they handed over payment info with the real name
You must log in or register to comment.
Bad opsec. Of course Proton will comply with court orders. It’s your responsibility to not leave data they can hand over.
they shouldn’t pretend to protect your privacy if they can’t
one time they did this and only then after changed their website where it said they wouldn’t log your info
https://technologymagazine.com/cloud-and-cybersecurity/protonmail-under-fire-over-data-handover
Payments are very different. Any company is required to keep track of their finances, the tax authorities don’t fuck around. If you electronically pay for something and expect anonymity, you are not very, um, educated. If you feel like you need their paid plans, pay cash and only ever access it through TOR running Tails. I feel like that’s a reasonable level of opsec for most activists.
this is victim blaming
not every activist is a tax attorney, their misleading advertising and the faulty standing in the community is the reason this awesome anti cop city activitist got repressions
Marketing claims don’t absolve you from doing your due diligence.
“Victim blaming” is an inherently stupid concept, because it relies on the premise that:
- There can only ever be 1 person or entity to blame and
- Providing any advice whatsoever to help the victim help themselves is “blaming” them.
You know that, I know that, people here probably know that.
But out in the real world where people are doing real world activism and are concerned about real world problems, they don’t necessarily know that. They are concerned about a whole lot of things that are not digital infrastructure and technology.
They should be able to trust a service that promises security and anonymity for payment. In particular one that is touted as well renowned.
Seeing this comment downvoted in a privacy community is a little disheartening.
Comments like “If you electronically pay for something and expect anonymity, you are not very, um, educated” is technically true in a descriptive sense maybe, but in a prescriptive sense, the comment tells us “You should have known what were know. You didn’t, and you deserve what you got for that.”
It seems unhelpful to assume our knowledge is automatically universal, and not a result of some combination of luck and circumstance.
Indeed
But shouldnt it be encrypted on their servers?
Payment data? Never.
Technically stored encrypted, but they also have the keys
Honest a case of “Well Duh”.
Proton is for data privacy, not true anonymity. They’ll keep your data safe from data collectors and the like, but they still have to comply with the law if they want to continue being a business.
So ofc if you pay for your Proton account by conventional means tied to your identity, then your details are tied to your account. Proton says as much on their website.
The only way around that is to use a service like Posteo that accepts posted cash or cryptocurrency - where they physically can’t know who you are. But even then you’re busted if you ever access that account without a VPN… which you would also have to pay for with cash or cryptocurrency, and hope to god they have a robust no-logs policy.
Everybody seems to confuse privacy with anonymity. If Proton doesn’t comply with the law, Proton will cease to exist.
I’m still relatively new to Proton, but I thought I read early on that they would still have to comply with legal requests. I believed that their system was mostly in the realm of two secure accounts being able to hide the messages themselves. I use a card, so I am tied to my account. Does using whatever coin they take (if any) help with this? I remember reading they wanted to open more doors to alternate payment methods. I think it was to help privacy but also in large part so that they could still collect money if they ever get slapped down by other processors for making someone big mad for their privacy setup.
EDIT: I thought I had replied to something like this before. Found it. https://a.lemmy.world/lemmy.world/post/15148279 It seems to me that some just overestimate what the service is.
I can’t read the article because it’s behind a paywall, so I’ll ask here: What information was handed over specifically? The IP address of when the account was created? The payment details? Unencrypted data? Login information? Device data? Something else?
they handed over payment info with the real name
protonmail without PGP only has encryption for other protonmail users
