519
Proton Mail Discloses User Data Leading to Arrest in Spain
(restoreprivacy.com)
This is a most excellent place for technology news and articles.
They are bound by Swiss Law, so they have to comply with lawful orders. They are very up front about this even within their marketing that pertains to protection from other government authorities. They are also very good at explaining exactly what is protected and what inherently isn’t. A recovery email isn’t. In order for a recovery email to work by its very nature, Proton has to have a record of it. But at the same time they don’t require you to set one. Proton hasn’t done anything that they’ve promised not to. There comes a point where you need to put a little effort into understanding the product you’re using.
This information was just as clearly and easily accessible by the guy who was caught, as it is to you, and to me. If you’re going to commit crimes using a cloud service, the onus is really on you to put in a minimal amount of effort to familiarize yourself with what is protected and what isn’t. Proton is extremely up front about this, and give you all the information you need to be safe.
Proton never advertised to a single user that all your data is safe from the Swiss government. On the contrary, their main selling point is that the Swiss government is the primary driver of their secure offering. They encrypt what they can using zero trust encryption, and that is left over is secured by the Swiss Governments laws regarding businesses sharing information with foreign governments.
Proton promised to not comply with direct requests from foreign governments and they haven’t.
Proton promised to encrypt all the data they feasibly can so it was safe from Proton being able to hand it over to even Swiss authorities and they have.
Proton is not responsible for user error, nor the willful ignorance of its users.
I don’t label him anything. He clearly did something that guided his decision to use a more privacy-centric service to avoid the prying eyes of his own government. That could be crimes, civil disobedience, it doesn’t matter.
Proton deserves no criticism here. It has not created any functional database of any group of people to be queried by anybody, much less law enforcement. Thats complete nonsense with no evidence to back it up.
It is exactly the privacy haven it appears to be because to this date there has been no reason to believe otherwise. Proton has and continues to offer the protections it’s promised to, without deviation. You just seem to have some kind of personal bone to pick with Proton and are using this story to distort the truth in order to create some kind of anti-proton narrative. I’m no corporate fanboy, but right now we have very few privacy-focused cloud services and for the duration they remain so, I’m not going to tear them down for no reason.
The fight against misinformation is an important one, and the misinformation you’re spreading is a threat to anyone who is interested in being privacy-conscious but doesn’t know enough to dispute what you’re saying. Whether or not the user was committing crimes, or any other non-state sanctioned activity that he recognized could land him in hot water continues to be irrelevant. Nobody is judging his morality, the point is that he knew what he was doing warranted more effort to maintain his privacy. You trying to put an emotional or moral spin on the term “crimes” is just more pedantic nonsense to distract from the issue at hand.
The fact that Proton services 6,000 requests from law enforcement in a year (not all of which uncontested or even granted, a detail you’ve conveniently left out) does not imply that they’ve violated user trust, or that they’re doing anything they didn’t explicitly say they would do.
Whatever your motivation is for this slander campaign against Proton, it isn’t working.