We were notified by a CERT about certain accounts used by hackers which is against Proton ToS and that led to a cluster of accounts being disabled. We will check them individually and see if some of them can be restored. Some spamming alerts were triggered also.
4 Likes
Thqnk you for the update, this gives it some more context. I will be following this discussion.
1 Like
Seems like a pretty rookie mistake to use the same device for any kind of pen testing that you would use with a legitimate identity.
You can assume that “cluster of accounts” means they either had same login IP address and additionally browser fingerprint.
3 Likes
Consider reading articles before you link to them:
our services will continue to be offered through the for-profit Swiss corporation Proton AG, which now operates under the supervision of the non-profit foundation, which is its primary shareholder. This change in governance does not signal a shift in how our core businesses are run. Proton is not profit-driven, but we still must retain profitability as a core objective
6 Likes
What does that even mean? A for-profit corporation run by a non-profit foundation? That just sounds goofy.
4 Likes
Maybe this is off topic, so apologies if that’s the case: I agree in general but this is definitely not the first sign of smoke for Proton. Proton has long since made it clear that people like the ones on this forum are not its priority. It has shown abysmal support for linux and degoogled android, it has imposed severe artificial limitations on custom domain aliases for lower tier accounts, it has been unwilling to accept private payments for the most part, and it has left platforms like mastodon for Twitter/X and Reddit.
To me this is less like the first sign of smoke and more like the flames just burned your neighbor’s house down. Maybe this particular case was arson and maybe not, but personally I’m glad I’m not waiting around to find out.
9 Likes
Mozilla has a similar goofy model actually:
We were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.
Our team is now reviewing these cases individually to determine if any can be restored.
https://xcancel.com/ProtonPrivacy/status/1965701997304103394
Government complained. Proton complied because they’re a legal company and have to remain in compliance.
https://xcancel.com/vxunderground/status/1965702648856023348
1 Like
To me it seems that’s conflating a whole lot of things, like the whole “climate change activist” thing. People often assume the request was because of climate activism, because nobody actually knows the identity of that person besides their claim on twitter about being a climate activist. Proton complied with a valid order from Swiss authorities (which came from the French) related to a criminal investigation which may have been about something entirely different. Nothing was ever public about it so we don’t really know what happened.
It has shown abysmal support for linux
The bridge, and proton mail work fine on Linux, most of proton’s offerings are web based so I’m not sure what that’s about.
degoogled android
ProtonVPN is in F-Droid as is Proton Pass. Protonmail APK can be downloaded. Unfortunately it does still have some google dependencies, but the good news is that a lot of their newer apps do not.
This is getting pretty off topic so I will hide my reply here
It’s pretty clear to me that linux users are second class citizens in the eyes of Proton. The Proton Mail app for linux was released well after Windows and MacOS, and even now is in beta while the others have had a full release. It also didn’t even have proper Wayland support last time I checked, making text blurry with fractional scaling enabled. Proton doesn’t use packaging distribution methods that are standard in the linux world, instead requiring people to download the files directly from their website. There are flatpaks available, but last time I checked they were all unofficial and unverified by Proton (which is also a security risk that they have failed to address). I see posts like this all the time on this forum:
Proton on Linux (to community)
Proton VPN brings split tunneling to Linux – here's what you need to know
Proton Mail doesn’t even have notifications on degoogled android unless you download a third party app. This has been an issue for years now and is absolutely unacceptable in my view.
Downloading an APK manually is not user friendly and is not the preferred method of installation for most people. I don’t believe the app has an auto-updater either which is bad for security.
I also neglected to mention in my previous comment that Proton is terrible at open source development. I used to use Obtainium to update Proton Mail for Android and it was a disaster because the Github code was never up to date with the newest Google Play release (there are posts around the internet about this as well). I see posts here about these types of practices all the time:
To me, it seems more like a pattern of behavior that represents a misalignment with my ideals and likely the ideals of many on this forum as well.
1 Like
A Nothing burger really. Proton has millions of accounts, it will happen some mistakes. As they said they are reviewing everything. Also, why does every article about Proton people need to bring other problems ? This seems like FUD to me.
1 Like
Welcome to the internet
We have
The Reddit/Twitter of privacy: Privacy Guides
Conspiracy theorists
People who intentionally spread misinformation and/or malformation
Ragebaiters
People who don’t read threads and throw posts/answers with assumptions when they don’t
People who take out the context of someone’s context and push their narrative
What else?
3 Likes
Seems like there is an increase of FUD here. I am wondering if this is part of a targeted campaign to tear us down. (Ofc some posts are legit). Really sad.
For Fedora:
Proton doesn’t have a Drive app.
It took Proton 8 years to give us Split Tunneling. Otherwise, the app is very bare bones.
All of Proton’s apps need to be installed via terminal. Not one official app is available in the Software store.
Proton keep releasing new products instead of improving what they have.
1 Like
Seems there’s an unofficial one that uses rclone here ProtonDrive Linux Client. Rclone in my experience has been pretty stable.
I guess, that could be a down side, but I do know they have offical apt and yum repos, so that’s a good thing from perspective of auto updates.
That I think probably is the most major flaw, but i guess they’re really trying to position themselves as a google replacement with e2ee wherever possible.
Software isn’t a store. It’s closer to a graphical package manager. The distribution is normally responsible for the packages that show up in Software, NOT proton. The only way that an official proton app would show up is if they created a flatpak, uploaded it to flathub, and then the distro creators (or you) enabled that repository.
Speaking of which, Notesnook just commented on this story via Twitter.
4 Likes
Question is if Proton was located in Germany rather like Tuta or Mailbox will they do the same? Does the location of their headquarters has any effect to this decision?
What would you guys do if you receive similar requests to ban user accounts? @Tuta_Official
The location of their headquarters or data centers does not have any impact. What matters is the location of the user in question. Proton must comply with local laws after all, especially with government subpoenas and all that.
More shots fired. By Windscribe this time.
5 Likes