Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.
Good to know…
Not good. But not as bad as the headline suggets. It’s about the payment method. And proton offers serveral options:
You can pay for your subscription using Visa, Mastercard, American Express, and PayPal. You can also use Proton gift cards and credits. Once you’ve created your account, you can purchase credits with cash, bank transfers, or Bitcoin.
So buying credits with cash or bitcoin should be the way if you want to stay anonymous. Still it’s a good reminder that you have to control a service if you want it to be save.
Let this be a good reminder that the country that hosts your email service and the treaties/agreements they have are extremely important. A privacy-focused service means little if bad actors can obtain your data anyway via snooping treaties.
How you pay for services like this also matters quite a lot.
Nothing says “privacy focused” like willy nilly handing over data to American 3 letter agencies.
“Willy nilly” when it came from a valid warrant from the Swiss authorities is some crazy lopsided interpretation.
Privacy focused doesn’t mean “doesn’t obey the law.”
Every other privacy focused business will do this, unless they want to get shut down (and then be forced to hand over the data upon shutting down anyway).
Also, the entirety of the “data” was a credit card identifier, which companies are legally required to keep a record of if they handle credit card transactions. Everything else Proton doesn’t have access to and thus couldn’t hand over. They also let you pay by cash or crypto to avoid the necessity of handing over your credit card identifier, so this was just bad opsec on the user’s part.
Acting like you can’t be a privacy-respecting business unless you just break the law is pretty absurd.
true but, we all know there is no law in Murica anymore so, when a Murican agency demmands data and you comply, you are now accessory to whatever garbage the US is pursuing
Some people probably think that Ladar Levison suspended Lavabit, because he accidentally pressed the self-destruction button.
Why are people downvoting you and other responses to this comment?
Are lemmy users actually this oblivious to how the law works?
At request of swiss authorities, nothing they could do (companies must follow the law of the country). The guy just needed to have used the free version or a anonymous way of paying and nothing would have been given.
It isn’t willy nilly: https://proton.me/legal/transparency
