• Proton Mail assisted Spanish authorities in identifying and arresting a member of the Catalan independence organization Democratic Tsunami.
  • The company’s end-to-end encrypted email platform aims to protect user data, but recent events suggest potential vulnerabilities.
  • Proton Mail was also required to provide user data to Swiss authorities for a separate case involving a French climate activist, emphasizing the importance of proper Operational Security measures.

Also obligatory video: https://www.youtube.com/watch?v=iH626CXyNtE

  • fartington@lemm.ee
    link
    fedilink
    English
    arrow-up
    179
    ·
    6 months ago

    Proton CEO

    The name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can’t decrypt data, but in terror cases Swiss courts can obtain recovery email.

    • barkingspiders@infosec.pub
      link
      fedilink
      English
      arrow-up
      65
      ·
      6 months ago

      Thanks for posting this, it’s important people catch more than just the headline. This is clearly another example of proton delivering on their promise. Fucking headlines gonna headline.

    • cheese_greater@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      6
      ·
      edit-2
      6 months ago

      I mean, Proton was the necessary link. Not even like I fault them, people should realize email or any other 2-sided activity has 2 (or in this case, 3(+?)points of weakness.

      Dunno, just hate the way we lie without even lying nowadays. Mot sorry that Rubes get rubed

      • just_another_person@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        6 months ago

        There is no lying here. Adding real world identification that can be correlated to other accounts is the fault of the user. That’s being said, I’m glad Proton follows the letter of the law.

      • pathief@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        6 months ago

        I mean… If Proton had no way of knowing your recovery email, it would be pretty pointless to set one up. If they do have a way of knowing it, they are bound by swiss law to give it up. No company is above the law, they have always been very transparent on that matter.

  • 📛Maven@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    90
    ·
    edit-2
    6 months ago

    He got got because the user used an Apple ID that was linekd to their real identity, which is one of the things Proton is obligated to provide in cases like this.

    Proton says all the time, they are obligated to comply with the letter of the law, so do not store anything identifiable anywhere they’re legally required to provide it. They tell you exactly what not to do, to avoid this precise case. They do not want to provide anything they don’t have to, but they also do not want their company shut down.

  • helenslunch@feddit.nl
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Not news. Proton complied with a lawful order. They do this thousands of times a year because they have no choice, nor does any other company.