As TFF approaches I become increasingly worried that I won't get what I need out of it
09.03.2026 07:31
π 0
π 0
π¬ 0
π 0
As TFF approaches I become increasingly worried that I won't get what I need out of it
You might be surprised to hear that I don't disagree, and I would be saying the same thing if it were Tuta, Fastmail, Posteo, or any other company. 404 has a good track record and it makes me disappointed that they would choose to frame this story in this way.
Yes, the headline in and of itself is *technically* true, but 404's particular choice of phrasing creates false implications about Proton's degree of agency. A headline like "FBI forces Proton to reveal protester's payment details" would also be true without creating false implications.
There is a reasonable argument to be made that Proton's response here could be more mature and professional. However, that's a separate issue from 404's choice to characterize Proton as a willing accomplice in their headlines, which is the core of this particular discussion.
It would therefore be a mischaracterization of my intentions if you were to then run a headline saying I "helped" the court convict someone, just because I did what was legally required of me. That is definitionally clickbait.
To say that Proton "helped" is to imply that they were a free agent, which is not the case. If I'm called in for jury duty, I won't be attending court because I want to "help" -- I'm attending court because the alternative is legal obliteration.
For the record, this post is *not* directed at Benn Jordan. Let me be crystal clear about that.
Can you rephrase your question to be more specific? It's not clear to me which actions and which outcomes you're alluding to.
Sure. I think it would be reasonable to criticize Proton's response as perhaps a bit immature. That doesn't change the fact that 404's characterization is plainly misleading and therefore clickbait.
The latter, obviously. This is a story about how governments can force companies, even those based in other countries, to reveal data about their customers -- *not* about how the company "helped" the FBI. 404's framing points the finger at Proton rather than the FBI, which is incorrect.
Right. This is obviously true and nobody is arguing otherwise. That's not the issue, though; the problem is how 404 is choosing to present that information. I would have no complaints if the statement was "Proton forced by FBI to release protester's payment information" -- but that's not the case.
To state that proton "helped" the FBI is to imply that this was done willingly, which is not the case. Misrepresenting the truth is definitionally clickbait.
No. Yes. Yes.
I find it plainly misleading to state that the company "helped" the FBI unmask a protester, which implies a degree of autonomy that Proton did not possess in this circumstance. It sure does make people angry, though. I can't help but feel that might be the point.
I don't exactly love doing PR for a company that isn't paying me, but like, I also don't want to just sit here while people make shit up and get mad about things they don't understand. C'est la vie.
I've been a big fan of 404 Media, but I have to agree with Proton in this case. 404 has clearly grossly mischaracterized the nature of Proton's involvement as to imply that they are complicit in this, which is just not the reality of the situation. They are completely justified in pointing this out.
CC @solodeveloping.bsky.social
Is it Proton's fault if the Swiss government legally compels them to release information based on lies from the FBI?
That being said, I wouldn't be opposed to Proton implementing a system like this. I don't think it's exactly an FBI-resistant system, but it's better than nothing at all.
What Posteo is doing is clever, although it's worth noting that it's really a trust-based architecture. There is still a moment in time where that code is associated with a particular account, and I don't see why they couldn't be legally compelled to log that information.
I don't think the article states this one way or the other, but I'm wondering if the account holder had their card details saved (i.e. for automatic payments), which Proton obviously must be able to decrypt to process the payment. This is just speculation on my part.
You have to store the card number to charge a subscription and you legally have to turn it over when mandated by the government.
Proton isn't going to break the law for you.
Use their anonymous methods of payment such as mail-in cash or Monero to protect against this if you're a gov target.
normally I like the reporting from 404 but this one is not up to snuff.
This reporting makes it sound like proton had any choice in the matter.
They were forced by law enforcement in Switzerland to hand over the credit card information of the person paying for premium on the account
Yes, Proton supports anonymous payment methods. Given the clear legal ramifications, they should have done so, but a poor understanding of the threat model precluded this.
Any user data that isn't encrypted (in this case, credit card details) can be turned over to the authorities. That's exactly why Proton offers anonymous payment methods that don't require sharing identifying information. But they *cannot* reveal your encrypted emails. That's the whole point.
Forgive me for quoting the same thing twice.
Now, I'm a big fan of 404 Media in general, but this is an egregious misrepresentation of the truth. What happened here was entirely avoidable if the user had practiced better opsec. Proton, Tuta, and others are all vulnerable to this.
But crucially, Proton was *not* able to hand over the emails themselves, as Proton does not have the ability to decrypt those. You can't hand over what you can't access yourself.
The difference with encrypted email providers like Proton Mail is what data they are able to turn over in the first place. In this case, what was given to the FBI was credit card details, which necessarily must be stored unencrypted. This was poor opsec on the account holder's part.
Proving once again that not enough people know what a threat model is
Escitalopram with a whiskey chaser
