Privacy-focused email provider Proton Mail provided Swiss authorities with payment data that the FBI then used to determine who was allegedly behind an anonymous account affiliated with the Stop Cop City movement in Atlanta, according to a court record reviewed by 404 Media.
The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties. In this case, the Proton Mail account was affiliated with the Defend the Atlanta Forest (DTAF) group and Stop Cop City movement in Atlanta, which authorities were investigating for their connection to arson, vandalism and doxing. Broadly, members were protesting the building of a large police training center next to the Intrenchment Creek Park in Atlanta, and actions also included camping in the forest and lawsuits. Charges against more than 60 people have since been dropped.
Information the FBI received showed a specific person as the payment source for a particular Proton Mail account, the record shows. “On January 25, 2024, subscriber information received from the Swiss Mutual Legal Assistance Treaty Unit, revealed [full name] (SUBJECT) as the payment source for the Proton e-mail address defendtheatlantaforest@protonmail.com,” it reads. 404 Media is not publishing the person’s name because they don’t appear to have been charged with a crime, according to searches of court databases.
[…]
The document says the FBI believes that whoever manages the Proton Mail account likely has administrative access to the blog. The FBI received details about that Proton Mail account from the Swiss authorities via a Mutual Legal Assistance Treaty, or MLAT. An MLAT is when authorities in one country agree to provide information to an agency in another country. These are often used when the company or entity holding the information may only respond to local law enforcement demands for data.Edward Shone, head of communications for Proton AG, the company behind Proton Mail, told 404 Media in an email: “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT. Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law.” Functionally, though, the material was provided to the FBI.
Proton hate circle jerk bouta go crazy.
Proton was forced by Swiss courts to hand over the very little info they had. The user used a traceable payment method, rather than something anonymous such as monero. Nothing like email content was handed over. This is a nothing burger.
Proton handed over enough information to an agency of a fascist country to selectively target and disappear a person.
How was this downvoted? Does the word fascist hurt your feelings?
It’s an exact summary of what occurred.
Wait! I have to check. Is this a privacy forum? Yep look at that i’m not lost.
The US gov’t is not a representative democracy. It’s influenced only by stakeholders and lobbyists. Not voters who have zero influence on policies. Pay lip service to it, but it’s not true.
So fascist country, is how the poster describes it. I’d describe it as not a representative democracy. And if it’s not a representative democracy, it’s something else.
Just like Proton mail is something else.
This is a nothing burger.
They literally unmasked him?
If you do FBI level criminal activity you better make sure not to give your credit card information to the E-Mail provider. I’m sorry but this one was easy to avoid.
Through no fault of Proton. He made an opsec mistake choosing to use money tied to his government identity, rather than something anonymous like crypto. By “nothing burger” I mean that it’s not the controversy it’s going to become.
You misspelled Monero.
Do not pretend that other PoS (1998 old tech like ETH) or PoW (2009) coins/tokens are privacy coins.
SHUM
Monero is a form of crypto currency. BTC, ETH, and others are nowhere near as private, but I didn’t want to outright name Monero. That said, I’d argue any sufficiently washed crypto is better than fiat.
any sufficiently washed crypto is better than fiat
Actually not really. opt-in privacy is worthless. Being the only one making private transactions within a sea of users making transparent transactions is worthless.
paper fiat currency is mostly anonymous for offline transactions between two people.
For online transactions, privacy is actually very very hard. So not all cryptocurrency are created equal.
And mentioning ETH and pretending it’s a cryptocurrency is misleading. It’s PoS (1998 technology). PoW was created to solve the problem of PoS masternodes.
I always assumed Proton was out as an anonymizer since it’s all buddy-buddy with Google.
Always assumed cuz it’s a web site and it’s does not appear on the list.
all buddy-buddy with Google
WDYM?
https://lemmy.world/comment/21151608
I like Proton and use it too… but they lied from the start. It wasn’t because of laws or pressure, etc. No attempt was made to take action against it. Well, at least Proton voluntarily helped out… In 2021, they finally updated the text on their website… Of course, they don’t mention that they were diligently logging data in previous years. It doesn’t look good for an email provider that has been lying for years about security.
What security? What privacy? It’s a dodgy company pretending to provide secure communications.
Still, a reminder for people to use anonymous payment methods if they’re in the authorities scope like this.
Good reminder, bad title though.
I don’t like proton as a company very much but I’m inclined to agree. The headline doesn’t really seem an apt description.
That being said, it is important for people to remember that something like proton alone is not total protection. You do also need to have good opsec
I understand “they were just following orders” but why did they have that payment info available regardless? I thought they were the private email people.
Because they have to be able to charge the account.
Mullvad doesn’t seem to have this issue, and they don’t have a fraction as many services as Proton does.
Mullvad does have this issue. That is why in their logging policy explaining what they don’t, do, or have to log, they explicitly state:
For credit card, PayPal, Swish, and bank wire, we do use third parties: Stripe, PayPal, and our bank SEB (which handles both Swish and bank wire). These kinds of companies log everything. For that reason alone, it is out of our control that they have records showing which people have paid us money (i.e. processing of personal data).
As a customer of their services, these entities would allow us to request this information if we chose to do so. In short, your payment actions with these two methods are not anonymous and the GDPR and other relevant data protection regulations may apply if you are making a payment by credit card, PayPal, Swish or by bank wire.
This person would have been just as easily unmasked had they paid Mullvad and had that account found by the government, as they were when the government found their Proton account.
Something that could have been easily avoided if Proton provided a one-time pay option instead of rent-seeking grift methods.
And no, crypto is not necessarily a good option. I can’t, to my knowledge, buy crypto giftacrds with cash in any country in Latin America at least.
It’s not necessarily “rent-seeking grift”, it’s often offered as a convenience. Plus, you can do one time payments to stock up credits.
As for your second point, I’d suggest going to an online exchange and trading for crypto.
It’s not necessarily “rent-seeking grift”, it’s often offered as a convenience
What?
How is having to pay in continuity, the more if using payment systems subject to KYC, a convenience over having to pay only once?
Because if your account requires continuous payments, most consumers would like to not randomly get their service cut if they forgot to stock up. Yes, that’s different in the privacy community, but Proton still caters to people who put little value in privacy.
Don"t trust Swiss companies. Neutrality doesn’t exist, it"s just a money game. Swiss law does NOT provide any privacy protection for foreign customers.
That’s simply false.
Come on we all know they didn’t exactly have ethical issues taking all that Nazi gold.
Yes, the current admin in the US is full of Nazis. No, proton didn’t take money, afaik, from them for anything.
If it’s a money game I can pay for privacy, no?
What a whopper of a title.
Proton didn’t help the FBI. The FBI unmasked the dude themselves with the info they had, a small amount of which was handed over by the Swiss feds that they obtained from Proton per Swiss law.
Y’all need to remember that any company operating in any particular country is beholden to that country’s laws.
