Posted on 05/09/2024 7:38:14 AM PDT by yesthatjallen
ProtonMail, a managed email service popular with the crypto community, surrendered a user’s information to Spanish authorities, leading privacy rights advocates to claim it had violated its sworn promise to protect user data.
ProtonMail is based in Switzerland and uses privacy and security themes in all of its corporate messaging. Like Switzerland’s once-enviable numbered bank accounts, ProtonMail made allusions to Swiss privacy, pseudonymity, and jurisdictional legal protections from the power of certain subpoenas. As a result of this marketing campaign, it attracted many crypto users who wanted a private email service.
In this instance, the user was a member of Mossos d’Esquadra, a police force in Catalonia. Spanish authorities identified him via subpoenas to ProtonMail and Apple.
The secure email service provided police with a recovery email address that revealed the pseudonym ‘Xuxo Rondinaire.’ Alongside information from Apple related to that recovery email and pseudonym, Spanish authorities believe he assisted the Democratic Tsunami movement.
SNIP
(Excerpt) Read more at protos.com ...
Uh huh, so much for protecting data
Damn. And I got a proton email address a few years ago precisely because it was supposed to be more secure than Google.
It IS more secure than Google, but all of the major vendors have their tipping point.
I notice that they traced the user using his recovery email.
I have not set a proton recovery email or phone number. Nonetheless, I expect the NSA decrypts 100% of proton mail and identifies the IP addresses and real identities of every user and mail.
If you want anonymity, don’t use bits and bytes.
How does Spain have authority over another country?
The lesson here is that Proton mail IS secure. The contents of the emails were inaccessible to the provider. Yes, they gave up some info but they made sure that the only info they were able to give up was controlled by the user.
If they didn’t have a recovery email, there would have been nothing to turn over.
The takeaway is to not use a recovery email or at least one that isn’t traceable to you.
There are many ways around this. Hackers use them all the time.
To get any anonymity these days, everything has to be wrapped in multiple layers to obscure origins. To find out something, it’s only a matter of how many resources and time are needed. Think of a spectrum from local cops to nation state level resources.
For instance, to send a hard to trace email you’d have to setup a burner machine with something like a secure linux distro - tails for instance. Connect to the internet via vpn on a public wi-fi with no security cameras in the area, and then send it from an email account that was setup using the same methods as above. To be safe, use a different machine and accounts each time and from geographically separated wi-fi points.
It can be done but would be a lot of work. One mistake and you’re caught.
>>The secure email service provided police with a recovery email address that revealed the pseudonym ‘Xuxo Rondinaire.’
You mean folks don’t use 10minutemail for their recovery addys?
You might be OK with a well secured laptop/desktop, writing the bits and bytes to a thumb drive or burning a DVD, and handing it to someone.
Touch the Internet? All bets are off.
I expect the NSA operates ProtonMail as a honeypot.
I wonder what would happen if the recovery email was another Proton account.
Proton mail is owned by the World Economic forum.:
https://www.weforum.org/organizations/proton/
You are further empowering humanity’s greatest enemy when you use it.
When you send a ProtonMail, you are sending Communism!
Dang!
She said she was a virgin!
Anyone who thinks any kind of “privacy”, whether traditional or centralized, is offered without the back doors already operative is hopelessly naive. (That too goes for Freeping, despite the Robinsons’ good efforts.)
It is more secure, but that doesn’t mean they’re not going to comply with warrants and subpoenas. You’ve got to get well away from the land of legally run tax paying companies for that.
If I remember right, proton allowed me to get an account without a restore address. With a disclaimer that I was on my own and if I forget the password then I am screwed.
Fine...
Uh huh, so much for protecting data
~~~
People need to understand something. No data is safe.
In most cases, like email, most platforms and providers make no pretense about privacy. Even if you use a VPN, your data is not safe. You should treat mail as public, and never transmit anything you consider private.
Just because you operate under the delusion that the world respects your privacy doesn’t make it so.
I’m just writing this to wake up anyone here who may have this misunderstandings. I’m not saying it for shock value.
If you mail a parcel out, you should have a reasonable expectation that it will be delivered without inspection, but “should” is a subjective mistake.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.