Please start reading what I write about ProtonMail and VPNs.
https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/
May 6, 2024 By Alex Lekander
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
This case is particularly noteworthy because it involves a series of requests across different jurisdictions and companies, highlighting the complex interplay between technology firms, user privacy, and law enforcement. The requests were made under the guise of anti-terrorism laws, despite the primary activities of the Democratic Tsunami involving protests and roadblocks, which raises questions about the proportionality and justification of such measures.
Like before, Proton Mail’s compliance with these requests is bound by Swiss law, which mandates cooperation with international legal demands that are formalized through proper channels (Swiss court system).
Last year, when we noted that Proton Mail complied with nearly 6,000 data requests in 2022, Proton provided us with an explanation that inbox contents remain secure.
Stop looking for that "secure email host". It doesn't exist. Unless you are running it yourself.
For all you people doing Direct Deals with people who do not use PGP, please let this be an eye-opener.
/u/Majesticdank · N/A votes · 7th May, 2024 - 03:57 · Link
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual. PSA: Email providers HAVE to respond to lawful requests or shut their service down. 2 options. That's it. This is a case of bad OPSEC. They did NOT give LE the guys password or PGP key. They contacted Apple (I assume he had an icloud email linked at setup for spam verification which is a noob but very common mistake but they make it hard not to provide email or phone number and we're not all zero cool). Then LE contacted Apple to get more information on the link of the guy (timestamps etc, contacts, list is endless at this point). In the US this may have only gotten him watched. Spanish courts fucked him. He probably also used the protonmail app on either his mac or his iPhone, probably thinking "Apple is priv8 br0, and iCloud Private Relay, it's lttrly in the name bro" and Proton complied (alternate option: shutter operations of a profitable, well-respectable business.) Let this be a lesson. Login ONE TIME on the phone app, desktop app, or give them ONE PIECE of identifiable information like real email or phone, you've burned that email and it's only a matter of time. Think proton has a 6 month data retention policy. VPN might be designed in a way that doesn't require username, idk, but I don't trust it.
/u/HeadJanitor · N/A votes · 7th May, 2024 - 04:54 · Link
The matter is that ProtonMail is the Darknet Industry Standard on selling the ideology of "protecting and securing your emails". When, in fact, they are like any other host. They're just the Gmail of the Darknet. If advertisement is deception they've mastered selling to the crowds. "Email that puts your security first Our top priority is keeping your data safe."
/u/AnonymousAddict00 · N/A votes · 7th May, 2024 - 07:41 · Link
Last I remember (Unless something has changed) The VPN asks for your Email or Username and Password.
/u/2222222222222 · N/A votes · 7th May, 2024 - 15:52 · Link
Not sure I'd call them "the x of the darknet", they're one of the largest email providers on the planet. Nothing about their service is actually hidden or suggests it could be outside of law enforcement/nat sec ghouls' intervention. They offer Tor hidden services mainly for people who want to sign up entirely via Tor and understand the threat model if they should ever happen to connect the protomail account to anything real and traceable, like an iPhone. Even Facebook has an onion, and Shitter did too before Musk was forced to buy it after signing the wrong paperwork while high on his handler's drugs.
/u/DrugHub · N/A votes · 7th May, 2024 - 16:46 · Link
Proton is a legit business therefore they have to comply otherwise they may have their domains and infrastructure seized or even be charged. If one really needs to use Proton they should: - Access only via Tor. - Encrypt everything themselves. I for one don't trust their e2ee implementation, I'm sure they can sabotage it if compelled to do so. They can still hand over a ton of metadata like access times, message times, who is talking to who, browser fingerprints and who knows what else they may collect. This goes for any legit service provider no matter how private they claim to be. PS: When you see a Swiss law enforcement agency on a seizure banner I'm sure it's mostly about Proton.
/u/Amphora · N/A votes · 7th May, 2024 - 19:05 · Link
Pretty good summary overall. Can't help but agree. If you're smart enough to use it anonymously you won't have troubles.
