Fellas your VPN is not going to break the law for you.
45
scytale - 13hr
Yep. That’s why when shopping for services, more weight should be put on what data they retain. It doesn’t matter if they comply with laws in the country they operate in if they have no data to hand over.
17
FoundFootFootage78 - 7hr
I believe Australian laws state that if the government requests your data and they can't hand it over, they're required to build a method to track you. So practically speaking if you want true privacy you'd need to use the Tor network.
2
vermaterc @lemmy.ml - 14hr
I'm using Proton for privacy, not anonymity. I've literally put my name and surname in my email address. I don't care if someone knows that me is me.
But I do care that no one is reading and/or automatically processing my mails.
35
ScoffingLizard @lemmy.dbzer0.com - 12hr
Same. My real name is on mine too. Everything you give an email to that isn't Google is one more piece of data Google doesn't have presumably. If those corrupt bastards collect the aggregate anyways, that still costs them money. If it's automated, guess what? Aggregating our data still costs money, and data centers are expensive to maintain. Every little but matters.
8
BingBong - 15hr
Without a link to the report or any other justification information this reads like a hit piece. The other important item to understand is what information actually could be released.
As much as I dunk on proton for their CEOs idiocy and lack of Linux support, I also push for accuracy and infographics are dangerous in that space.
I'll see if I can link the relevant info once I get home and am not on a phone anymore.
21
PiraHxCx @lemmy.ml - 15hr
The data they can hand is your acc creation information and which IP accessed the email. They can't hand email content because of zero knowledge encryption, and they can't hand VPN traffic because it's not logged and they can't be forced to log it. https://protonvpn.com/support/no-logs-vpn/
Proton’s privacy policies state that they retain unencrypted metadata (addresses, timestamps, etc.) which are required to provide the service. This information may be disclosed to law enforcement. However, the actual content in your account is largely end-to-end encrypted. Law enforcement might request it, but without the keys to decrypt it they won’t be able to read your data.
9
☆ Yσɠƚԋσʂ ☆ - 13hr
Metadata tracking should be very concerning to anyone who cares about privacy because it inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out a network of relations is incredibly valuable. An intelligence agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand. So, in a twisted way, tools for private conversations that share their metadata with third parties, are perfect machines for mapping associations and identifying targets such as political dissidents.
17
Irdial - 8hr
I don’t disagree with you, but sending and receiving emails requires transmission of unencrypted metadata. There’s no easy way around it
6
☆ Yσɠƚԋσʂ ☆ - 8hr
Right, which really suggests that email is not the right medium if you want genuine privacy.
5
ScoffingLizard @lemmy.dbzer0.com - 13hr
My threat model is not mostly concerned with gov. That could change but anyb way we can make it harder and more expensive or to take data or just created competition for Google is start in the correct direction. Just don't do anything important on Proton.
1
☆ Yσɠƚԋσʂ ☆ - 12hr
Right, understanding what your threat model is important. Then you can make a conscious choice regarding the trade offs of using a particular service, and you understand what your risks are.
2
hexagonwin @lemmy.sdf.org - 4hr
Wasn't their whole marketing point that they'll have nothing meaningful to give out since everything's properly E2E encrypted? Not sure how much the compliance rate matters when the provided data is useless. (They would need to comply in order to remain legally operating..)
6
CL4P-TP - 2hr
I don't get why people think that any company for that matter would go to jail for a random dude online. They do hand over metadata and everything else is encrypted. Not even Proton can access that data. When served with a court order they have to hand it over. Now if it were GMail, they'd probably make a collage with your pics and share them. That's the difference.
3
🏴☠️𝔊𝔯𝔞𝔳𝔦𝔱𝔞𝔰🏴☠️ - 4hr
No business is going to violate court orders on behalf of their users. What people need to learn is to not use the same provider for everything, vpn and email especially should be on different services.
yogthos in privacy @lemmy.ml
Proton has handed over 32,076 users' data to governments since 2017. Their own transparency report states a 94% compliance rate in 2024.
https://lemmy.ml/api/v3/image_proxy?url=https%3A%2F%2Fwww.sambent.com%2Fcontent%2Fimages%2F2025%2F12%2F22.pngStunner legal entity follows the law...
Fellas your VPN is not going to break the law for you.
Yep. That’s why when shopping for services, more weight should be put on what data they retain. It doesn’t matter if they comply with laws in the country they operate in if they have no data to hand over.
I believe Australian laws state that if the government requests your data and they can't hand it over, they're required to build a method to track you. So practically speaking if you want true privacy you'd need to use the Tor network.
I'm using Proton for privacy, not anonymity. I've literally put my name and surname in my email address. I don't care if someone knows that me is me.
But I do care that no one is reading and/or automatically processing my mails.
Same. My real name is on mine too. Everything you give an email to that isn't Google is one more piece of data Google doesn't have presumably. If those corrupt bastards collect the aggregate anyways, that still costs them money. If it's automated, guess what? Aggregating our data still costs money, and data centers are expensive to maintain. Every little but matters.
Without a link to the report or any other justification information this reads like a hit piece. The other important item to understand is what information actually could be released.
As much as I dunk on proton for their CEOs idiocy and lack of Linux support, I also push for accuracy and infographics are dangerous in that space.
I'll see if I can link the relevant info once I get home and am not on a phone anymore.
The data they can hand is your acc creation information and which IP accessed the email. They can't hand email content because of zero knowledge encryption, and they can't hand VPN traffic because it's not logged and they can't be forced to log it. https://protonvpn.com/support/no-logs-vpn/
The link is at the top of the image: https://proton.me/legal/transparency
Proton’s privacy policies state that they retain unencrypted metadata (addresses, timestamps, etc.) which are required to provide the service. This information may be disclosed to law enforcement. However, the actual content in your account is largely end-to-end encrypted. Law enforcement might request it, but without the keys to decrypt it they won’t be able to read your data.
Metadata tracking should be very concerning to anyone who cares about privacy because it inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out a network of relations is incredibly valuable. An intelligence agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand. So, in a twisted way, tools for private conversations that share their metadata with third parties, are perfect machines for mapping associations and identifying targets such as political dissidents.
I don’t disagree with you, but sending and receiving emails requires transmission of unencrypted metadata. There’s no easy way around it
Right, which really suggests that email is not the right medium if you want genuine privacy.
My threat model is not mostly concerned with gov. That could change but anyb way we can make it harder and more expensive or to take data or just created competition for Google is start in the correct direction. Just don't do anything important on Proton.
Right, understanding what your threat model is important. Then you can make a conscious choice regarding the trade offs of using a particular service, and you understand what your risks are.
Wasn't their whole marketing point that they'll have nothing meaningful to give out since everything's properly E2E encrypted? Not sure how much the compliance rate matters when the provided data is useless. (They would need to comply in order to remain legally operating..)
I don't get why people think that any company for that matter would go to jail for a random dude online. They do hand over metadata and everything else is encrypted. Not even Proton can access that data. When served with a court order they have to hand it over. Now if it were GMail, they'd probably make a collage with your pics and share them. That's the difference.
No business is going to violate court orders on behalf of their users. What people need to learn is to not use the same provider for everything, vpn and email especially should be on different services.
I have started using message.casa.