Conversation

Notices

1. Embed this notice
   Lorenzo Franceschi-Bicchierai (lorenzofb@infosec.exchange)'s status on Tuesday, 16-Sep-2025 04:23:24 JST Lorenzo Franceschi-Bicchierai

   Everyone has their own threat models, so I don't want to make broad, sweeping recommendations here, but if you use Protonmail to talk to sources, you should read this story.

   The way Protonmail handled this whole thing is quite bad. No transparency, dismissing the story as being "blown out of proportion."

   https://theintercept.com/2025/09/12/proton-mail-journalist-accounts-suspended/

   • Embed this notice
     VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 16-Sep-2025 04:23:23 JST VessOnSecurity

     in reply to

     @lorenzofb There is a HUGE difference between the two.

     One is "The Swiss courts, under whose jurisdiction we are, received a request from a Spanish court and ordered us to do this", the other is "Some shmucks from the Korean CERT who had no clue what they were doing complained to us that they didn't like somebody, so we suspended his account". The first was proper and unavoidable, the second was Proton being idiots.

     Also, note that in no case was the contents of the encrypted e-mail compromised - only the sender was identified in one case and his account suspended in the other.

   • Embed this notice
     Lorenzo Franceschi-Bicchierai (lorenzofb@infosec.exchange)'s status on Tuesday, 16-Sep-2025 04:23:24 JST Lorenzo Franceschi-Bicchierai

     in reply to

     Also, this is not directly related but please remember that Protonmail also responds to legal requests, it's not a guarantee of total privacy.

     https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/

     scriptjunkie repeated this.