Proton Mail Discloses User Data Leading to Arrest in Spain ( restoreprivacy.com )

TheAnonymouseJoker Mod , 12 days ago (edited 12 days ago)

Proton is not for activism. Treat it as bad as Gmail or outlook for that. Moon Of Alabama blog has lots of criticisms. If you want to be anal about using email for activism and whistleblowing, use a serious provider like Riseup or Disroot. All these Protons and Tutanotas are useless. They are only better than Gmail and Outlook.

There are some idiots that spread nonsense about me that I am paranoid or whatever. Yes I am proud of it, because they are the incompetent ones. Big Tech "security" shills and a lot of kiddies without experience do this.

Edit: I will take the liberty of recommending digdeeper's blog for email providers.

Scolding0513 , 12 days ago

the two you suggested though are US based though. they'd also have to answer to court orders right?

TheAnonymouseJoker Mod , 12 days ago

They both have a clean track record and are funded purely by activists and dissidents.

Scolding0513 , 11 days ago

okay but court orders tho? not immune, just like proton. also they can be administered gag orders(think lavabit), unlike proton

TheAnonymouseJoker Mod , 11 days ago (edited 10 days ago)

Lavabit shut down. Riseup and Disroot still need to be battle tested even more.

lemmyreader , 12 days ago

the two you suggested though are US based though.

Disroot is in Europe.

• https://disroot.org/en/about
• https://disroot.org/annual_reports/AnnualReport2023.pdf

Scolding0513 , 11 days ago

thanks

azalty , 11 days ago

Not sure how they’re better than proton is terms of compliance and anonymity

TheAnonymouseJoker Mod , 11 days ago (edited 10 days ago)

How to tell you know nothing about privacy, security and anonymity without telling me that directly. Proton is a fucking snitch for activists.

azalty , 11 days ago

Source: trust me bro

It’s just that more people use proton so more of them have their identity leaked. I don’t see how the terms of these 2 companies are better

TheAnonymouseJoker Mod , 11 days ago (edited 10 days ago)

Are you trying to discredit Riseup and Disroot without evidence? Are you a fed by any chance, or a nasty troll? You can go read digdeeper's blog on email providers. If you disagree, you may continue to deny, troll and get banned for speaking nonsense.

azalty , 11 days ago

I’ve never heard of those 2 providers and they don’t seem to be any better. I’m just looking for facts to back that and so far I haven’t seen any

Being skeptical doesn’t mean being a troll or a fed, wtf. I don’t know what you’re on but it seems cool

As for the « are you trying to discredit … without evidence » I want to answer « what can be asserted without evidence can also be dismissed without evidence »

TheAnonymouseJoker Mod , 11 days ago (edited 10 days ago)

If you have not dived deep into the rabbit hole, that is a you problem. What level of threat model and knowledge do you even have to be able to contest such claims, that you do not trust Riseup and Disroot? Denying facts and doubling down by not listening is a problem.

I gave you a place to look for facts. If you do not want to and just want to speak gibberish without listening or backing up your claims, you can go to Reddit or PrivacyGuides/Techlore/some shit youtuber and worship Protonmail or Apple Private Relay.

lemmyreader , 11 days ago

I’ve never heard of those 2 providers and they don’t seem to be any better.

You never heard of the other two providers but yet you already draw the conclusion that they don't seem to be better. What does "better" mean to you in this context ?

TheAnonymouseJoker Mod , 11 days ago (edited 11 days ago)

Yes. I am surprised people are downvoting me and upvoting him. He is the one who did no research, and I am on the opposite end of the spectrum. I write guides lol. This is privacy community. Anyone remotely serious about privacy must have heard of Riseup, Disroot, Posteo and others.

lemmyreader , 11 days ago

Exactly! I am not saying that Proton is some kind of virus but lots of folks are screaming "Proton! Proton!" (and "You have to think for yourself!" - Life of Brian) as if it is the only answer for privacy and security.

Riseup exists since about 1999 and is like Disroot non profit with focus on activism. Proton is like some other companies, I think, a response to the Snowden revelations, which is iirc 2013, a time after which self-hosting email (e.g. Mail in a box) became topical for a while and several other new email companies started to pop up.

