Proton Mail provided user data that led to an arrest in Spain

A

Alfonso Maruccia

Posts: 1,060   +317
Staff
Facepalm: Proton Mail is facing renewed accusations of handing user data over to law enforcement agencies. The Swiss company provides a secure email service with end-to-end encryption, ostensibly to protect its customers' identities from prying eyes. However, recent events suggest otherwise.

Proton Mail recently came under scrutiny for providing Spanish authorities with enough data to identify and arrest a member of the Catalan independence organization Democratic Tsunami. The company claimed it was compelled to cooperate with law enforcement due to Swiss laws. They asserted that the Spanish police's success in apprehending the individual was partly due to the person's lack of a proper Operational Security (OpSec) policy.

Proton Mail's primary service is an end-to-end encrypted email platform established in 2013. The platform aims to ensure that email content remains unreadable to both third parties and the company itself. While Proton Mail asserts it cannot access message contents, some user-related data passing through its servers could potentially be used to identify individuals.

In a separate incident in 2021, Proton Mail was required to provide Swiss authorities with the IP address and device details of a French climate activist. This information was subsequently used by French authorities to apprehend the activist. Proton Mail clarified that while email content is encrypted, the company is obligated to comply with lawful access requests for any data passing through its servers in criminal prosecution cases.

In the recent case involving the Spanish police, Proton was seemingly compelled to provide the Apple recovery email address used by a client known as "Xuxo Rondinaire." The customer was suspected of collaborating with Catalonia's police force, the Mossos d'Esquadra, while covertly aiding the independence movement in the region.

Authorities requested additional data from Apple, enabling them to identify the individual behind the pseudonym. Proton CEO Andy Yen confirmed that the personal data used to apprehend the alleged "terrorist" was provided by Apple, not Proton. Yen emphasized that Proton cannot decrypt data, but Swiss courts can mandate the sharing of recovery email addresses in "terror cases."

In a written statement, Proton AG clarified that their email service stores "minimal user information" and does not guarantee complete anonymity. Customers seeking enhanced security should implement proper Operational Security (OpSec) measures, such as refraining from using their genuine Apple account as an optional recovery method. While a recovery address is not mandatory for using Proton Mail, the company could be compelled to disclose such information under a Swiss court order.

Permalink to story:

Proton Mail provided user data that led to an arrest in Spain

 
Seems like the only way to have a safe provider would need to use a company in a region hostile to their own. Perhaps something in the middle east, or SE asia?
 
If you are dumb enough to post PRE-unencrypted text and PRE-unencrypted attachments you are a dumb ***.

craft your message .. encrypt it locally then send it
craft your attachment .. encrypt it locally then send it

if it gets intercepted on proton .. well too bad its already secured
 
Alfatawi Mendel said:
Becoming a climate activist, or seeking independence is now a 'criminal' activity in the EUSSR now. Apparently.
Click to expand...
Climate activists need to stop wrecking paintings and disrupting traffic if they want my support.

All the lawless need to do these days is claim they are protesting and they seem to feel that absolves them of accountability and common decency. Sick of protesters belief that their right to disrupt my life and force an opinion in my face supercedes my right to avoid them or not be stopped.

Then you want to give me a ticket for running over an ***** standing in the road just cuz they had a sign about meat being murder... what's this world coming to? Officer said the ticket would be smaller if the sign said "I'm an *****" since then he wouldn't be protesting... he'd be advertising... and he would be considered in the wrong for jaywalking.
 
  • Like
Reactions: dangh, Amamoh, sdms96825 and 5 others
Alfatawi Mendel said:
Becoming a climate activist, or seeking independence is now a 'criminal' activity in the EUSSR now. Apparently.
Click to expand...

Well to be honest, quite a lot of so called "climate activists" act in an unlawful manner and are more like "social terrorists".

If I ever see a "just stop oil" protest blocking the road with all the plastic wearing Muppets I'll happily participate in dragging them off the road.
 
  • Like
Reactions: Ashford, RF Match, Theinsanegamer and 3 others
It's recovery adress, that was setup through proton mail, led to a user on Apple itself which the police was able to identify.

All company's store details of their clients. Just buying a VPN subscription alone leads to someone paying some invoice with a credit card somewhere.

If you really want to be top notch secure - don't use the internet. Don't use digital communication(s). Everything you do on the internet is virtually seen by third party's.

All these large company's comply with laws to hand over information when there's a suspicion. They are not going to risk offering their product in the EU or US for a few hundreds of individuals a year.

 
  • Like
Reactions: PanGrns, dangh, BuckarooBonzaii and 3 others
Alfatawi Mendel said:
Becoming a climate activist, or seeking independence is now a 'criminal' activity in the EUSSR now. Apparently.
Click to expand...
Being a greeny has long been a crime in most western countries in all but name. USA has had FBI spying on green groups for decades. Australia still treats them like criminals and rewrites laws to suit those that are being targeted and arrest and charge activists. In the third world they just murder them, Brazil is a particularly bad example of this.
 
  • Like
Reactions: PanGrns and Ephebus
I was a day one supporter of Proton, but if those encrypted services are compromised too, what else is left to use?? They ask us to pay for services that aren't any better then gmail defaults, seems all of us "privacy aware" are better off using google calendar, drive, mail
 
user478318 said:
I was a day one supporter of Proton, but if those encrypted services are compromised too, what else is left to use?? They ask us to pay for services that aren't any better then gmail defaults, seems all of us "privacy aware" are better off using google calendar, drive, mail
Click to expand...
Nothing encrypted has been compromised. Proton do not have a way to check any person emails and that wasnt a case here either. All the emails on that account are safe, encrypted, and are not possible to be read unless owner provide the password. Read the article again...
 
daffy duck said:
Being a greeny has long been a crime in most western countries in all but name. USA has had FBI spying on green groups for decades. Australia still treats them like criminals and rewrites laws to suit those that are being targeted and arrest and charge activists. In the third world they just murder them, Brazil is a particularly bad example of this.
Click to expand...
Being an environmentalist isnt illegal in most western countries. IDK how you figure that out when half the leadership memes about solar power at every climate conference.

Nothing wrong with protesting for green energy, or against companies that dump waste into waterways or fail to clean up after themselves. Now, being a Greeny that wants to bomb a power plant, cut gas lines, or block people from accessing emergency services so you can whine about oil? THAT's pretty illegal. (and while destroying priceless artwork isnt illegal, it SHOULD be).The problem is, with environmentalism becoming a full on death cult, the former group often turns into the latter.
 
  • Like
Reactions: RF Match
Oh no if it's not the consequences of my action... who would've thought using an email would create a digital footprint. had we not seen enough hacking actions from Hollywood movies in the past 20 years?

running your own email server under your own domain does not even guarantee your personal information. it might be leaked because you likely paid for those services digitally.

I'm just saying, if the authorities caught up with your bad deeds, that means you're doing it wrong. got nobody to blame but yourself.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Valve's Proton 9.0 update makes more Windows games playable on Linux, including The Finals
Replies
16
Views
205
amghwk
amghwk
zohaibahd
Devious "Brokewell" trojan masquerades as Chrome browser update to steal your banking data
Replies
4
Views
120
Athlonite
Athlonite
midian182
Samsung launches a 114-inch Micro LED TV so expensive, buyers receive a free $8,000 8K TV
Replies
14
Views
148
TheBigT42
TheBigT42

Latest posts

Back