/u/Moitoza · N/A votes · 7th May, 2024 - 03:01 · Link
Still better than most email providers. But yeah, don't do anything illegal on there, don't do any activism on there, etc.
/u/HeadJanitor · N/A votes · 7th May, 2024 - 03:37 · Link
And this is the email that brands itself on "protecting and securing" you. Try Tutanota/Tuta or MailFence and encrypt everything.
/u/tordotwatch · N/A votes · 7th May, 2024 - 10:32 · Link
Ain't better. Actually proton worst then averages providers. At least they are not acting.
/u/AnonymousAddict00 · N/A votes · 7th May, 2024 - 07:34 · Link
Agreed! Tutanota(TutaMail) Is What I've been using as My Main for Awhile. Ive been hearing off and on for awhile now from several different Places Warning's about Proton. Always ALWAYS Encrypt ! Its just a MUST nowaday's for damn near everything!
/u/Mandarin · N/A votes · 7th May, 2024 - 16:56 · Link
Yep, sure, Google is scanning every piece of your emails, profiling you and selling your interests, it's surely better lmao. Retard monkey. Please, tell me where Proton claimed that they will cover your ass and refuse to cooperate with the police? I would really fucking love to see it.
/u/tordotwatch · N/A votes · 7th May, 2024 - 19:29 · Link
Your behavior says everything about your intellectual abilities. Google is scanning emails. Yes they do, Protonmail scanning emails too. Are they profiling? They sell? I don't know and neither do you! Most large companies do it, even if not publicly.
/u/Mandarin · N/A votes · 7th May, 2024 - 19:56 · Link
[removed]
/u/Mandarin · N/A votes · 7th May, 2024 - 19:58 · Link
Yes,you don't fucking now, yet you are calling Proton worse than the average providers. It really tells a lot about your intellectual abilities too :) Retard monkey.
/u/Kwik-go · N/A votes · 7th May, 2024 - 03:25 · Link
Use canary ffs
/u/AncientIdai · N/A votes · 7th May, 2024 - 12:40 · Link
fuck you mean "use canary"
/u/samwhiskey · N/A votes · 7th May, 2024 - 15:59 · Link
He meant used canary. Couldn't afford a new one.
/u/put1nw0rk · N/A votes · 7th May, 2024 - 03:30 · Link
[removed]
/u/HeadJanitor · N/A votes · 7th May, 2024 - 03:38 · Link
No corporation wants compliance trouble. They simply comply. Keep the shareholders happy.
/u/porkypig · N/A votes · 7th May, 2024 - 04:08 · Link
I only use them because of the other services they provide, and pretty cheap and stable to be honest. I assume no right to privacy nor would EVER communicate with anyone from this arena. Even if you use PGP folks could associate a P2P exchange with someone.
/u/BenzoBros · N/A votes · 7th May, 2024 - 05:08 · Link
I'm thinking of getting rid of my tutanota subscription simply because why
/u/HeadJanitor · N/A votes · 7th May, 2024 - 06:34 · Link
Exactly. Emails are disposable.
/u/Octopus · N/A votes · 7th May, 2024 - 05:15 · Link
Stop looking for that "secure email host". It doesn't exist. Unless you are running it yourself. This.
/u/HeadJanitor · N/A votes · 7th May, 2024 - 06:34 · Link
If /u/Octopus said it, then it holds truth!
/u/Octopus · N/A votes · 7th May, 2024 - 06:40 · Link
Appreciate you, brother
/u/miner21 · N/A votes · 7th May, 2024 - 06:41 · Link
I was semi aware proton mail had issues, but I appreciate the clarity on how easily your info can be given up by them. So if we dont personally encrypt our emails, they can be up for grabs by LE?
/u/Mandarin · N/A votes · 7th May, 2024 - 17:10 · Link
Decryption did not happen in this case, but yes, echnically it would be possibly since they control the infrastructure. They could just record the email when the server receives / sends it since emails are unencrypted. They could also steal your PGP key used to encrypt your past emails the same way Hushmail did it (Hushmail: /post/1620379b7db75de94beb/#c-5f9db5cc5923635643 ). You could counter the last problem by not using the webmail, but Proton Bridge / Hydroxide with Thunderbird. Of course only if they are honest about encrypting your PGP key with your password and not having a cleartext copy in a text file called IAmASlaveForNSA.txt.
