It feels like Proton are being intentionally misleading in their statements.
-
@ohir @malwaretech Like, Uber doesn't make the claim that you can get privacy in Uber, but Proton *specifically* said this on that web site:
"Strong privacy protections: Switzerland has a constitutional right to privacy and strict data protection laws. Unlike companies in other countries, Proton cannot be compelled by foreign or Swiss authorities to engage in bulk surveillance."
That's a major reason they say "This is why we're Switzerland-based.".
And here? Here they are "Loopholing" that whole statement.
@AT1ST @malwaretech
Proton can not be compelled to provide bulk surveilance.What is to be misunderstood in the "bulk" word? They stated what laws of their incorporation says.
Privacy does not mean anonymity. Encryption does not mean anonymity.
Encryption provides confidentiality, this is a vessel for privacy. Tech can provide your mail can not be read by their staff if both parties use two-key approach. As this was too hard for the masses, one can now turn this on.The problem is so many people can not grasp the details. Then the easy and enough-secure provider is magnitude better for the masses than alternatives feeding the monster siliconiacs.
Were Proton started their message with "dear user, remember we are obliged to help law enforcement to know you" this would be as much misunderstood. And prospect non US user would be inclined to choose eg. Apple mail instead. Because "you know, Apple protects their customers".
Reiterating: Privacy is not anonymity. Encryption is not anonymity. There is no anonymity on current Internet, only are ways to up cost and time to discover. Like hand routed Tor between mail services hosted in separate mafia states.
-
@ohir @malwaretech "There is no way to resistance in many countries. You can complain on merit."
...My point is that it seems they relied on the Swiss government to do the resistance and judge the merit. The point of a "Resistance lawsuit" is to complain on merit.
(Also, ProtonMail both makes income, and kind of makes the argument that Swiss companies *cannot* share information with foreign law enforcement under criminal penalty [ https://proton.me/blog/switzerland ]. They're doing this reveal of information as a "Loophole" to their own privacy marketing.
At the minimum, this is a bad look for P.R. purposes.)
@AT1ST @malwaretech
> Swiss companies *cannot* share information with foreign law enforcement under criminal penalty
True. You can not sell your customer data without a warrant from the Swiss authorities. Thats why Swiss bankers got so insanely rich. They can not be compelled to be customer watchers, then a valid warrant must have had a valid warrant subject. -
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech If you don’t like Proton, there’s always Google! I love how readily people criticize Proton even though it’s likely the best privacy ecosystem we have now. At the same time I wish they zero encrypted the meta data enough to make this a non-issue. More than one thing is true at the same time.
-
@malwaretech So they're skirting the government request *entirely* on money and lack of compliance?
I am not saying that ProtonMail has to *win* their case, but it does feel like ProtonMail is just folding right out of the gate.
Like how it has been pointed out that a Filibuster where you have to keep debating an issue in the House or the Senate to block it became suddenly a "If you threaten to filibuster it, then I guess we don't bother testing that you *can* filibuster this law - it's just dead.".
No, it's a different situation from a technical perspective.
One is a request for data (mail) a company already has stored on its own servers, and that that company can already access at will.
The other is a request for a company to develop and provide a tool to the government, so the government may unlock devices belonging to 3rd parties, and independently access the data therein.
To build a flimsy analogy here, one case is the government coming to your house and saying "give me all the files from the safe in your office".
The other is the government going to the safe company and saying "give me a skeleton key to unlock every safe you've ever made" -
No, it's a different situation from a technical perspective.
One is a request for data (mail) a company already has stored on its own servers, and that that company can already access at will.
The other is a request for a company to develop and provide a tool to the government, so the government may unlock devices belonging to 3rd parties, and independently access the data therein.
To build a flimsy analogy here, one case is the government coming to your house and saying "give me all the files from the safe in your office".
The other is the government going to the safe company and saying "give me a skeleton key to unlock every safe you've ever made"@lackthereof The technical difference is only partially why that stance was taken.
As I understand it, they didn't even give away mail, they gave away the credit card processing token (Or the information outright), so that the credit card processing company could reveal more information. That is, Proton Mail made a point that they still cannot actually retrieve mail from their servers without doing the skeleton thing, and they aren't doing that.
But they did hand over information similar to a journalist not giving away their source, but instead giving away where they met their source and who knew their source, on account of a warrant.
-
@blustoftimes @malwaretech so germany does not have MLAT with u.s.?
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech Yes. And. They're riding on reputation built by Swiss banks' previous refusal to comply with international reporting standards. Switzerland overall has a *reputation* of aversion to surveillance and a critical reaction to requests by foreign authorities, but that doesn't mean they'll go to bat for anyone based on those principles alone.
