Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
I like how no ones talking about how Apple (the one its fanboys say is most privacy centric company) was the one that helped identity the individual.
Proton leaked the recovery email. Apple has never given any guarantee about their mail service, which isn’t the case of Proton
Don’t put any recovery info on Proton
Proton has never given any guarantee about hiding all account metadata from the Swiss government either.
“Privacy” means two different things depending on the audience. For me privacy means that my information is not being used to advance some organizations commercial interest. For others it means that my information will never be shared with a government.
Don’t advertise to me
Or
Don’t narc on me
I guess I don’t really expect a company to resist pressure from government agencies on my behalf. Especially if I have been using their service to commit crimes in my country. If you are doing things your government would prefer you didn’t, hire a good lawyer and consult with them about what should be sent via email (spoiler, it’s nothing). The mafia doesn’t send emails, or put anything in writing, if you do crimes, you shouldn’t either.
This is non-news, like all tech companies, they are bound by law to do this. It happens more than 6000 times per year for Proton. However, this user just had bad opsec. Proton emails are all encrypted and cannot be read unless law enforcement gets your password, which Proton does not have access to. Even if Proton hands over all data.
deleted by creator
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
The user specifically requested that Proton retain this PII for account recovery.
Speaking of which, how do they implement recovery emails? Do they save your private keys only if account recovery is enabled?
What I am find curious about this is if a recovery email would have any weight in court. I can add whatever recovery email I want to an account. It doesn’t have to be mine.
I still find it fascinating that you can go to jail because there’s an IP address in a log file somewhere or because of a screenshot of a messenger communication.
Any more so than, say, fingerprints, DNA, or accounting records?
They provided the backup e-mail address
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
Just in case anyone thinks they decrypted mails and handed them over, nope. I hadn’t thought about that “settings” are not encrypted. Guess if you want to stay anonymous you shouldn’t add your private mail address in there as a backup.
Yeah. Even if they couldn’t hand over recovery emails, having a personal email as a backup to a “private and sensitive” email account is bad practice.
But what do you do if that field is needed? A throwaway address won’t work as it’s easy to recreate. Buy your own domain and run a server?
I put the Simplelogin email alias as my backup mail. Which forwards mail to my proton, so I guess it isn’t really a backup. Even more so if you realize I need to sign into simplelogin with my protonmail account and protonmail owns Simplelogin.
Ah yes the email ouroboros