Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Proton Mail has allegedly logged and shared IP address of activist with authorities
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Proton Mail has allegedly logged and shared IP address of activist with authorities

Just a reminder that you are (almost) never really safe if you are trying to stay anonymous.

https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

«13

Comments

  • It is impossible to be anonymous in modern society. If you are born in hospital and registered - game over. To be anonymous is a privilege.

  • JasonMJasonM Member
    edited September 2021

    ProtonMail was NEVER safe and private and anonymous.
    It was just their marketing-gimmick.
    Sad for their paid account holders!

    Thanked by 3Arkas Ympker jh
  • ArkasArkas Moderator

    Another one bites the dust.

  • @JasonM said:
    Proton Mail was NEVER safe and private and anonymous.
    It was just their marketing-gimmick.
    Sad for their paid account holders!

    I, for one, know many people that trusted them (probably) more than they should have.

  • Here is Proton's blog post response: https://protonmail.com/blog/climate-activist-arrest/

    Thanked by 1mrTom
  • ArkasArkas Moderator
    edited September 2021

    BS response. Apparently Swiss law is very flexible. To their defense, they did always say that they are bound by Swiss law, they just didn't explain said country's flexibility in receiving orders from foreign governments.

  • I mean does anyone of you expected anything else if there comes lawful order? They can try to fight them, they can delay, but in the end they must respect the law.

    Thanked by 1mrTom
  • ArkasArkas Moderator

    @JabJab said:
    I mean does anyone of you expected anything else if there comes lawful order? They >can try to fight them, they can delay, but in the end they must respect the law.

    You're absolutely right, it's just that many of us had more faith in Switzerland's 'neutrality' than we should have. Disposable emails as well as Tails are probably the future as far as this is concerned.

    Thanked by 1Xrmaddness
  • JasonMJasonM Member
    edited September 2021

    ProtonMail's entire Terms and Conditions of 50000 words in single sentence (taken from their blog post)

    As a Swiss company, we must follow Swiss laws

    the end.

  • bruh21bruh21 Member, Host Rep
    edited September 2021

    if you think you're actually anonymous with that shit, you're a retard.
    of course they log your shit and of course they will give it away if they have to cover their asses.
    if you want to commit crimes, put more thought into being anonymous. using some meme email service won't protect you if you get in big enough trouble. you need to have multiple layers of anonymity, not just blindly put your trust in some company

  • ArkasArkas Moderator

    @bruh21 said: if you want to commit crimes

    So activism is now a crime? What's next?

  • Guys, what's wrong with all of you? Really. Stop living in fake world of fakes from everywhere. Try to spend a little bit more time and search for the source yourself.

    These news comes from ONE TWITTER MESSAGE, as a SOURCE.
    The source that can ruin reputation of company (any) because some idiot in internet said: "ok, they leak our data, here is a proof, screenshot".

    And boom -> all newspaper -> "The most secure company leaked data of their clients, while they promise to protect it".

    Try to analyze the shit that you eat from display.
    And investigate yourself.

    I can be wrong, but the TechCrunk = bullshit site, with garbage news without any proofs.
    This is not about journalism, this is shithole.

    Sorry for emoation, i tired to live in the world of tons of fakes with a lot of bullshit every single day from anywhere. And when you trying to investigate what exactly happened -> you realize that there were no problem at all, or the problem not so serious like people and newspapers said.

  • skorupionskorupion Member, Host Rep

    @desperand said:
    Guys, what's wrong with all of you? Really. Stop living in fake world of fakes from everywhere. Try to spend a little bit more time and search for the source yourself.

    These news comes from ONE TWITTER MESSAGE, as a SOURCE.
    The source that can ruin reputation of company (any) because some idiot in internet said: "ok, they leak our data, here is a proof, screenshot".

    And boom -> all newspaper -> "The most secure company leaked data of their clients, while they promise to protect it".

    Try to analyze the shit that you eat from display.
    And investigate yourself.

    I can be wrong, but the TechCrunk = bullshit site, with garbage news without any proofs.
    This is not about journalism, this is shithole.

    Sorry for emoation, i tired to live in the world of tons of fakes with a lot of bullshit every single day from anywhere. And when you trying to investigate what exactly happened -> you realize that there were no problem at all, or the problem not so serious like people and newspapers said.

    proton mail has a blog post abt it deam can you read?

