Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester

Where did I say that?

Besides, the text of Lugano Convention is directly opposed to what you’re claiming.

I need third-party citations. The Lugano Convention is explicit in its wording and has played out exactly so for Quad9 just 3yrs prior.

That’s Proton’s marketing weasel … Of course, they’re bound to respect requests “supported by Swiss authorities,” who are bound to the EU due to Lugano.

Like I said, you also stand to earn a great deal of money if your understanding of the framework is that it is “highly misunderstood”.

This is were you wrote that or perhaps unintentionally implied?

I am not familiar with the Quad9 case. Will get back later on that.

I dont believe this is a marketing claim. There are no known cases of Proton cooperating with foreign entities directly. And as I have cited above that would also bring them in legal trouble.

Dont worry about my salary (not a lawyer but I do deal with these kinds of assesements).

The fact remains that as a private email provider, they made efforts early on to not connect credit card and PayPal payments to your account, which is smart. Proton didn’t do that. As far as I know, Posteo hasn’t been involved in any data handover controversies, but I intend to ask them about it, as well as the reliability of their private payment system.

What do you mean by this? That the German government or the EU could compel Posteo to start connecting credit cards to accounts and legally forbid them from disclosing it to their users?

Maybe. That would be extreme. In such a case, I would hope Posteo would be open to their users, and if they can’t because of legal threats, that the information would leak, like what happened with Apple and the UK. The UK tried to force Apple to make their encryption less private and forced them not to say anything about it. The information still leaked, and it made a lot of noise.

I respect your ingenuity, but for most people that is not easy. Using cryptocurrency in general is not easy for the average user, even more so when you’re trying to avoid KYC.

The easiest way for the average user to pay anonymously is to use cash and gift cards. They should be able to use cash to directly credit their account and/or buy a gift card from the service provider or a trusted reseller.

Any service that wants to make anonymous payments easy for their users must support those methods. I absolutely want Proton to support direct payments via Monero one day, but even if they did, it is not the most user-friendly method for the average user. It’s not something my mom could do, and frankly, it’s not easy for me either.

I think their fear goes beyond Monero, because, as I’ve demonstrated earlier, none of their payment options are actually anonymous which to me is very suspicious.

I don’t deny that the user has some responsibility, but Proton bears some responsibility too.

I don’t know if the analogy fits perfectly, but to me, it’s like someone trying to lose weight and eat healthy in an environment where unhealthy food is marketed as healthy, and food lobbies fight tooth and nail against regulation that would make it easy to tell the difference between healthy and unhealthy food.

Does the person trying to lose weight have some responsibility? Yes. But so does the environment they live in. It’s not surprising that it is far easier for that same person to take better care of their health in a different environment where food and other health-related industries are well regulated and there is clear transparency about what they actually offer.

Proton git cards cannot be bought anonymously. They don’t accept cash or Monero.

You wrote those responses without referring to Quad9’s writeup on the case? Sounds like you were debating for the sake of it.

I assure you, I don’t give a …

Marketing weasel*

Proton has indeed been dragged through the courts in Ireland, for example.

No.

Right okay i checked out the quad9 story briefly. MLAT was not followed in the Sony Dresden case because it was a private civil lawsuit, not a criminal or law enforcement matter. You really cannot compare private law and criminal law like this. It really misrepresents what is going on.

The quad9 story is troubling but not quite representative here.

For criminal procedures also Quad9 lists the same argument as Proton btw. Quad9 Turns the Sony Case Around in Dresden | Quad9 and Compliance and Applicable Law | Quad9

Please don’t use uppercase letters, it looks very spammy.

I am pretty sure all payment providers need to keep a 5-year history of your transactions, etc. So VCC even if deleted will still be kept by the provider. Out of subject though.

How does it look spammy? I’m only using them to title sections of my text.

I don’t think it’s off-topic, because VCCs are promoted as a way to protect your privacy when making payments, and some Proton users use VCCs. You could be right, but the only way to know for sure it to ask. I intend to ask my provider.

All providers are different. My VCC provider is a bank and all my VCC payments are not reflected as VCC payments in my statements. This means that when I look at a payment I made with a VCC, it shows my real credit card number in the statement. Not my VCC number.

I complained about this to my bank because I have over 10 VCCs, and I would like to be able to tell from my statements to which VCC does each payment correspond to, but I can’t. I now realize that there might be a privacy benefit to this, unless the bank can tell which VCC I used internally. It’s another thing I need to ask them.

Even if you are right, I do wonder if there would be a privacy benefit to opening a bank account that is exclusively used for private purchases, and every year or so, close that bank account, and open a new one for the same purposes at another bank. I wonder if rotating bank accounts every couple of years, would protect your privacy, if you keep closing your previous accounts. I imagine it would be much harder to trace account that doesn’t exist anymore.

Because no one does this, and it flashes a message among other. Also, if you have many sections, you message might just be to long.

Again, keeping records 5 years ( I think sometimes more) for banks is the law. Closing an account and doing that every years might ensure only your last 5 years are accessible to LE, but not a shorter time than that.

For the VCC, I guess banks have to retain the card number and name associated. So payments will not be anonymous.

Why is everyone upset when you can just buy it from Proxystore?

That’s not a good enough reason. I do it because I want my text to be clear and legible.

I try to be as succinct as I can, but sometimes I have much to say, and there are limitations to how many comments you can make in a row. I can’t make three short comments, so I make two longer comments.

