so if you want to subscribe to a vpn, and you were considering proton, maybe dont
-
@Viss No vpn is safe, really.
@krypt3ia i run my own, on my own hardware, in a datacenter
-
so if you want to subscribe to a vpn, and you were considering proton, maybe dont
Joseph Cox (@josephcox@infosec.exchange)
New from 404 Media: Proton Mail, the privacy-focused email service, gave authorities data that let the FBI unmask an anonymous 'Stop Cop City' protester. It was payment data linked to the anonymous email account. From that, FBI ID'd them, then tracked their movements https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
Infosec Exchange (infosec.exchange)
@Viss you can pay Proton by cash via mail to stay anonymous.
-
@Viss you can pay Proton by cash via mail to stay anonymous.
@floriann and you would go to those lengths to pay them even though they'd turn over your logs still? tsk tsk
-
@krypt3ia i run my own, on my own hardware, in a datacenter
@Viss Even so.
-
@Viss Even so.
@Viss You get on the naughty list, they will just access it with warrant.
-
@Viss You get on the naughty list, they will just access it with warrant.
@krypt3ia yeah but then theres the lavabit way. just dont log. or log in such a short timeframe that the bureaucracy makes it impossible to get shit done in time
-
@floriann and you would go to those lengths to pay them even though they'd turn over your logs still? tsk tsk
-
-
-
-
@bhhaskin @floriann yes - and having had to partake in some of them, those mechanics are:
- folks here try to figure out who the folks on the other side are they need to get ahold of
- one agency here tries to talk to another agency there
- they basically have to do puppydog eyes and beg
- the other agency can tell them to get fucked if they wantand that entire exchange makes it into the news articles, cuz both agencies get credit
-
@bhhaskin @floriann yes - and having had to partake in some of them, those mechanics are:
- folks here try to figure out who the folks on the other side are they need to get ahold of
- one agency here tries to talk to another agency there
- they basically have to do puppydog eyes and beg
- the other agency can tell them to get fucked if they wantand that entire exchange makes it into the news articles, cuz both agencies get credit
@bhhaskin @floriann the best examples of these sorts of things are when american law enforcement goes after csam peddlers in another country. they'll usually mention that it was like, interpol or whoever they worked with, and that'll be clearly written about as such.
but this article only mentions proton, and the fbi
which, again, says they worked directly.
and if thats the caseproton turned over logs without any "legal pressure to". willingly.
-
@bhhaskin @floriann the best examples of these sorts of things are when american law enforcement goes after csam peddlers in another country. they'll usually mention that it was like, interpol or whoever they worked with, and that'll be clearly written about as such.
but this article only mentions proton, and the fbi
which, again, says they worked directly.
and if thats the caseproton turned over logs without any "legal pressure to". willingly.
@Viss @floriann hard to say without knowing the details. It could just be a poorly written article, or an article that is trying to push a narrative. (Can't actually read it behind the paywall)
A hypothetical could be that the FBI reached out to visa and asked them to have a business comply or lose access to payment services. Not saying that is what happened, but just that there could be a ton of reasons why it happened.
It wouldn't surprise me in the least if Proton willingly handed over, though. Just pointing out that really in this day and age that is any business.
-
@Viss @floriann hard to say without knowing the details. It could just be a poorly written article, or an article that is trying to push a narrative. (Can't actually read it behind the paywall)
A hypothetical could be that the FBI reached out to visa and asked them to have a business comply or lose access to payment services. Not saying that is what happened, but just that there could be a ton of reasons why it happened.
It wouldn't surprise me in the least if Proton willingly handed over, though. Just pointing out that really in this day and age that is any business.
-
-
@floriann and you would go to those lengths to pay them even though they'd turn over your logs still? tsk tsk
@Viss i can't access the article so I don't know to which logs you are referring to.
In general proton has a no logs policy but I guess they might be forced logging access to specific accounts on demand.
To mitigate this they offer Tor access. I personally don't use Proton and I think if some state actor is after you probably can't stay anonymous using convenient services.
I don't trust any VPN providers because it is the best Crypto AG like business appliance I can think of.
It's easy to tell the people to avoid Proton VPN because they might track you down when authorities walk in their offices and pull the business files out of the folders - but I can't think of any VPN this is better protected in that regard.
-
@Viss i can't access the article so I don't know to which logs you are referring to.
In general proton has a no logs policy but I guess they might be forced logging access to specific accounts on demand.
To mitigate this they offer Tor access. I personally don't use Proton and I think if some state actor is after you probably can't stay anonymous using convenient services.
I don't trust any VPN providers because it is the best Crypto AG like business appliance I can think of.
It's easy to tell the people to avoid Proton VPN because they might track you down when authorities walk in their offices and pull the business files out of the folders - but I can't think of any VPN this is better protected in that regard.
@floriann they turned over payment and subscriber details, and the person using the email used their personal bank/credit card to pay, and that data exposed their identity.
-
-
@Viss @bhhaskin I don't know if the user was a us citizen and I would like to hope that for an eu citizen it would be any different.
But the problem is that were completely dependent from the us. Let's think of Nicolas Guillou (https://www.heise.de/en/news/How-a-French-judge-was-digitally-cut-off-by-the-USA-11087561.html) and this was just a single pointed act of revenge.
-
@Viss @bhhaskin I don't know if the user was a us citizen and I would like to hope that for an eu citizen it would be any different.
But the problem is that were completely dependent from the us. Let's think of Nicolas Guillou (https://www.heise.de/en/news/How-a-French-judge-was-digitally-cut-off-by-the-USA-11087561.html) and this was just a single pointed act of revenge.
@floriann @bhhaskin based on the topic of the article, it would be surprising if the owner of the account was not a us citizen. but yeah, your point still is an important one - if the fbi can 'just get stuff' from switzerland, and the guy in charge is... ugh. ... just fucking look at him
then yeah, its a problem for literally everyone