  • ArkasArkas Moderator

    This is outside of the Soviet Putin sphere. We in the West enjoy many liberties, and once they get abused, we react...

    Thanked by 1abdurrakib
  • jarjar Patron Provider, Top Host, Veteran

    Their blog post gives interesting context: https://protonmail.com/blog/climate-activist-arrest/

    I can't imagine anyone ever expected them to defy any obligations by Swiss law.

    Thanked by 2MannDude dystopia
  • bruh21bruh21 Member, Host Rep

    @Arkas said:

    @bruh21 said: if you want to commit crimes

    So activism is now a crime? What's next?

    if you want to do shit that will get you arrested then maybe dont rely on some random company to protect you

    Thanked by 2jar bulbasaur
  • ksx4systemksx4system Member
    edited September 2021

    @LTniger said:
    It is impossible to be anonymous in modern society. If you are born in hospital and registered - game over. To be anonymous is a privilege.

    True.

    @Arkas said:

    @bruh21 said: if you want to commit crimes

    So activism is now a crime? What's next?

    Understanding your own freedom (not to vaccinate or holding your money in cash for example).

  • jarjar Patron Provider, Top Host, Veteran
    edited September 2021

    @bruh21 said:

    @Arkas said:

    @bruh21 said: if you want to commit crimes

    So activism is now a crime? What's next?

    if you want to do shit that will get you arrested then maybe dont rely on some random company to protect you

    The expectation that one would expect a company to protect them from their legal obligations is one I've come to view as massively flawed for more than I originally thought. The more I think about Ladar and what he went through with Lavabit, the more I realize it wasn't just himself that got screwed for protecting Snowden. Every other paying customer also had to pay the price for it. So you could argue it's not even just self preservation for the companies, it's also about their obligations to their customers.

    I mean, imagine letting one customer take down all of the rest of your customers. Then imagine being called selfish for not letting it happen. Hell, if you would let it happen there would even be a clear path for a competitor to get you shutdown.

  • @LTniger said:
    It is impossible to be anonymous in modern society. If you are born in hospital and registered - game over. To be anonymous is a privilege.

    The question here, is not to be "Anonymous" that is near impossible.

    You always leave traces, even if you don't leave. One day it will happen and you will be catch. Unless you live in a country with poor skilled police investigators.

    The best way is to make it harder to find, connect, relate with your "eventually" activity, making things harder currently is the best way, misleading pratices and proofs that is what you can be "saved" and considered to be "safe" until a day.

    For example, person who have "warez" website, always should have their disks, computer encrypted and if possible with TAILS, Whoenix etc. Do you think they do it? Most of them no.

    Easy to find logs > No encryption > No Security > No privacy > Caught up.

  • HarambeHarambe Member, Host Rep

    Seems like a reasonable law enforcement request that they legally have to comply with.

    This is just a story of bad opsec by this activist. If they connected over the protonmail .onion site then this story wouldn't have happened, they'd probably even be fine if they connected over some free public wifi.

    Thanked by 3Ympker Erisa MannDude
  • The problem here is ProtonMail saying it promotes anonymity as in "it doesn’t log IP addresses by default" when it actually it logs everything, including activity of an activist.

    F*ck ProtonMail !!!

  • @skorupion said: proton mail has a blog post abt it deam can you read?

    The situation even worst than.
    On the day when the news shoot to news sites over the world does not has any proofs and any source of the information to verify, everyone was point to twitter comment URL. Nothing more. That's why for me everything that sounds like a fake and bullshit.

    But you've show to me even worst thing. I.E. they confirm that they did awful thing, and they confirm that some random internet user unknown in the internet can shoot a twit and break a lot of things because other media will catch the hype-train and will duplicate the news over the internet with light speed.

    This is nightmare in my opinion.
    Because:

    1. random guy in twitter said: "hey, here is screenshot that the company leak personal data to police"
    2. someone found the guy twit and catch it
    3. media used the twit as a source of "investigation"
    4. proton silent for a some time period
    5. after few days proton said: "you know what? That's true"
    6. True that some random guy wrote something in internet, and it's somehow catched by big media. I mean, how? How it can be?
  • MannDudeMannDude Patron Provider, Veteran

    Providers can only share what you're willing to give them.

    Seems strange to use ProtonMail as an activist that'll draw that sort of attention and not use their Onion service or similar.

    Thanked by 2lentro that_guy
  • @default said: The problem here is ProtonMail saying it promotes anonymity as in "it doesn’t log IP addresses by default" when it actually it logs everything, including activity of an activist.

