Gandalf_The_Grey
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester
- Thread starter Gandalf_The_Grey
- Start date
This case shows how privacy can hold firm even under legal pressure: Proton did not hand over emails or metadata, and the only piece of information disclosed was the payment method chosen by the user. A service proving in practice that it stores only the bare minimum is an encouraging sign for those of us who believe security begins in the very architecture.
Yeah they didn't hand over information but they did hand over payment so in fact they did help. Weasel words by privacy companies really make me rage hard.
No one is going to prison or the clink or refusing to honor legitimate court orders and requests for a user for $5 a month. It would be stupid to think otherwise.
No one is going to prison or the clink or refusing to honor legitimate court orders and requests for a user for $5 a month. It would be stupid to think otherwise.
Whatever information you have online that isn't encrypted with a strong key (or, provisionally, a strong technical system) is subject to government enforcement. It's just a fact of life. The "safest" route from such threats is to avoid keeping/sending data in/via the cloud.
That's all well and good until someone with a $5 wrench
cracks your skull or worse some points a gun 
at you head.Don't store any sensitive data anywhere, the only problem then becomes who else is storing your data on a server waiting to be hacked.
Wouldn't it be best to pay for a VPN anonymously anyway? I mean, privacy is the whole point. That's why Mullvad stopped the month-to-month subscriptions, so they don't have to keep a payment method on file. You can get a VPN gift card many places then just redeem that.
@n8chavez not entirely to clear to me, I understand what your are saying but not exactly the "how-to" -- last time I bought a gift card, that seller / vendor has your info (not anonymous) Maybe I could buy a gift card with cash, not sure what info seller collects if any... I just recall a downside last time I looked into this... ditto buying bitcoin. but admit I may be missing something...
Well, for example Mullvad allows you to buy a gift card from a third party. That information lasts only 30 days with Mullvad as they don't keep logs of payments methods. Yes, whomever is interested can track down where and how the gift card was purchased. But if the user paid cash for it, good luck identifying them. Also its just more hassle. Mullvad also allows users to mail in cash with their account number. Mail that from a public place and you're still good.
All of this to say, there are ways.
All of this to say, there are ways.
What @n8chavez suggests gains value if we imagine the scenario: the FBI requests data and Switzerland orders Proton to hand over whatever it has. Proton checks the account and only finds a payment made with a gift card or mixed Bitcoin. The result is just an alphanumeric code with no practical use. Proton complies with the order, but for the investigation it’s a dead end. At least that’s how I pictured the scene, maybe too influenced by thriller and suspense movies… 
In my locality, you can definitely get a gift card without any kind of identity assignment, but the seller can still track the card and the people (likely through surveillance, probably kept for a limited duration, or by digital transaction, probably kept permanently) it sold the card to.
You can probably do the same with Bitcoin if the seller doesn't insist on registering an identity, but it will be traceable via wallet addresses.
I guess these methods are still traceable; they just make looking into it harder and more resource-intensive.
If the service doesn't keep logs of electronic payment methods, that's different; it may work with some types of payment and not others, depending on the electronic payment provider. Cryptocurrency could work if the service discards the paying wallet address immediately (or relatively quickly). Mailed cash would also work. I guess the service could discard any payment information for transactions that are final and non-reversible.
Last edited:
That's all well and good until someone with a $5 wrench
Yes, in this case, maybe the government should have shortcut the whole thing instead of going through Proton.
I use Proton and I trust Proton, if the gov't wants to subpoena my information, have at it, nothing to be found. Not an issue for me.
Just because I'm privacy-conscious doesn't mean I have anything to hide. For me, it's a fun hobby.
Privacy != anonymity
Proton's privacy tools aren't for shielding murderers or terrorists, but for normal people dodging hackers, surveillance, and corporate snooping.
They followed Swiss law: handed over minimal payment metadata (no contents, no encryption) to Swiss courts under a valid order. That's it.
Reassuringly, they don’t babysit idiots who pay with traceable cards - service that did would be terrifying and doomed.
Proton's privacy tools aren't for shielding murderers or terrorists, but for normal people dodging hackers, surveillance, and corporate snooping.
They followed Swiss law: handed over minimal payment metadata (no contents, no encryption) to Swiss courts under a valid order. That's it.
Reassuringly, they don’t babysit idiots who pay with traceable cards - service that did would be terrifying and doomed.
Proton and Switzerland are no longer the guarantee of privacy. I prefer to store my data in UK/US, if CN/RU are unavailable, warrants outside of EU are hard to get. 
My take is as others is, I like some privacy but if people do crimes they really ought to be caught & brought to justice 
True, but the problem is services that claim: We do not track anyone. Then they say, we tracked a criminal to help the police. While admirable, you can see the conundrum.My take is as others is, I like some privacy but if people do crimes they really ought to be caught & brought to justice
These days a criminal is someone, who questions a "science", someone who supports west or east, depending on the country he resides in. Politics decides, who is a criminal.
P.S.: Of course, I support services, who help to catch pedophiles, hackers, etc, but they actually use this as an excuse, like the age verification, which leaks more data than ever.
I myself order toys from Japan, legal in Japan, legal in my country, but it could still get me in trouble, like when I ordered opium incense from eBay, it was not just an aroma.
Last edited:
I don't know about the UK, but I don't understand your position about the US. It seems that the US can issue an administrative subpoena, not under judicial review, to request at least top-level account information. This would still depend on whether the provider is willing to challenge the request if it's too broad or intrusive without a warrant, with the accounts' nationalities possibly being a factor. Why store data in the US? Is it easier to get a such a warrant in Switzerland or in the EU?I prefer to store my data in UK/US, if CN/RU are unavailable, warrants outside of EU are hard to get.
US and EU are not such pals as they used to be. As far as privacy go, they are always on edge. Unless it is a serious crime, like a terrorism, they are unlikely to get a warrant.
what data could have the authorities gathered that would let proton correlate it with that CC profile?
Last edited:
You may also like...
-
Microsoft Gave FBI Keys To Unlock Encrypted Data- Started by nicolaasjan
- Replies: 36
-
F
-
Proton Mail Discloses User Data Leading to Arrest in Spain- Started by Gandalf_The_Grey
- Replies: 2
-
Data Collection Core Principles (Security Software)- Started by Trident
- Replies: 7
-
FBI: Scammers pose as FBI IC3 employees to 'help' recover lost funds
- Started by Gandalf_The_Grey
- Replies: 0