512·
3 days agoIn fact, knowing that the only thing Proton was able to hand over was the credit card identifier is pretty solid proof that they in fact cannot access (and thus provide access to) your email account and its contents.
If full anonimity is the goal then stick to crypto or cash payments, because credit card always leaves a trail and not a single email provider is above the law in that regard.
This case is entirely the fault of the user’s bad opsec.
“Willy nilly” when it came from a valid warrant from the Swiss authorities is some crazy lopsided interpretation.
Privacy focused doesn’t mean “doesn’t obey the law.”
Every other privacy focused business will do this, unless they want to get shut down (and then be forced to hand over the data upon shutting down anyway).
Also, the entirety of the “data” was a credit card identifier, which companies are legally required to keep a record of if they handle credit card transactions. Everything else Proton doesn’t have access to and thus couldn’t hand over. They also let you pay by cash or crypto to avoid the necessity of handing over your credit card identifier, so this was just bad opsec on the user’s part.
Acting like you can’t be a privacy-respecting business unless you just break the law is pretty absurd.