/u/CinCan · N/A votes · 7th May, 2024 - 08:45 · Link
/u/HeadJanitor Do I understand this correctly that an e-mail first became of interest of LEA, they requested the information and that lead to an arrest of a person?
/u/Mandarin · N/A votes · 7th May, 2024 - 17:12 · Link
Yes, because the guy was retarded enough to use an icloud email that could be connected to his real identity.
/u/Exoduz · N/A votes · 7th May, 2024 - 11:00 · Link
Thanks for posting this! I'm not feeling this at all. Really sucks. Granted, I make sure me and my crew always use PGP for anything op related regardless of how deep or torrified I am, regardless of the sites credibility, etc, for exactly this reasons. I even PGP some session messages and/or matrix. This really sucks to hear though.
/u/ChiKong · N/A votes · 7th May, 2024 - 13:12 · Link
That is why I create totally anonymous accounts on proton. completely untraceable = peace of mind while being naughty. At once I actually thought I could sell them :D
/u/yeikodraik97 · N/A votes · 7th May, 2024 - 15:03 · Link
protonmail sucks I will no longer trust him again. and I hope this also opens the eyes of others who think that proton mail is totally anonymous
/u/Skull · N/A votes · 7th May, 2024 - 16:18 · Link
Why are you using email /u/headjanitor - it's not like you're forced to do that if you're a criminal. We are all criminals in here. I got a gazziliones of protonmails and hotmails too, want to buy some 3 letter ones? It's not like I'm using it irl biz.
/u/Darkbeard · N/A votes · 7th May, 2024 - 17:16 · Link
I use mysudo for reasons
/u/IAmPlague · N/A votes · 7th May, 2024 - 22:18 · Link
I went "down" because of ProtonMail but luckily be identity obfuscation saved me from a long sentence. Actually ProtonMail disclosed the IP used by my VPN to my other PM accounts linked to my actual (private) account which lead to a raid. Luckily all OPS had siezed prior and this only lead to them finding one chat with various suppliers leading to a lame 1 year sentence. Don't use ProtonMail use AUTISTICI or COCK.LI over TOR.
/u/Crypsis · N/A votes · 7th May, 2024 - 20:39 · Link
Protonmail was compromised by geopolitics more than a year ago. Due to some US and European Union agreement. Cant remeber what the official agreement was called but it happen in plain sight, it was covered in the news amoungst a G summit of some sort. Basically, the servers in Switzerland allowed interpol, FBI CIA gain access. DNMX, this has been compromised a while ago too, it's basically a honey pot at this point. A collective of global LE run this one. What HeadJanitor said. A secure email client doesn't exist unless you're running one yourself. Use pgp and the best practices you can, but keep always keep in mind most of these email client servers are run in established counties, counties that are part of geopolitical alligences e.g NATO, European Union, Pacts, G summits of various sorts and so forth. Most of these countries receive money from the US so those funding agreements come at some costs. So always think the servers are compromised at any time all the time. This is why PGP and many other opsec filters are foremost best practice.
/u/itYM8LXLb9YPQR5zgRhq29f1h · N/A votes · 7th May, 2024 - 22:13 · Link
You can very easily make proton mail accounts anonymous. It provides a Tor service which will keep you anonymous; people that get caught using proton mail is like being caught with using Monero, it is just bad OpSec. You are the one to blame if you are caught, maybe if there is an onion service available you should use it. If you do not need a recovery email why have it; but lets say you are creating your proton mail account with the Tor service just go get a disposable email address from guerilla mail, or somewhere else just to make the account then remove it afterwards. Proton Mail is meant to be a privacy respecting email service not a place for just criminals, you can use it anonymously. It is okay to use Proton Mail: http://6tc72lnilgt4dn2u6qk44vfns2qca552smajbilfcl6zs7ezf7emhbad.onion/en/service/491 <-- tosdr Proton AG, their terms and services simplified.