The Proton Mail service released user data to law enforcement authorities, leading to the arrest of a terrorism suspect, a member of the Catalan pro-independence organization Democratic Tsunami.
Privacy concerns were raised again recently when Proton Mail provided Spanish police with the backup email address of an individual under the pseudonym “Xuxo Rondinaire.” The person is suspected to be a Catalan police officer (Mossos d'Esquadra) who used his knowledge to help the Democratic Tsunami movement. Sources close to the investigation have confirmed that the suspect is indeed an active police officer.
After receiving the recovered address information from Proton Mail, Spanish authorities requested Apple to provide additional details, which led to the identification of the individual.
The case stands out because it involves a series of requests involving different jurisdictions and companies, highlighting the complex interplay between technology firms, user privacy and law enforcement.
The requests were carried out under anti-terrorism laws, although Democratic Tsunami's main activities included protests and road blockades, raising questions about the proportionality and justification of such measures.
Proton Mail, following Swiss law, was obliged to cooperate with international legal requests formalized through the Swiss court system. Last year, the company complied with almost 6,000 data requests. Proton Mail emphasizes that the content of emails, attachments and files always remain encrypted and unreadable.
Commenting on the situation, Proton Mail said it has minimal user information, as evidenced by the fact that in this case, the data obtained from Apple was used to identify a terror suspect. Proton defaults to privacy rather than anonymity, as anonymity requires certain user actions to ensure proper operational security (OpSec), such as not adding an Apple account as an additional method of recovery.
This case is a reminder of the importance of careful adherence to operational security (OPSEC), especially for users engaged in political activities. It is recommended to avoid linking recovery emails or phone numbers that may directly indicate identity, and to consider using secondary emails or virtual phone numbers for additional anonymity.
The case also mentions a 2021 case in which ProtonMail disclosed the IP addresses of a number of its French users associated with the green movement Youth for Climate. The data was provided at the request of French authorities, after which the exposed users ended up in custody.
The described case is not an isolated one. In August 2023, the FBI was able to obtain the data of an American ProtonMail user accused of making threats, and then, based on this data, calculate his physical location and arrest him.
Source: https://exploit.in/2024/17124/
This is a bump
Privacy concerns were raised again recently when Proton Mail provided Spanish police with the backup email address of an individual under the pseudonym “Xuxo Rondinaire.” The person is suspected to be a Catalan police officer (Mossos d'Esquadra) who used his knowledge to help the Democratic Tsunami movement. Sources close to the investigation have confirmed that the suspect is indeed an active police officer.
After receiving the recovered address information from Proton Mail, Spanish authorities requested Apple to provide additional details, which led to the identification of the individual.
The case stands out because it involves a series of requests involving different jurisdictions and companies, highlighting the complex interplay between technology firms, user privacy and law enforcement.
The requests were carried out under anti-terrorism laws, although Democratic Tsunami's main activities included protests and road blockades, raising questions about the proportionality and justification of such measures.
Proton Mail, following Swiss law, was obliged to cooperate with international legal requests formalized through the Swiss court system. Last year, the company complied with almost 6,000 data requests. Proton Mail emphasizes that the content of emails, attachments and files always remain encrypted and unreadable.
Commenting on the situation, Proton Mail said it has minimal user information, as evidenced by the fact that in this case, the data obtained from Apple was used to identify a terror suspect. Proton defaults to privacy rather than anonymity, as anonymity requires certain user actions to ensure proper operational security (OpSec), such as not adding an Apple account as an additional method of recovery.
This case is a reminder of the importance of careful adherence to operational security (OPSEC), especially for users engaged in political activities. It is recommended to avoid linking recovery emails or phone numbers that may directly indicate identity, and to consider using secondary emails or virtual phone numbers for additional anonymity.
The case also mentions a 2021 case in which ProtonMail disclosed the IP addresses of a number of its French users associated with the green movement Youth for Climate. The data was provided at the request of French authorities, after which the exposed users ended up in custody.
The described case is not an isolated one. In August 2023, the FBI was able to obtain the data of an American ProtonMail user accused of making threats, and then, based on this data, calculate his physical location and arrest him.
Source: https://exploit.in/2024/17124/
This is a bump