-
@malwaretech If you don’t like Proton, there’s always Google! I love how readily people criticize Proton even though it’s likely the best privacy ecosystem we have now. At the same time I wish they zero encrypted the meta data enough to make this a non-issue. More than one thing is true at the same time.
@unCoopervised ya'll fanboys are insufferable
-
@kallisti @silhouette @malwaretech
Nice piracy target.
@oldoldcojote @kallisti @silhouette @malwaretech If you torrent all of Metallica's output from a data center on a ship, they send you a free eye patch and a pointy hat.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
lol, this post really brought out all the insufferable fanboys. I'm not gonna pretend like I didn't know which of the 3 platforms I posted this on would have a bunch of people deeply personally offended by criticism of a corporation
-
@kallisti @silhouette @malwaretech I mean you could just use an ol' boring ship if you want to have a lot of computers in international waters. The hardest part would be to transfer energy and data, but cooling would be easy af.
@jnk Wouldn't it still need to fly the flag of some country, and be under that country's legal jurisdiction?
If I recall correctly ships which don't fly the flag of any jurisdiction, or fly the flag of a country they aren't registered in, exist in legally ambiguous territory where some of the normal protections afforded to vessels might not apply. -
@kallisti @silhouette @malwaretech I mean you could just use an ol' boring ship if you want to have a lot of computers in international waters. The hardest part would be to transfer energy and data, but cooling would be easy af.
@jnk @kallisti @silhouette @malwaretech I think power is the easier of the two, considering how much power is used on ships.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech @aredridel this discussion should have happened five years ago https://proton.me/blog/climate-activist-arrest
-
@oldoldcojote @kallisti @silhouette @malwaretech If you torrent all of Metallica's output from a data center on a ship, they send you a free eye patch and a pointy hat.
@Linza @oldoldcojote @kallisti @silhouette @malwaretech Lars will ram your floating DC with his speedboat before that happens.
-
@blustoftimes @malwaretech so germany does not have MLAT with u.s.?
@utf_7 It seems they do: https://www.state.gov/wp-content/uploads/2019/02/09-1018-Germany-MLAT.pdf
It was still in effect as of 2025: https://www.state.gov/wp-content/uploads/2025/08/Treaties-in-Force-2025-FINAL.pdf
See page 172.
I don't know the terms of the MLAT; there may be restrictions relating to subpoenas like this.
-
lol, this post really brought out all the insufferable fanboys. I'm not gonna pretend like I didn't know which of the 3 platforms I posted this on would have a bunch of people deeply personally offended by criticism of a corporation
@malwaretech criticism of corporations is practically the only thing mastodon is substantively capable of now lol what
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
Re: "massively illegal", I think the core argument proton and similar corporations make is that local law includes the local law checks and balances for law enforcement access. The underlying assumption is that this is one of the main things out of whack in American law, ie that the FBI can get warrants for anything - I can't say whether this is really true, though. It definitely _feels_ that way.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech yeah that’s their usual trick. I never cared about them when they first came about, but paying attention in the last 2~3y has made clear that they do this shit a lot, alongside openwashing and other misrepresentation
(Iirc @zzt has put together a small gallery of their top hits, but I don’t have the thread handy rn)
-
@malwaretech The thing that gets me is - is the company being requested by the MLAT allowed to challenge their local government on the legality of the request?
Like how Apple famously refused to make a program to automatically decrypt their iPhones to federal, state, or municipal authorities to be able to decrypt a terrorist's phone, and as I recall, that actually went to court on that?
Could Proton not do the same with the request made of them?
@AT1ST Depends what remedies exist under both the MLAT and Swiss law. I'm not sure if they could challenge in US court, Swiss court, or both.
In US court, companies can move to quash a subpoena, but if a magistrate judge found probable cause, that would probably be a difficult battle. Not to mention the grounds for quashing a subpoena in the first place are very limited, and I don't think that any remedy is even available here but am not an expert (https://www.law.cornell.edu/rules/frcp/rule_45).Once the case gets the court - and it doesn't seem it ever did here - there could be motions to suppress the evidence on the grounds it was illegally obtained. That seems unlikely to prevail here, especially given that analysis would probably be under US law, not Swiss law.
There could also be other challenges to the case, i.e. first amendment challenges, but without knowing the facts its hard to know how successful those challenges would be. All of that is so far down the road that it wouldn't be in Proton's calculus.
I am not a lawyer, take everything I said with a lot of skepticism.
-
It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying "we don't respond to legal requests from anywhere other than Swiss authorities" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the "we only respond to requests from the Swiss authorities". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
@malwaretech They are also leaving out the fact that they only had to hand out that data because they had decided earlier to store it - because someone decided that kind of data on their users is a monetizable asset, not toxic waste.
Other email providers have a better separation of payment data and email accounts, and thus can't betray their customers to adversaries via hacks or MLAT.
