Given they were praising Trump, Vance, and gang - I called it then.

I cancelled my Proton account when all of that hit Mastodon. Their VPN was good, but I dont support nazies and their toadies.

I don't think any commercial entity can be trusted to break the law on behalf of customers who only pay a small fee each

As a long time Proton customer...I am fairly certain Proton has always been completely upfront that they will comply with lawful requests for information from the Swiss authorities, if response is obligated by Swiss law. Therefore this isn't especially surprising.

In this case, it was Swiss courts who forced them to comply, not foreign courts.

And from what little I can tell from the article, it was account payment data, not content from the account.

Proton was never designed or advertised to resist this kind of threat.

What Proton sell you is reduction of anxiety. But that's a lie.

The whole idea of encrypted email is pointless. There's absolutely no guarantee it's encrypted in transit or encrypted at rest on any machines it transits through unless you encapsulate the messages with PGP and then you still leave a trail of envelopes everywhere. Any government who wants your data will come round and beat it out of you or the provider as best as they can. And if you have the pay the provider, as evidenced here, they can point to you and then beat you for it. Beating being metaphorical or otherwise.

Use any old shitty email provider and make sure you can move off it quickly if you need to. Standard IMAP, not weird ass proprietary stuff like proton. Think carefully what you do and say. Use a side channel for anything that actually requires security.

> prides itself both on its end-to-end encryption

Their end-to-end encryption is pointless because the vast majority of any recipients will just leak the plaintext emails via their own account providers anyway. It only works under very specific circumstances (all parties are using it). I think their marketing overstates what their secure private email actually means.

> Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?

They said they want to relocate to Germany which I would say in a polite way, is much worse in this regard.

The article explains that the account was identified based on a credit card payment for a paid account, which does not invalidate the statement in question IMO. Perhaps we differ on the definition of "private" or something else, but unless all parties are using proton, email is inherently insecure and somebody can/will have a record of your communication regardless.

I'm not sure what you were expecting here. If you have data and the police shows up with a warrant, you can't just tell them "nah we don't feel like it".

This is disappointing. I would pay up to $10/month for an email provider who would go to jail for me.

When a SWAT team drops in nobody's gonna take a bullet for your emails.

They could have used a VPN to connect to Proton and paid for their account with bitcoin or cash and then law enforcement would have had a very tough time. Instead, they paid with a method connected to their identity. Of course Proton handed it over when law enforcement came knocking.

If you don't want info being given to law enforcement by third parties, your best bet is to make it so that nobody else has access to it in the first place. You might get away with third parties that are in a jurisdiction unfriendly to wherever you live. Definitely don't hand over your info to a company in fricken' Switzerland and then be surprised when they comply with law enforcement requests for it.

Proton isn't opsec, it's just the best available commercial clearweb host that still has to follow all the laws and comply with warrants, but won't be arbitrarily selling your metadata or engaging in the adtech garbage.

Kagi is to google as proton is to gmail.

You get web mail, custom domains, decent security, decent spam detection, solid features, and no PII being sold. Nice, clean, simple - I like paying them money. I feel good about doing business with them, and I don't run into that often these days.

What device identifier are you referring to, something like the MAC addresses of your network cards? How are they retrieving that via a browser?

Proton doesn't really protect anything email related unless the recipient is also using protonmail. The article also points out they sought payment data, not "IP and device ID" information.

404 Media has an excellent track record and is very reputable, if you're saying the "red flag" applies to them.

That's 404 media's approach. That's why I only read their headlines.

In theory you could open up your protonmail account over tor and with bitcoin (or does that not work anymore?).

Its been a good while since I tried them out. Why I don't recommend them anymore is because when I didn't extend my subscription in time (expecting an account downgrade), my mail was locked and emails hold on to as random. Allowed to login only for payment.

That was one red flag from me, the second was when they shared IP address logs of a French protestor. E̶v̶e̶n̶ ̶t̶h̶o̶u̶g̶h̶ ̶a̶t̶ ̶t̶h̶e̶ ̶t̶i̶m̶e̶ ̶t̶h̶e̶y̶ ̶h̶a̶d̶ ̶a̶ ̶n̶o̶ ̶l̶o̶g̶s̶ ̶p̶o̶l̶i̶c̶y̶,̶ ̶i̶f̶ ̶I̶ ̶r̶e̶m̶e̶b̶e̶r̶ ̶c̶o̶r̶r̶e̶c̶t̶l̶y̶.̶ ̶O̶r̶ ̶i̶f̶ ̶I̶ ̶d̶o̶n̶'̶t̶.̶

I really don’t think 404 Media having a login gate is a red flag. They’re a business that needs to make money and the alternative to subscriptions is ads, which would be exponentially worse for user safety than what exists today.

Here you are: https://archive.ph/Zvw3O

> Proton only has access to your IP and device ID, not your data.

I like Proton. I use Proton.

However, the problem with proton is that if you access your email via a web browser, there's nothing stopping protonmail (to my knowledge) from reading your email from within their webapp via JS. This type of attack could be targeted at the behest of authorities.

So, actually, Proton COULD read your email (IFF you use webmail).

>after it was disclosed back in [checks notes] 2021 that ProtonMail gave up user data to law enforcement and also changed their TOS.

You shouldn't even need that. A warrant isn't a strongly worded letter that they can just turn down. It's the law. Therefore you should assume that if the police can get a warrant, they can get your data. Even for people who don't follow the law (criminals), there's no guarantee they won't snitch on you.