Expecting everyone to be good at opsec is not a practical solution - making it the problem of the company that can and should hire people to be good at opsec, is.
Well, not everyone needs to be good at opsec, most people are fine as is.
Most people are not working against the government either.
But if you are going against the government, or any large and powerful entity, you absolutely need good, reliable opsec.
When the police comes knocking on your door, you can’t just blame Proton for not informing you about not using your own CC to sign up for your service.
This isn’t a playground, you are dealing with the big boys now, and they have far more tools than you have, unless you learn and adapt, you will get burnt.
So while you are right that bot everyone can be expected to be good at opsec, that isn’t the issue.
The issue is that this was an opsec failure of the guy, it wasn’t Proton messing up.
“When the police comes knocking on your door, you can’t just blame Proton”
obviously, but the ideal we should be working towards is that privacy is the default, right? The more normal it is to have this kind of privacy, the less suspicious it is.
are they legally required to store the credit card information?
Expecting everyone to be good at opsec is not a practical solution - making it the problem of the company that can and should hire people to be good at opsec, is.
Well, not everyone needs to be good at opsec, most people are fine as is.
Most people are not working against the government either.
But if you are going against the government, or any large and powerful entity, you absolutely need good, reliable opsec.
When the police comes knocking on your door, you can’t just blame Proton for not informing you about not using your own CC to sign up for your service.
This isn’t a playground, you are dealing with the big boys now, and they have far more tools than you have, unless you learn and adapt, you will get burnt.
So while you are right that bot everyone can be expected to be good at opsec, that isn’t the issue.
The issue is that this was an opsec failure of the guy, it wasn’t Proton messing up.
“When the police comes knocking on your door, you can’t just blame Proton”
obviously, but the ideal we should be working towards is that privacy is the default, right? The more normal it is to have this kind of privacy, the less suspicious it is.
are they legally required to store the credit card information?
I agree that we should work toward a more private society, but we are not there yet.
And to answer your question, yes, Proton is required to store the CC info.
oh, well in that case I’m not sure what they could have done, aside from being clearer that this was a threat that users had to be aware of