ProtonMail has been involved in another story of alleged data handover to law enforcement.🥷 Secure your online activities - Check out a VPN with the best di...
The only data we could provide (in response to a binding Swiss legal order), was the user’s recovery email address, which the user added himself, and is optional to begin with.
Unfortunately, said user also used that recovery address to create a Twitter account, and Twitter turned over his phone number and IP address. So probably not the smartest move if you want to threaten public officials.
Coincidentally, this case again proves that Proton Mail’s encryption cannot be bypassed by law enforcement.
They don’t offer unlimited addresses for your own domain. And I kinda rely on that to route different registrations around. Don’t even need unlimited mailboxes, just the ability to use patterns and direct assignments to route mail to a few mailboxes.
They semi-recently bought Simple Login which you can provide with your own domain. That does allow you to create unlimited addresses and they’ll all be forwarded to the inbox of your choice. Can also disable any addresses when you no longer want them.
They support catch-all addresses. So essentially any email @your.TLD will work. I use this and it works perfectly. Nowadays I also use the included simplelogin address if I don’t want to disclose even my domain.
From what I’ve gathered, you can simulate unlimited addresses for your domain by setting up a catch-all. To reply from a certain catch-all’d address, you need to create an address for that name.
I wonder if you could do that via API; creating and deleting the address just for the moment where you’re sending the reply.
It’s strange to me that they don’t offer unlimited domains. I guess it’s to discourage business users from using the cheap email plan intended for individuals? That one doesn’t have user management, so that doesn’t really make sense either.
you can use services like proton as much as you want, if you interlink other, more transparent accounts and infos about yourself to it, there’s no one to blame but yourself when the feds knock on your door eventually. “f*cked around and found out”.
agreed on that, but I think, before that would be, don’t try to threaten ppl on the internet and don’t expect to be anonymous by just using a private service. I mean, the mail might be encrypted, but the recipient gets it, can read it and can show it to anyone else.
still: private ≠ anonymous
sure and encryption isn’t even the issue here. i don’t defend ppl sending others threads via mail, that’s unquestionable a very dumb move, but in case you do something else that is privacy sensitive to you - like being a whistleblower, leaking stuff - you should know what you’re doing to protect your identity. using an encrypted, swiss mail service and then have like gmail as your recovery address and use that very mail to register on a social media site isn’t even trying - could have just attatched his phone number in the mail to get over it :>
in that case, good for the victim, but bad for proton because there are still so many ppl around thinking services like proton stand above the law and would rather face court than to send the feds a .zip with metadata that could be completly useless if the account was used right.
Details? Im not familiar with the explanation. Thanks!
let me quote from reddit (https://www.reddit.com/r/ProtonMail/comments/15luwua/comment/jvd0fz9/?utm_source=share&utm_medium=web2x&context=3):
At least he didn’t use Twitter for this threats.
I should check proton mail, self hosting is exhausting.
They don’t offer unlimited addresses for your own domain. And I kinda rely on that to route different registrations around. Don’t even need unlimited mailboxes, just the ability to use patterns and direct assignments to route mail to a few mailboxes.
If that was an option, I’d switch a week ago.
Would “plus” addressing work for you? https://proton.me/support/creating-aliases
They semi-recently bought Simple Login which you can provide with your own domain. That does allow you to create unlimited addresses and they’ll all be forwarded to the inbox of your choice. Can also disable any addresses when you no longer want them.
They support catch-all addresses. So essentially any email @your.TLD will work. I use this and it works perfectly. Nowadays I also use the included simplelogin address if I don’t want to disclose even my domain.
Ah shit. I had hoped it would. Didn’t yet read into the service.
deleted by creator
I haven’t switched yet but I’m about to.
Proton seems to have a pretty powerful filtering system that you can program using a DSL: https://proton.me/support/sieve-advanced-custom-filters
From what I’ve gathered, you can simulate unlimited addresses for your domain by setting up a catch-all. To reply from a certain catch-all’d address, you need to create an address for that name.
I wonder if you could do that via API; creating and deleting the address just for the moment where you’re sending the reply.
It’s strange to me that they don’t offer unlimited domains. I guess it’s to discourage business users from using the cheap email plan intended for individuals? That one doesn’t have user management, so that doesn’t really make sense either.
As always, the number one thing that gets you in trouble, is bad OPSEC
can you elaborate?
you can use services like proton as much as you want, if you interlink other, more transparent accounts and infos about yourself to it, there’s no one to blame but yourself when the feds knock on your door eventually. “f*cked around and found out”.
agreed on that, but I think, before that would be, don’t try to threaten ppl on the internet and don’t expect to be anonymous by just using a private service. I mean, the mail might be encrypted, but the recipient gets it, can read it and can show it to anyone else.
still: private ≠ anonymous
sure and encryption isn’t even the issue here. i don’t defend ppl sending others threads via mail, that’s unquestionable a very dumb move, but in case you do something else that is privacy sensitive to you - like being a whistleblower, leaking stuff - you should know what you’re doing to protect your identity. using an encrypted, swiss mail service and then have like gmail as your recovery address and use that very mail to register on a social media site isn’t even trying - could have just attatched his phone number in the mail to get over it :>
in that case, good for the victim, but bad for proton because there are still so many ppl around thinking services like proton stand above the law and would rather face court than to send the feds a .zip with metadata that could be completly useless if the account was used right.
wish I could upvote this more than just once
… i’ll take a compliment when i get one :D
and the other one regarding the clima activist:
https://protonmail.com/blog/climate-activist-arrest/