One of the broadly-accepted privacy stalwarts has just turned rat.
https://tech.yahoo.c … -aids-160711711.html
There’s a lot to say about this news. The fact that the service sells privacy as the product even more than the service itself, to the fact that free accounts are inherently more secure than paid accounts owing to this utterly unforgivable loophole in their protections for customers. The fact that aiding an active regime of war criminals is being brushed off as ‘following orders.’ The fact that they are using the buffer stage of rolling over for their own government as the excuse from ridicule. The fact that you are constantly bombarded with upgrade/upsell ads when using the service which all - again - focus on buying privacy and security. The fact that they have a glib, canned response and astroturf trolls on social media trying to steer the conversation into personal accountability. All of it is obscene.
Proton has taken an immediate, reactionary, hostile approach to this being leaked to the news. They call it click bait (it’s not). They call it misrepresentation (it’s not). They have their brand-identifying user base marching for them in social media comments, decrying the person for not obfuscating their own payment methods rather than blaming the person who lied to their user base (they did). They call it anything but a problem for them to solve, violently hand waving to the point of slap fighting.
And as problems go, Proton, despite being A problem, is not THE problem on display here. They suck. Do not think I’m in any way asking for absolution for their utter shittery. Rather, there is an inherent problem with any service you do not personally host. When faced with compromising their advertised ideals, they are only as strong as their board members will allow them to be. Promises are free. Actions are not. Until an event occurs which burns away the facade they’ve built in times of easy sailing, there is never a guarantee that any entity you don’t control won’t immediately cave to any outside pressure deemed too difficult or expensive to challenge. In this case, rather than even test the laws of their home country, the company scuttled the ship at the first sign of a boarding party. Being a Not For Profit just means the decision was made by people who didn’t want to deal with the hassle of defending their product’s core feature, rather than being a fully financial decision in the endless pursuit of more profit. Same outcome.
There’s no solution for this, from the standpoint of the average consumer. Hosting your own e-mail service is no longer tenable for nearly anyone and doing it in an anonymous way is basically impossible. Constantly using throw away accounts means not having a permanent address and basically makes e-mail about as useless as a rain-soaked ValPak stuck to the top of the communal dumpster lid.
There are a few mitigations, but no matter what you do, ultimately anything hosted outside of your control is outside of your control. VPNs? Doesn’t matter what the law is where you end up. With enough pressure, it can all be linked back to you if any piece of identifiable information is involved. Your payment method? Easy. Your originating IP? A little harder, but not by much. Even if you hop and hop and hop, the trail exists. Your only true option for anonymity is burner hardware that you dispose of after use. And that’s economically and ecologically a horrible option. All you can do is make the trail back to you as hard as possible to follow. I know it sounds as if I’m echoing the people who blame the victim for not obscuring payment info, but their action - in this case - is correct. The blame still lives with the company that lied, but in praxis, that’s little consolation. It is, however, a good way to find people to block on social media.
There are a few things you can do to make the pursuit of your information a high enough cost of entry to prevent a free bingo square for the pigs and pigeons who might want to find you. First and foremost, don’t believe a goddamned thing any company says about privacy in regards to selling it to you.
Second, don’t pay for any service you want to be anonymized through an account linked easily back to you. Prepaid cards are an option (bought with cash, preferably). Crypto is about as anonymous as a Zorro mask worn while showing off a chest tattoo of your driver’s license and the world built around it is very similar to these privacy-first services. They do not actually protect you from anything. The manifests for transactions can, with a bit of forensics, bet rebuilt pointing right back to you unless you did the initial buy in a completely anonymous way. If you’ve already got your foot in that quicksand, do what you will. But for people who don’t want to touch it, stick with converting cash to anonymous payment methods in the real world.
Third, use free accounts with false information to run any protest organizations. Don’t use subscription based services that force you to keep a payment record on file. Freedom of speech, and in fact, the entirety of the Bill of Rights has been shown time and time again to not be anything but a promise to gullible customers. Especially when critiquing capitalist dogma or elite class supremacy. You can go online and talk a child into killing themselves or walk into another state and open fire on brown people all you want and it’ll be considered your undeniable right. But say that you think rage-fucking the entire planet into apocalyptic extinction is maybe not so good and your information will be handed over without a second thought. The Mrs. Kravitses of the world are overwhelmingly fascist-leaning and will drop more dimes than a busking hedgehog running into a spike trap.
There are options like co-op service subscriptions where ownership is decentralized among a few people who trust each other or running through the absolute dredges of humanity along side illegal pornographers, human traffickers, and raw milk peddlers. There’s a high bar to entry in understanding things like the Onion network and an even higher bar of technicality in implementing those understandings. You’re still stuck with the first-payment problem, in most cases. Getting comfortable with using cash is still the key element to protecting yourself from payment provider abuse. Laundering your completely legal activity should not be something we are required to do and my hope is that a lawsuit arises from this that costs Proton much more than they would have spent defending the principals they sold. The world does not deal in fairness, though, and the business self-preservation instinct is myopic, amnesic, and very, very stupid, so lessons will likely be ignored even if that does happen. All we can do now is tell people who blame victims to shut their fucking mouths but take their methods and internalize them.