• imkali@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    71
    ·
    edit-2
    7 months ago

    Sounds like an avoidable problem, that Proton didn’t have a whole lot to fight it with. Obviously they could/should have fought it in court, but this could have been avoided if the individual simply didn’t link a recovery email and/or didn’t share the same email across Apple products + protesting. Although, the article does point out that if you sign up over Tor or a VPN it requires a verification email, which sucks- though you could just use a temporary email address to get around it. As CaptObvious pointed out (literally @CaptObvious@literature.cafe lmfao) the reporter pointed out Proton rejects temporary emails.

    Key information:

    The core of the controversy stems from Proton Mail providing the Spanish police with the recovery email address associated with the Proton Mail account of an individual

    individual is suspected of being a member of the Mossos d’Esquadra (Catalonia’s police force) and of using their internal knowledge to assist the Democratic Tsunami movement.

    Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.

    This case is particularly noteworthy because […] complex interplay between technology firms, user privacy, and law enforcement.

    requests were made under the guise of anti-terrorism laws

    primary activities of the Democratic Tsunami involving protests and roadblocks

    Proton Mail’s compliance with these requests is bound by Swiss law

    Comment from Proton:

    We are aware of the Spanish terrorism case involving alleged threats to the King of Spain, but as a general rule we do not comment on specific cases. Proton has minimal user information, as illustrated by the fact that in this case data obtained from Apple was used to identify the terrorism suspect. Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method. Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order, as terrorism is against the law in Switzerland.

    • CaptObvious
      link
      fedilink
      English
      arrow-up
      38
      ·
      7 months ago

      The reporter noted that disposable verification addresses are rejected by Proton.

        • CaptObvious
          link
          fedilink
          English
          arrow-up
          12
          ·
          7 months ago

          And how do you get either of those using a throwaway verification account?

          • AlteredStateBlob@kbin.social
            link
            fedilink
            arrow-up
            9
            ·
            7 months ago

            I mean, suit yourself if you insist that you can or only want to do it with a throwaway. I’m saying you can do it with similar services like tutanota as the failover address, eliminating the need for a throwaway.

            • CaptObvious
              link
              fedilink
              English
              arrow-up
              5
              ·
              7 months ago

              My bad. I thought Tuta also required a verification email when I created an account several years ago. Just tried it, and they don’t appear to these days. Good to know. Thanks.

        • CaptObvious
          link
          fedilink
          English
          arrow-up
          4
          ·
          7 months ago

          It feels a little like we’re playing Whack-a-Mole with threading multiple email providers here. :)

          The handle is a hobby nickname, by the way. My wife started calling me that as a trail name several years ago, and it stuck.

    • OnePhoenix@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      7 months ago

      I don’t know if what I do is the right way around this but, as stated Proton will reject disposable verification emails and you cannot use another proton account to verify a new one.

      My workaround for this is to verify proton with a Tutanota account which is also created with as little to no identifiable information as possible.

      TLDR: Proton accepts Tuta emails for verification and Tuta emails can be created anonymously.

      • CaptObvious
        link
        fedilink
        English
        arrow-up
        11
        ·
        7 months ago

        Which leads to the next logical question: Why not just use Tuta in the first place?

        • OnePhoenix@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          7 months ago

          Valid point. I do prefer the UI with Proton, I find it nicer to click through. Also, Tuta usually makes you wait 2-3 days before you can use it - not a big deal really, unless you’re trying to sign up for something new.

          • CaptObvious
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            There was no wait period when I signed up for their service, but that was several years ago. Things always change.

          • CaptObvious
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            Always good advice. But at least make the second basket one that you can trust. Proton ain’t it.

          • CaptObvious
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            Other than not requiring a second email address linked to their service, being covered by German rather than Swiss law, actually fighting back against information requests, and not sucking up to the Chinese Communist Party, Tuta is probably fairly similar. Those differences, though, are persuasive.