this post was submitted on 13 Sep 2025
38 points (67.0% liked)

Proton

7834 readers
12 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 2 years ago
MODERATORS
ProtonPrivacy@lemmy.world
alex_herrero@lemmy.world
Nelizea@lemmy.world
38
Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency (theintercept.com)
submitted 2 weeks ago by KarnaSubarna@lemmy.ml to c/protonprivacy@lemmy.world
27 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] vermaterc@lemmy.ml 45 points 2 weeks ago (2 children)

You need to understand a few things. In order to keep email service usable, Proton need to fight any malicious activity. If they didn't do it, ProtonMail would be quickly blacklisted by other mail providers as it will be interpreted as source of spam. At the same time, they have very limited capabilities to verify this activity by themselves as they cannot read contents of their user's emails (it is encrypted) and they keep limited logs.

As an article states, here is what happened:

Proton’s official account replied the following day, stating that Proton had been “alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled. Our team is now reviewing these cases individually to determine if any can be restored.” Proton then stated that they “stand with journalists” but “cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.”

[–] KarnaSubarna@lemmy.ml 3 points 2 weeks ago (1 children)

While Proton does have an obligation to stop spread of SPAM mail, this incident is a bit different. Let's see -

  1. Proton was not approached by other Email providers (Gmail/Outlook) about suspected email SPAM campaign originating from their network.
  2. This matter is NOT even related to SPAM mails.
  3. krCERT - a Govt agency approached Proton and asked them to disable the account.
  4. Proton simply complied to that without verification.
  5. Appeal made by Owner of that email id was rejected.
  6. Subsequently follow ups were also ghosted.
  7. Until the tweet from the journalist went viral, Proton was not in mood to reinstate the account.

Note that while Proton Mail (server) is E2E encrypted, but once email exits their network it no longer remains as such. So, whoever (other email provider or incident reporter) reported the incident, should have a copy of unencrypted email to prove abuse of Proton Mail service.

Given that proton now reinstated the account, that proves Proton initially froze that account based on "Trust me, Bro" proof only from krCERT.

In ideal world, any service provider should require a court order to comply with Govt request to remain unbiased in such situation.

[–] hanrahan@slrpnk.net 1 points 1 week ago

Given that proton now reinstated the account, that proves Proton initially froze that account based on "Trust me, Bro" proof only from krCERT.

Pwrhaps ? or are the obligated to comply and wtwre able to reinstate becase krCERT backed down ?

[–] Atherel@lemmy.dbzer0.com 3 points 2 weeks ago (1 children)

So they simply suspend accounts because "they are evil, trust me bro" and only maybe investigate after? This is either stupid, negligent and/or bullshit.

[–] InternetCitizen2@lemmy.world 11 points 2 weeks ago (1 children)

Maybe I am misunderstanding something here, but this does seem like it could be ripe for abuse. Say I disliked a journalist and knew their proton mail. Could I report it as abuse and have them suspended?

[–] Apollo2323@lemmy.dbzer0.com 2 points 2 weeks ago (1 children)

Yes and then the journalist appeal and shows that he is not using his account for abuse and get reinstated. Even a privacy and a security product like Proton has terms of service.

[–] KarnaSubarna@lemmy.ml 3 points 2 weeks ago

If you read through the article, his appeal was originally rejected, and subsequent follow ups were also ignored.

It's only the tweet, directed at proton for ghosting them, that went viral and eventually forced Proton's hand to reinstate the account.

If a journalist has to go through this much trouble, what chance a common person from authoritarian or semi-authoritarian country have.

This loophole will certainly be misused by Governments to gag someone temporarily/permanently.