TheAnonymouseJoker Mod , 11 days ago

It is very strange to me that Lemmy users are behaving in a reverse manner to how they should. Are they too young? Or are they too bad at privacy game, believing all this Proton/Graphene/Brave and whatever else is trendy?

rant

What if I were to stop being so aggressive and start accepting as a mod all this nonsense claimed by chest thumping randos? I think I now see why privacy communities are usually so shit. It is these moments where the seeds of falsehoods are implanted, and they become rumours and then gospel truths. Only when moderators have serious knowledge (qualified) and are defiant in the face of nonsense, can a community remain unspoilt. But qualification is also a problem, because "authorities" will try to hijack such an endeavour and ruin it.

lemmyreader , 11 days ago

It is very strange to me that Lemmy users are behaving in a reverse manner to how they should. Are they too young? Or are they too bad at privacy game, believing all this Proton/Graphene/Brave and whatever else is trendy?

It is indeed probably a new and young generation preferring to watch videos on their smart phones rather than reading from a desktop computer. YouTube (with its influencers and content creators) is very popular and that is unlikely to change any time soon. Problem is that getting privacy and also security right is not that simple. Take for example the Riseup and Disroot comments in this thread. I trust Disroot and Riseup to do the right thing, and I bet that handing over personal data would be about the last thing they would ever do. I guess this is difficult to understand for people who have nothing at all in common with activism and for that matter anti-capitalism.

TheAnonymouseJoker Mod , 11 days ago

Serious topics like privacy and self improvement have become very similar in people's perception. They are also just another thing to consume, as unhinged as it sounds. Everything must be consumed, everything must be rented. Everyone must live in a distorted perception of "safety", whose harbingers are fucking western corporations. It is insanity and it must be prevented from taking over Lemmy's communities atleast on main .ml instance, and I will do what is needed to prevent that, in places I moderate.

lemmyreader , 11 days ago

Serious topics like privacy and self improvement have become very similar in people’s perception. They are also just another thing to consume, as unhinged as it sounds. Everything must be consumed, everything must be rented. Everyone must live in a distorted perception of “safety”, whose harbingers are fucking western corporations. It is insanity and it must be prevented from taking over Lemmy’s communities atleast on main .ml instance, and I will do what is needed to prevent that, in places I moderate.

👍

azalty , 11 days ago (edited 11 days ago)

Oh so you believe that Proton wants to hand out user data? Absolutely not. It gives them bad publicity and discredits them.

Capitalism and activism has nothing to do with the subject. We’re here for privacy and anonymity. A good service is trustless. It’s not up to Disroot and Riseup to decide whether they’ll hand out user info or not. They subject to some legislation because of the country they’re based in, and I don’t think they’re willing to go to jail by not cooperating.

And you can spread your hate towards the younger generation and smartphones all you want, it only makes you more irrelevant. You didn’t write any argument as to why those services are better except “they’re activists” and “I trust them”, which doesn’t matter in any way.

lemmyreader , 11 days ago

Law can be different per country and when there is nothing to hand over, then there is nothing. Here is an example of Mullvad : https://mullvad.net/sv/blog/update-the-swedish-authorities-answered-our-protocol-request

azalty , 11 days ago

Except with a VPN you’re not identified by the servers you connect to, so they can safely not log any traffic and as such, law enforcement can’t ask to hand out data about a specific account because they don’t know which account did it. Same goes for logging the IP of the account, because again, they don’t know which account it is, and can’t force a service to log all users for the sake of finding one.

It’s not true for mail services however, as the email address is your login and/or is linked to a specific account, forever and exclusively.

Disroot stores your IP address so there’s already that. Didn’t check the other one.

lemmyreader , 10 days ago

Except with a VPN you’re not identified by the servers you connect to, so they can safely not log any traffic and as such, law enforcement can’t ask to hand out data about a specific account because they don’t know which account did it. Same goes for logging the IP of the account, because again, they don’t know which account it is, and can’t force a service to log all users for the sake of finding one.

VPN and Tor and I guess i2p can disguise your IP address indeed.

It’s not true for mail services however, as the email address is your login and/or is linked to a specific account, forever and exclusively.

I'm not following what you mean by this ?

azalty , 10 days ago

What I’m saying is that VPNs can legally not give out your info, while mail services can’t, because of the technical reasons I mentioned, and as such, it doesn’t make Proton any more faulty for handing out info that it would make Riseup or Disroot to do the same. At the end, they’re all legally required to comply and will do if asked to.

azalty , 11 days ago

What’s wrong with those 3 things you cited?

