Post got deleted, posts removed…

    • _cryptagion@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      41
      ·
      7 hours ago

      They gave meta information like IP to the government in Switzerland, where they are based, after the government forced them to with a court order. Not the encrypted mail, mind you, because they can’t do that, just the additional information they have on a user like email and IP.

      Because of that, a lot of redditers on r/privacy think they spy on their users for the US government. It’s a stretch, yes, but you have to remember they take turns using the one brain they collectively have.

      • AnAmericanPotato@programming.dev
        link
        fedilink
        English
        arrow-up
        11
        ·
        5 hours ago

        Not the encrypted mail, mind you, because they can’t do that

        Just want to point out for anyone new that ProtonMail does not use E2EE for email headers. That means they CAN access your subject lines, to/from fields, and other email headers. That means they CAN be forced to hand it over to the government.

        Source: https://proton.me/support/proton-mail-encryption-explained

        Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.

        Personally I am disappointed in a lot of Proton’s wording about this. They frequently promise they can’t access “your data” and “your messages” when they do, in fact, store potentially sensitive data in a format they CAN access.

      • Sundial@lemm.ee
        link
        fedilink
        arrow-up
        14
        ·
        7 hours ago

        Yeah I agree, sounds a bit excessive. If that’s correct, it doesn’t sound like they’re reading your data and at the end of the day they have to comply with things like warrants. Thanks for the clarification.

        • underwire212@lemm.ee
          link
          fedilink
          arrow-up
          8
          ·
          6 hours ago

          It is all also very clearly stated in the information they must collect in order to provide their service. There should’ve been no surprises here, as you must assume that scenarios like these will happen eventually.

      • EngineerGaming@feddit.nl
        link
        fedilink
        arrow-up
        2
        ·
        5 hours ago

        I guess the issue here is overselling the safety of the service. Wouldn’t rely on them encrypting the mail for you, for example. It’s probably fine if you treat it just like you would any other email service - assuming you’re fine with being unable to use a mail client at all on the free plan and using it in a weird roundabout way on the paid plans.

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          4
          ·
          5 hours ago

          the issue is that they can’t defy the law without shutting down and going into jail. proton has given the tool the activist would have needed to protect themselves: the service has an official onion site, which would have made IP collection impossible, and they could have just said they can’t know it

          • EngineerGaming@feddit.nl
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            4 hours ago

            Yes, that was exactly my point. You would not treat any mail service like they would cover you during your unprotected use, and Proton is not an exception. So I don’t understand why people are taking issue with them cooperating with LE - but I take issue with some other qualities.

      • SeekPie@lemm.ee
        link
        fedilink
        arrow-up
        5
        ·
        6 hours ago

        If all they have on you is your optional backup email and your IP, I think they’re doing pretty well in the no data-collecting part?

        • _cryptagion@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 hours ago

          Well, you don’t even need to provide an email or phone number when you sign up, so if you access the site via their onion address every time, they would have no information on you at all.

    • Batadon@lemm.ee
      link
      fedilink
      arrow-up
      4
      ·
      7 hours ago

      I don’t think OP was trying to say Proton Mail is bad or insecure. Rather the opposite.

    • drkt@scribe.disroot.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 hours ago

      Privacy wise? Probably nothing. The company engages in shitty behavior, though, and will try to upsell you even if you’re a paying costumer. I switched to Tuta because of that, and then Tuta started doing all the same bs…