Where is this law? Because it is likely we are not in the same location. Again, you may very well be right, but there is only one way to know for sure, and it’s to ask you bank and VCC provider. I want to be sure which is why I intend to ask.

My bank, which is my VCC provider allows me to name my VCCs whatever I want. I have tested it. I made a payment to a service with Bugs Bunny as my VCC cardholder name.
I then asked that business to provide me with all the info they had on that payment, and the name they had on record was Bugs Bunny.

Obviously, my bank knows my real name, but it remains unclear if a deleted VCC can be traced back to me. It’s safer to assume that it can, but I intend to ask to be sure.

I specifically quoted,

I wonder if you are debating yourself? I’ll leave you two at it.

Good.

To me, what’s troubling is folks taking Proton’s marketing weasel and passing off as some gospel, yeah.

These are all first party sources you’re relying on. I’m not a lawyer but, Mutual Legal Assistance, in reality, seems to be ‘bypassed’ for cybercrime investigations (ref), as the Budapest Convention (which Switzerland is a signatory to) takes over.

Police-to-police cooperation for the sharing of data related to cybercrime and e-evidence is much more frequent than mutual legal assistance (the ratio seems to range from 10:1 to 50:1).

…

Data that can be obtained domestically by the police without compulsory measures and
thus without court order can be shared (by Australia, Belgium, Cyprus, Finland,
France, Japan, Serbia, Switzerland).

You cannot buy proton mail from proxysto.re. I talked to their customer support and they said they asked proton about it but they weren’t communicating or stocking them.

Not going to share for obvious reasons, but this is the case in most places around the world, if not all.

You may be right. But it should still be verified by asking and getting official confirmation.
There are many countries that have privacy laws that are supposed to protect you, but when a citizen tries to have those laws enforced to protect their privacy, they realize they are not actually protected.

I want to stop my bank from requiring I share my location every time I want to make a transaction on mobile. I also want to stop them from scanning my face when I want to use said app. I want my privacy respected and intend to report them to my local data protection agency. So far, all indication show me that the data protection agency can’t or won’t compel my bank to stop invading my privacy, which just goes to show that the data protections laws they brag about are privacy and security theater.

In my opinion, Proton is just a much better version of Google Suite, and it should not be seen as the “ultimate savior of privacy.” For what they do and offer, they are a good option, but other options also exist. Lastly they offer “Private Mail,” not “Anonymous Mail.”

I agree. But I think it’s fair to say that Proton Mail wants to be the best private email service, and markets itself that way. Hence, they bear some responsibility for what people believe about their company and services.

No one is saying Proton’s service is bad. Some of us are saying that they are not completely transparent about the type of data they retain and can be shared about you, and that they can do so much better to protect their users’ privacy, which is true.

Proton claims to offer anonymous payments which is not true. They need to fix that. If their competition is able to offer anonymous payments and do it right, so should they.

How does sending some bills + your account name in an envelope with no return address compromise your privacy?

I’ve discussed this before.

This means that if my Proton username is: jordan.smith@pm.me, I am revealing my identity to Proton. Moreover, if I use any of my pseudonymous addresses that are linked to the same acccount (fresh.cow@pm.me), I am still revealing my identity to Proton because hey can see it is owned by Jordan Smith. That is not anonymous.

As I have explained, other privacy services do not require you declare your username for cash payments, so why can’t Proton follow that model? Why the need for them to manually link my cash payment to my account? Why the need for a real person to manually add the payment to my account? Why does a human person need to see my Proton profile? I don’t want that.

There is value in hiding in plain sight, in a sea of millions of people, undistinguished.

If I desposit cash in my bank account via an ATM, no person who works at the bank knows that I made a payment that day. The bank’s system knows, but no actual human being knows that Jordan Smith deposited $100 into their account. Especially when millions of people make ATM deposits eveyr day.

That is very different from me physically going to the bank, speaking to a teller, and telling them I want to desposite $100 in my account. At that point, the bank teller, who is a real person, is aware that I, Jordan Smith, made a payment that day.

And when the teller performs this transaction for me, they can see my bank profile. Maybe they see that I received $20 000 from abroad and want to ask me about it. Maybe they see that they haven’t verified my address in 5 years and want to confirm it’s still the same. Maybe they see that I have $100 000 sitting in my savings account and am not making much profit from it, and they want to advise me on how to invest it. I don’t care. That is not why I came to the bank and I don’t want them snooping around.

Can you see the difference between the two? It’s the same with Proton.

In addition, when Proton receives you mail they will know which country it came from. That is something you cannot hide. They can link that information with your username, which gives you even less privacy. Proton cash payments also require that you write the company’s name on the envelope. Given how widely known Proton is, that could one day trigger red flags at the post office.

You do realise this has absolutely nothing to do with whether your payment is anonymous. Proton rather obviously needs to know which account the payment is going to, and if you go so far as to send an envelope with cash while using your SSN as your username, that’s frankly on you.

You are revealing that information to PM the moment you are creating the account.
If you want to go for max anonymity you surely wouldn’t use your actual name for this.

In the end PM has to know that this money goes into that account. Even if they gave you a random number instead that still needs to be associated with your account and could be found out if they really wanted to.

True, but not really much of an identifier. This could be worked around obviously with some effort, e.g. I live close to a border and could easily send the letter from a different country in literally less than 15 minutes. Commercial remailing services do exist, too.