New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Proton removed a cluster of accounts after CERT request
johnnyquestion
Member
in Providers
"With Proton, your data belongs to you, not tech companies, governments, or hackers"
The "privacy company" Proton just removed a cluster of accounts after being notified by CERT.
https://x.com/ProtonPrivacy/status/1965701997304103394
"We were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.
Our team is now reviewing these cases individually to determine if any can be restored."
Comments
our data belongs to @allthemtings
Proton has become dogshit. You can by no means take what they claim to stand for at face value anymore (if you ever did, which is very questionable).
https://discuss.privacyguides.net/t/proton-deletes-account-of-a-journalist-doing-responsible-disclosure-to-the-south-korean-government/30920
People also forget about Swiss surveillance laws, due to which all non-SMTPS emails sent through Proton are automatically in the hands of their government, but sure the mailbox may be encrypted at rest.
Well they had a great marketing team.
To be fair, if you subscribe to a mail service offering encryption but then don't use it, whose fault is that?
Response from Proton.
Touché. I only pointed this out because it makes all the Switzerland marketing look misleading. Switzerland is presented as some kind of safe haven by them which it really is not. Even with SMTPS, plenty of metadata is available in real-time to draw conclusions.
Unrelated: A while ago, I signed up for a service using my Proton email address. After hitting a rate limit, I just made another account with an alias email address. Proton quickly detected this, informed me it is against their ToS and will lead to account termination if sustained.
This was the point everything I have ever seen in Proton has fallen apart all at once.
But that's a pretty normal use of aliases..?
Proton isn't a safe place now.
We need a proton refugee thread now.
Hi,
i am sorry, but if CERT knows that "[email protected]" is used by hackers ( because this address was published by the encrypters ) then how exactly is proton violating their advertisement?
I mean its not like they are giving any data in such a scenario, so they stay to their word.
Whats for me much more interesting is the question why they disable services and AFTER that, they are actually starting to review the cases.
Has CERT any real legal power in switzerland? So that proton has to obey after they have been "alerted"? Does not sound like a court order to me. So why do they shut down services just like that?
And even worst... shutting them down just to re enable some after their review...
For me thats showing a lack of reliability of the service ( which is worst enough anyway ) and not a violation of their own advertisement where the data belong to the account owner.
A host has users around the world. Mostly the rights to handle an issue comming from courts where the issue was exposed.
Some rights are handled by EU courts or american or whatever and have an agreement with swiss government.
How does Proton review the cases to see if all or some of the accounts indeed violated their TOS or not, considering the mailboxes are encrypted?
The same way they could tell I was signing up to a service twice using an alias on my Proton account (this was hours apart): they collect and analyze more data than people think and than they should.
Alternatively, they may have rolled a dice and lied about investigating anything.
Give it another year and Proton will probably intercept emails on request. They will tell people "oh we grew too big so we became subject to law xyz". They are not someone to be trusted, the CryptoAG vibes are too strong.
My view: Anyone who blindly trusted their promises (marketing) was an idiot in the first place. That is not to say that they didn't mean well and probably even to some degree did what they promised; I think they actually are one of the better mailbox providers.
I'm having a free mailbox from them since years and was and am happy with it. Not too much spam (from them), it works reliably and fine - and again, it's free.
BUT I never considered them/my mailbox there as somehow more safe and trustworthy than any other, nor btw. did or do I trust their "zero access policy/architecture". Maybe, just maybe and even then only to a limited degree I'd expect them to be largely trustworthy if I had a paid account, which btw. aren't exactly cheap.
TL;DR IMO there was and is too much hype about their "safety" and now there is too much hype about them bending to CERT or whoever.
hello any no-CERT email provider $7/yr?
China, ru, Iran. Plenty.
There was a follow-up from Proton on Reddit:
Hence why you don't use mail provider native domain for something you'd consider important. Have more control, use own domain for portability. Though some tld might have similar tos, no "hacktivism" but I reckon something like .ru or .ir or .cn wouldn't care.