compel them to shut-down/impose fines on contempt of court order so they have to oblige. Which company on the earth will fight for their customer when their own as* is on the fire? the answer is None.
agree with this. The user should have used anonymous VPS/TOR/onion etc. one man's loss is another man's gain - so users are now educated that oh yeah, use onion/TOR to use so called anonymous email/hosting/whatever services.
"by default."
Jail will not being cancelled for these owners. They must respond for illegal activity on their hosting.
Fixed this for you:
We in the West delusively believe that we enjoy many liberties, and once they get abused, we start writing whining posts on facebook and twitter (*) ...
(*) - But not too whining, as otherwise they won't fit our Community Standards, resulting in our posts being deleted and our accounts blocked.
People really thought a company would fight on their behalf - to not give out their personal info when requested by an authority via court? LOL
If such a thing exists, please let the founders of popular torrent/warez sites know about it, lol.
Get real guys, no company will fight for you with the authorities. It takes just 1 court warrant/order (with proper evidence & alleged reason of course) to make the company talk like a parrot.
Shouldn't that be sing like a canary ;-)
https://en.wikipedia.org/wiki/Warrant_canary
No. As far as I know that's wrong. The situation seems to be that ProtonMail normally "does not log" [1] but must log and hand to LEA when asked via legal means (like a court order) by the authorities.
As must do every company in pretty much every country.
The relevant point are in the details. E.g. [1] ("does not log"): That's obviously BS. It would be irresponsible if they really didn't log at all. There are diverse reasons to log, no matter what kind of service or company. Two such reasons are evident: logging and analyzing the logs is a necessary part of system administration and maintenance and logging also is a valuable tool in terms of defense against attacks.
So what "does not log" usually actually means is something to the effect of "does not log needlessly and deletes logged information as early as possible. Also does not link log info like e.g. IPs to service or user data - unless forced to do so by court order".
And I presume that a relatively tight version of that was and is how ProtonMail did/does it. Which basically translates to "our users/customers are not tracked" but obviously with some unavoidable small print.
As for the swiss laws maybe someone from there can provide a more detailed and correct explanation than I can, but from what I know the true root of the problem is that Switzerland did have ample and strong laws (and attitude) wrt. citizens rights and confidentiality. But that changed when certain powers (like in particular the USA and EU) pressured the swiss government and authorities and what once was a solid block of cheese step by step turned into block with ever more and larger holes ... politsters call that "harmonization" (towards the worse).
Nowadays, so my impression, the storys about the oh so secret and discrete swiss companies is largely a fairy tale.
TL;DR Forget it, there is no such thing as privacy and confidentiality anymore, and certainly not on the internet. But a few companies around the globe still try to do their best within an ever tighter legal frame. I'll keep my ProtonMail account. While they obviously have to bend over too when push comes to shove they at least invested lots of efforts to keep their users/customers as safe as they can.