132

Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency (theintercept.com)

submitted 7 months ago by ElectricWaterfall@lemmy.zip to c/privacy@lemmy.ml

19 comments fedilink hide all child comments

cross-posted from: https://lemmy.zip/post/48551495

all 21 comments

sorted by: hot top new old

[-] theskyisfalling@lemmy.dbzer0.com 116 points 7 months ago

Why repost this with the sensationalist headline but not include the context provided in the comments by @artyom@piefed.social

"The author omitted the complete statement from Reddit:

Hi everyone,

No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.

In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.

Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.

Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.

Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.

The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach."

[-] ViatorOmnium@piefed.social 24 points 7 months ago* (last edited 7 months ago)

So, in summary, Proton will block any account, without any evidence, just because a random CERT says so.

[-] Nighed@feddit.uk 21 points 7 months ago

Ok, they are getting down votes, but technically true?Yes they reinstated it, but they assume guilt rather than check first?

I assume that they have a level of trust in the reporter, that hopefully they will not extend next time. I guess they must get a lot of these, and that failing to block spammers means they may lose trust of other email servers?

[-] ryannathans@aussie.zone 10 points 7 months ago

Proton's reply says they also were flagged by their abuse system

[-] some_kind_of_guy@lemmy.world 11 points 7 months ago

We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.

Semi-unrelated, but back when I worked weekends in phone support, nothing came close to the satisfaction of delivering a "no, we can't do that right now" or "sorry, but that's not even our issue" to some cranky bastard on a Saturday morning. Then, after listening to a fully grown adult have a tantrum, promising that a superior would reach out during business hours... Monday. I knew full well they would spend 2 full days stewing, only to hear back from someone in management who would say something like "the agent you spoke to was absolutely correct, we don't have any control over the quality of your Internet connection, we are not your ISP, go talk to them, goodbye." I was lucky to have some pretty based individuals I would report to - sometimes they'd even let me listen in on those escalation calls live to enjoy the resulting unhinged meltdowns. Talk about catharsis.

[-] m33@lemmy.zip 20 points 7 months ago

Extract : Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency

[-] msage@programming.dev 21 points 7 months ago

Which is still bad? Why would blind report warrant disabling accounts? It's like those DMCA takedowns.

[-] ryannathans@aussie.zone 6 points 7 months ago

Proton responded, most were in clear violation of ToS and correctly flagged. 2 were unsuspended. Half the article is bullshit, especially the legal claims

[-] rumba@lemmy.zip 12 points 7 months ago

Clarification:

CERT Fd up and called two whitehat disclosure accounts malicious

Proton did not check these accounts before they torched them.

Specifically for the type of privacy and security that Proton offers, I would expect a slightly higher level of customer service. Perhaps a message to the end user saying we are considering terminating your account. And giving you a chance to appeal before you knock it out.

This is by far not the worst thing they've done and in some sense it's not completely unreasonable. But I think they could do better.

[-] birdwing@lemmy.blahaj.zone 3 points 7 months ago* (last edited 7 months ago)

This seems like it's intentional though. CERT needs to be held responsible. You should always have a notice of termination.

[-] network_switch@lemmy.ml 13 points 7 months ago* (last edited 7 months ago)

It's always been delusional to think organizations run by public people based in any country wouldn't abide by laws and government orders. They can hop countries and this will always happen. There is not a single jurisdiction in the world where any company will legally be safe from censorship, government coercion. Tech has to be designed and adopted for its resilience to state coercion and risk for loss in leadership

[-] Cris_Color@lemmy.world 10 points 7 months ago

Yeah as much as I don't love proton as a company this feels wildly misleading...

[-] prosecute_traitors@lemmy.zip 3 points 7 months ago

Because it is.

[-] birdwing@lemmy.blahaj.zone 9 points 7 months ago

And what is a CERT?

[-] Nelots@piefed.zip 12 points 7 months ago

A Computer Emergency Response Team would be my guess.

https://en.m.wikipedia.org/wiki/Computer_emergency_response_team

this post was submitted on 13 Sep 2025

132 points (80.8% liked)

Privacy

48285 readers

608 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS