Proton deletes account of a journalist doing responsible disclosure to the Korean Government. Cue the “they will comply with laws”, but there is no violation of law or ToS here. They will comply with random government pressures? No better than others in that case, just use Gmail or apple suite, why pay a premium.
Good post @darwinism. It’s great to see Phrack Magazine call out that Proton’s primary concern is making money… they have no moral compass. They put their bottom line above everything which is why they tout privacy but give up the goods to everyone that comes aknocking. That’s why they celebrate/advertise/market their product as open sourced but refuse to make the code public for most of their latest releases. That’s why they celebrate Trump’s election yet tell European audiences that they need to distance themselves from the authoritarian US administration. They have no moral compass and will do anything to make money.
To say the privacy community is compromised in their relationship with Proton is an understatement. In fact, I posted earlier in this thread @'ing @Proton_Team to call them to task and a moderator hid my comments from view, ‘restored’ them and then deleted them altogether so that there’s no trace of them ever occurring. All that’s left is some notifications on my profile:
Your comment was removed because it was off topic. You cannot expect that companies will reply to you here. And you were mentioning a question that wasn’t even addressed at Proton. Please refrain from dragging this off topic. Thank you.
I do wonder protons motives here. I understand that they cannot just go full lavabit and shutdown the company everytime they get a request. But disabling it outright with any fight or publicity is suspicious.
Had to make a new comment, but here’s where it gets into the greyish area for me. From what proton says on it’s privacy policy:
We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Proton’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company. Under no circumstances can Proton decrypt end-to-end encrypted content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in the transparency reports listed in our products-specific policies.
Yes, there is a proton email address, however it was tied to a spear-phishing operation that was a campaign that impersonated people from the South Korean government. HOWEVER this was not related to the whistleblowers account
If the whistleblower was distributing the logins as proof, that would technically fall under proton’s rule of no sharing hacked or stolen data. Who’s to say that the gov didn’t have Proton disable the account too? This is just my “Anything happened” look at it
People using Proton and once again conflating privacy with anonymity. If you want to be completely anonymous using Proton; use a VPN, don’t include a recovery email at all since at it is not encrypted (by the way, the climate activist violated these two rules) , don’t disseminate emails with your Proton address if it’s going to have personal information and pay for it with Monero. If
If these folks were serious about anonymity they would have done all of this and made it impossible for Proton to be able to locate their email address, but they highly likely did not because of said conflation.
From the way i read it it seemed they used a dedicated proton address for this disclosure and it was allegedly suspended. The allegation sounds as if they did this on request of the South Korean government.
It remains hard to argue for or against Proton without more details. So far it seems a very one sided story with little to no details. While understandable they don’t want to share the contents of what actually was communicated it is hard to say something about it.
Proton Mails terms of service are quite clear. An account can be disable/deactivated for numerous valid reasons. Lacking any concrete details, it’s nothing more than speculation at this point.
Get what you’re saying and fair use and journalisim is generally protected. But Proton’s TOS isn’t the same as swiss or EU law. Like I mentioned before, Proton prohibits hacked or stolen credentials sent or distributed through their services. Yes even if it was in good faith, that was probably a TOS violation.
Fair use protects journalists from government and legal retaliation for publishing leaked material. Even if what the journalist was doing was legal under government law, proton or any other provider can enforce their own rules.
Proton isn’t going to delete someone’s account for journalism, but if hacked data was shared or distributed then yeah it’s proton’s call. I’m not ruling out gov pressure either. If you look at proton’s transparency report, swiss authorities even serve orders to proton.
And to address “Well how would that work?” Switzerland and South Korea have a MLAT (Mutual Legal Assistance Treaty) to have the SK gov contact the Swiss Federal Office Of Justice and they would review everything and then make a Swiss Order. They could have ordered to have the account suspended, but again this is speculation.
Why is that an unreasonable expectation? Some companies have an official presence on PG, hence it’s natural to expect that some interaction with them is possible here, even if the chances are low. Notesnook responded to a post I made here. And the creator of Alias Vault has responded to many comments about his app.
If I was trying to publicly reach a company with the hope that they would respond, I would try every communication channel that I can think of, PG being one of them.
Could you come over less hostile? I have ran this community long enough to know that soms apparent scandals end up being nothing more then a nothing burger.
I am not saying thats the case here, but I am waiting for mode jnformation before writing over the entire company. If we keep burning companies at the first sight of smoke, then there will be no alternatives left.
That doesn’t mean they are beyond criticism. They still operate a business of which the aim is to stay profitable. Mozilla is also a non-profit, and we criticize them all the time.
OpenAI is also registered as a non-profit. Does anyone in the privacy community trust them? Hello no.
The thing is, it strongly suggests either of two things is true:
The South Korean government is a bunch of idiots and reports / shuts down people who disclose vulnerabilities and/or North Korean malware campaigns to them, and Proton just complies with such idiots
Proton works with North Korea to shut down people reporting on North Korean malware campaigns
I’m a strong proponent of Hanlon’s razor, so I’d say the first is the case.
Your tone is overly negative to your fellow forum dwellers. If you took your own advice
And not assume that either I or others are giving a free pass just because we are interested in more information instead of immediately condeming proton, than that would be swell .