TheAnonymouseJoker Mod , 11 days ago

What is wrong with claiming sun rises from west, or sky is not blue, or a pedophile will not do bad things to kids? I am sure you can find the logic, and consider researching a little bit and making yourself knowledgeable before raising such absurd questions. Or maybe stop consuming privacy content from slimy YouTubers?

azalty , 11 days ago

I should for sure trust a random guy on Lemmy with no arguments whatsoever and that criticizes well established services for no reason, and also criticizes all YouTubers with no distinction.

TheAnonymouseJoker Mod , 11 days ago (edited 10 days ago)

Yes you can trust Techlore, Privacy Guides, Proton, Brave, Graphene, Google, Apple, Microsoft and all the big companies. Also make sure you are a well behaved citizen and always obey politicians and whatever is shown on TV too. Never step out of line. You are a good boy. Never use crypto, only legal official public banks.

I can never take someone like you seriously, that has the audacity to lift fingers yet defend the "well established" scum blindly.

I referred you to digdeeper's blog for information on email providers, yet you refused. He has an indepth analysis, something you are incapable of performing for all notable email providers. So I do not think I have much reason to reason with you, since you were unwilling to listen from the beginning, and are continously defending the "well established".

If I see nonsense from anyone, I will not hesitate to use the hammer. Enough of this nonsense in privacy communities on Internet.

Oh and since you want to know who this random person is, I created r/privatelife and have a few good guides to my name, and have been using darknets for over a decade at this point. Significantly responsible for building up Lemmy to what it is today. So much for credentialism. What are yours?

azalty , 10 days ago (edited 10 days ago)

Oh so you use the argument of authority now. Great.

I’ll check your thing. I would have enjoyed if you could have linked it because I’m a young stupid guy with a short attention span, but fine.

If you actually checked my profile you could’ve found out I’m pretty deep into Monero, and that’s pretty much what got me into Lemmy. Don’t make assumptions without knowing people.

I checked this page https://digdeeper.club/articles/email.xhtml#disroot and surprise surprise, no real arguments apart from quoting stuff from disroot's website. Disroot has a worse privacy policy than Proton, stores email unencrypted. You’re basically trusting Disroot not to do harmful things, which is a red flag when you could recommend services that do things properly.

If that’s the best source you have, I seriously doubt your knowledge.

I guess it’s now time for my ban

TheAnonymouseJoker Mod , 10 days ago (edited 10 days ago)

I do not think you understand how email even works, do you? It is funny you trust Proton, even though they disallow logging in without their app or JavaScript stuffed web UI. Also, how are you verifying Proton's encryption keys on their end? It tells a lot about your level of knowledge, honestly. You do not even understand how email or encryption works, yet you have the balls to claim Disroot is worse than Proton. Go play Roblox, kid. Reddit seems to be at your level. If you PGP your messages/emails on your own, or use OMEMO or similarly good algorithm with full key ownership, only then is encryption verifiable and valid. People like you just like to validate shit like Proton snitching.

Also what about authority? My authority is formed from sheer hard work done without taking a single donation. I write guides for privacy and anonymity and built a community through this expertise. And unlike a lot of agenda based nonsense and worthless SEO filler disguised as guides, I offer honest and good solutions. And I did skim your profile, and found nothing notable other than usage of XMR. Do you know what is the worst criticism about me behind my back? I am paranoid. Go figure.

azalty , 10 days ago

You can’t encrypt received unencrypted mail (except if you use POP but it’s not an option if you have multiple devices), but you’re right about one thing, it’s that we can’t trust that proton doesn’t store the encryption keys. Although it is still safer to go with them because if they did, they would either have given the mails to the govs, exposing them (which didn’t happen), or they just wouldn’t hand out your mails, which is better than nothing.

You really have a problem with people. You can only attack personally or throw baseless insults.

I talked a lot about XMR, but also talk about session, Firefox and its privacy, file sharing like torrents, pirated stuff, VPNs… and I haven’t been very active on lemmy. But I don’t see how that gives you any more power in that conversation, knowing how bad you handled it.

You’re just saying the same thing over and over while not understanding that what you propose is no different (or even worse), and that your pseudo arguments are empty and invalid. Just stop.

