For all the Proton fans

taylor@social.axfive.net

@freediverx @boojum @skinnylatte How do you charge somebody's credit card regularly on a subscription basis without storing any PII or working with a third party that stores PII?

This is like charging a premium for the world’s most secure door lock when a burglar can easily enter your house by breaking a window.

In which case it would be ridiculous to blame the door lock company when somebody breaks your window.

I think a more apt analogy is that it's like a hotel charging a premium for a high-privacy room, but still giving their card records to the FBI when they come with a warrant for those records, telling them what credit card paid for which room.

adbenitez@masto.es

@skinnylatte I never liked protonmail, they push you to use their centralized service, it is better to use Delta Chat for encrypted email and you can encrypt with any server or even host your own, no need to use a server in the hands of a specific company, also migrating from one server to another without losing your chats and contacts

budududuroiu@hachyderm.io

@freediverx @taylor @boojum @skinnylatte

> If they can't structure their service in a way that avoids the collection and storage of personally identifiable customer data, then they have no business claiming they offer privacy

Well they have, they give you the option of mailing them cash to pay for your service, that the person in question chose to use their credit card just shows bad judgment of their threat model and bad OPSEC.

> This is like charging a premium for the world’s most secure door lock when a burglar can easily enter your house by breaking a window.

Exactly, you hit the nail on the head, the person had bad opsec, like using Tor and Tails to go ahead and sign into your Gmail address before doing something the state disapproves of. Tech really isn't the issue in this case

fonos@mstdn.social

@skinnylatte This is very misleading. Proton never claimed you would be anonymous. They do not collect user data, the maximum they can have (if I'm not mistaken) is your IP, backup email and credit card, if you paid with one. The rest is end-to-end encrypted.

In this case, the account was a premium one that was paid with a credit card. You have ways of getting the subscription more privately, and this was a case of bad OpSec.

Please don't spread FUD.

ohir@social.vivaldi.net

@skinnylatte There is no anonymity on the nets. Even for very versed in nuances of surveilance hackers. 25 years ago we could use mixmasters and other aonymization techniques. And all privacy seeking users could have been deanonymized by a simple cepstral analysis of text produced. Some cypherpunks who knew tried to counter this using with their wanna-be-anon persona unusual capitalization, peculiar typos, and were sprinkling their posts with mannerisms and other distractive goodies perl allowed. It was not much helpful, ok, it usually could give a day or two of leg, because sample posts needed to be manually marked for topical analysis, but it was not possible to hide from determined adversary. No LLMs, just a few tools built for linguists.

Today so many netfarers want 'absolute anonymity' yet demand from us techies that it all must support stickers and must run on Android/iOS device that is costantly beaming not only their whreabouts, but also their food, flowers, body parts. And this fancy new furniture.

dadbod@pdx.social

@Pyrogenesis @r3dr3clus3 @skinnylatte Maybe don’t use a traceable credit card if you’re that worried about privacy.

frank@social.fraxoweb.com

@skinnylatte I live in Canada and I use https://typewire.com . It is quite new and has a few glitches though.

c@misskey.gothloli.club

@skinnylatte@hachyderm.io gpg密钥在服务提供商手里本身就是一个笑话

joblakely@mastodon.social

@freediverx @boojum @skinnylatte I’d want my money back. There should be a class action because everyone has been actually paying for nothing.

ve2uwy@mastodon.radio

@skry @r3dr3clus3 @skinnylatte

If it was a (Swiss equivalent) legal warrant then that's fine.

But I don't see what the "Cop shot" and "explosive devices" have anything to do with this. Either the warrant (or equivalent) is valid or it isn't - the cop thing shouldn't have any direct bearing on what Proton does or doesn't do.

Bottom line, though was that it was a valid warrant and they had no choice.

mikal@sfba.social

@Pyrogenesis

If you pay by credit card they, by definition, have the data and can be compelled to give it up. Just like any company will be. The headline is sensational FUD.

I don't use Proton, but the misinformation flying around about this now will lead people to very simplistic "Proton bad! No use Proton!" instead of "I want to be anonymous, so I need to rethink my opsec in ways that avoid obviously traceable things like credit cards."

This is the problem. People need to learn the difference between security, privacy, anonymity and secrecy and where those things overlap and how to balance them against living as a hermit in a cave somewhere. Simplistic "Proton(etc.) bad! No use Proton(etc.)" hijack what needs to be a calm, fact-based discussion.

anon@tuiter.rocks

@skinnylatte

Desde cuando Proton tiene que proteger delincuentes? 💬

froge@social.glitched.systems

@skinnylatte@hachyderm.io I've been telling people for literal years that Proton is just a big tech provider, they have deactivated accounts and removed users simply for doing things they don't like, most recently they deactivated the account of some Phrack security researchers for annoying Proton by using the email for security disclosures

Also people should read their transparency logs, they regularly give out user data before valid court orders are even approved lol

jigmedatse@social.openpsychology.net

@skinnylatte@hachyderm.io shaking my head... Well... I'm not actually surprised, but well... OK...

tail_call@mas.to

@skinnylatte

someone earlier in the thread said "please don't spread the fud", and i say please do