    Yes! that's the exact point. ProntonMail was advertising that they don't log IPs but indeed they log your every move and surrender it when asked (legally by local court).

    Well, after all its a business. The local court can compel them to shut-down/impose fines on contempt of court order so they have to oblige. Which company on the earth will fight for their customer when their own as* is on the fire? the answer is None.

    @MannDude said: Providers can only share what you're willing to give them.

    agree with this. The user should have used anonymous VPS/TOR/onion etc. one man's loss is another man's gain - so users are now educated that oh yeah, use onion/TOR to use so called anonymous email/hosting/whatever services.

  • @default said:
    The problem here is ProtonMail saying it promotes anonymity as in "it doesn’t log IP addresses by default" when it actually it logs everything, including activity of an activist.

    "by default."

  • jenkkijenkki Member
    edited September 2021

    Jail will not being cancelled for these owners. They must respond for illegal activity on their hosting.

  • DataRecoveryDataRecovery Member
    edited September 2021

    @Arkas said:
    We in the West enjoy many liberties, and once they get abused, we react...

    Fixed this for you:

    We in the West delusively believe that we enjoy many liberties, and once they get abused, we start writing whining posts on facebook and twitter (*) ...

    (*) - But not too whining, as otherwise they won't fit our Community Standards, resulting in our posts being deleted and our accounts blocked.

  • BlaZeBlaZe Member, Host Rep

    People really thought a company would fight on their behalf - to not give out their personal info when requested by an authority via court? LOL

    If such a thing exists, please let the founders of popular torrent/warez sites know about it, lol.

    Get real guys, no company will fight for you with the authorities. It takes just 1 court warrant/order (with proper evidence & alleged reason of course) to make the company talk like a parrot.

  • M66BM66B Veteran
    edited September 2021

    @BlaZe said:
    People really thought a company would fight on their behalf - to not give out their personal info when requested by an authority via court? LOL

    If such a thing exists, please let the founders of popular torrent/warez sites know about it, lol.

    Get real guys, no company will fight for you with the authorities. It takes just 1 court warrant/order (with proper evidence & alleged reason of course) to make the company talk like a parrot.

    Shouldn't that be sing like a canary ;-)

    https://en.wikipedia.org/wiki/Warrant_canary

  • jsgjsg Member, Resident Benchmarker

    @default said:
    The problem here is ProtonMail saying it promotes anonymity as in "it doesn’t log IP addresses by default" when it actually it logs everything, including activity of an activist.

    F*ck ProtonMail !!!

    No. As far as I know that's wrong. The situation seems to be that ProtonMail normally "does not log" [1] but must log and hand to LEA when asked via legal means (like a court order) by the authorities.

    As must do every company in pretty much every country.

    The relevant point are in the details. E.g. [1] ("does not log"): That's obviously BS. It would be irresponsible if they really didn't log at all. There are diverse reasons to log, no matter what kind of service or company. Two such reasons are evident: logging and analyzing the logs is a necessary part of system administration and maintenance and logging also is a valuable tool in terms of defense against attacks.

    So what "does not log" usually actually means is something to the effect of "does not log needlessly and deletes logged information as early as possible. Also does not link log info like e.g. IPs to service or user data - unless forced to do so by court order".

    And I presume that a relatively tight version of that was and is how ProtonMail did/does it. Which basically translates to "our users/customers are not tracked" but obviously with some unavoidable small print.

    As for the swiss laws maybe someone from there can provide a more detailed and correct explanation than I can, but from what I know the true root of the problem is that Switzerland did have ample and strong laws (and attitude) wrt. citizens rights and confidentiality. But that changed when certain powers (like in particular the USA and EU) pressured the swiss government and authorities and what once was a solid block of cheese step by step turned into block with ever more and larger holes ... politsters call that "harmonization" (towards the worse).
    Nowadays, so my impression, the storys about the oh so secret and discrete swiss companies is largely a fairy tale.

    TL;DR Forget it, there is no such thing as privacy and confidentiality anymore, and certainly not on the internet. But a few companies around the globe still try to do their best within an ever tighter legal frame. I'll keep my ProtonMail account. While they obviously have to bend over too when push comes to shove they at least invested lots of efforts to keep their users/customers as safe as they can.

    Thanked by 3rick2610 Arkas that_guy
Sign In or Register to comment.