TheAnonymouseJoker Mod , 10 days ago

it’s that we can’t trust that proton doesn’t store the encryption keys. Although it is still safer to go with them because if they did, they would either have given the mails to the govs, exposing them

You have trouble reading the room and what you are even saying. Do you not realise there are now multiple instances where Proton has snitched on activists? Riseup, Disroot and others have not. They do not store logs, wipe everything every day or week and are not marketing nonsense to people.

I have a problem with delusional people who cannot understand things, but are ready to argue about anything to win the internet debate at all costs. Yes I am aggressive about it, because the privacy community is a bunch of close minded self-proclaimed experts with nothing to show for it. I have seen this ad nauseam for years upon years now.

The fact that you really believe in the nonsense that Proton is better than something activists use with a lot of proven trust is sheer fucking insanity. On top of it, you trust the "well established" liars more than whatever you assume the other people or endeavours are. There is very less room to talk through with folks like you, who already are deep into the trench and refuse the handed down rope. I trust Proton barely more than Gmail or Outlook in that it does not scan my emails for ad/revenue purposes. If you think they have encryption, you are a joke.

tables , 7 days ago

You react to small disagreements with insults, accusations of the user being a fed and threats of censorship (banning him because you disagree with him). I have no idea if you're an admin on lemmy and actually have the power to do this, but this is fairly downvoteable in my view.

TheAnonymouseJoker Mod , 7 days ago

What if I started allowing idiots claiming Apple is privacy friendly and people should absolutely trust Google Nest speakers because Google is a big company?

Disagreements are not small, when someone attempts to establish alternative reality as facts. This is why the bold stance is necessary.

Let me ask, how many years have you been deeply into the privacy endeavours? And I mean deeply. 2? 3? 5 years? I was using Tor before I hit teenagehood. You need a certain level of authority to keep such problems at bay, when one is unwilling to listen, act proud of not researching and double down on their nonsense takes. Maybe you like the shitty advice given on Reddit or other garbage privacy communities where Brave, Pixel and iPhone are recommended, but this is not going to be one. Privacy communities are full of half knowledge loonies and grifters, and there is almost no defense against it.

azalty , 11 days ago

Their privacy policy. They log IP addresses and are not immune to legal actions, and as such, are not really better than Proton in terms of legal actions

lemmyreader , 11 days ago

Their privacy policy. They log IP addresses and are not immune to legal actions, and as such, are not really better than Proton in terms of legal actions

They log IP addresses ? Source ?

azalty , 11 days ago

Source: the 3 first words of my comment…

https://disroot.org/en/privacy_policy Section 4.1

You’re the ones defending a service yet you don’t know that. Seems like someone who just found out the service can do better research. But hey, thanks for not being overly aggressive and claiming to know everything like this other guy.

lemmyreader , 11 days ago

Source: the 3 first words of my comment…

https://disroot.org/en/privacy_policy Section 4.1

You’re the ones defending a service yet you don’t know that. Seems like someone who just found out the service can do better research. But hey, thanks for not being overly aggressive and claiming to know everything like this other guy.

I simply asked you a question and thanks for pointing out more details. I have decided to trust Riseup and Disroot for reasons in the past. It is up to me to care about my privacy and security when there is the need for it. Other people will use Google Gmail with GnuPG, that up to them.

azalty , 10 days ago

Sorry for being aggressive :)

I just believe that Proton with end to end encryption by default is better than having unencrypted mail or similar

Good for you if you trust them, but you might as well self host then if you don’t need protection from the government 🤔

possiblylinux127 , 11 days ago

Email is bad in general and nothing can fix that

TheAnonymouseJoker Mod , 11 days ago

Well, that is partially true. But email with PGP used by both users is not bad. Funnily, Nuegia owner tried to scold me over holding this view that you hold, few years ago.

possiblylinux127 , 11 days ago

PGP doesn't protect anything but message contents. Additionally, if you key it compromised all of your messages are compromised.

lemmyreader , 11 days ago

PGP doesn’t protect anything but message contents.

Indeed, be careful with choosing your email subject line when using GnuPG to encrypt.

Additionally, if you key it compromised all of your messages are compromised.

Yes, maybe for some people it is. I once knew a person who created a new GnuPG key every few months. It is also recommended in some howtos that making your key never expire is a bad idea.

By the way, for all readers interested in using GnuPG, FSF updated their Email Self-Defense guide this week. https://hostux.social/@fsf/112405348416810419