dlb It doesn't matter. They gave up customer data. What is the point of having VPN then if they sell your data.

Proton didn't sell anyone's data, nor was this case related to their VPN service to begin with. You are letting the facts get away from you.

Graphite chuck if the user used vpn

I think you meant Tor

According to Andy Yen's blog post (which is worth a read if you haven't yet), either would have sufficed perfectly fine. If Proton turned over an IP address for the emails that lead to a no-logs VPN, that would have been the end of the trail. Even if the user connected with Proton's own free VPN service, that would have sufficiently obfuscated their traffic because the IP address doesn't lead anywhere (under current Swiss law, email and VPN are treated differently, and Proton VPN cannot be compelled to log user data.)

Graphite If Proton were to start breaking the law to keep customers shielded, I'd leave. Because it won't last long and I'd expect LE to start infiltrating, spying and raiding.

I think this is right. For people who can be bothered to use the resources correctly, what Proton offers is an amazing contribution to the privacy rights movement. To sacrifice all of that infrastructure and tooling just to take a bullet for someone who was careless or ignorant with how they were using the services does not seem right. It's unfair to everyone who is being cautious and using the tools correctly.

          After carefully reading all about proton and mulvad. And with help of your comments. I have decided that proton is better suitable for me.
          It is a little bit more user friendly than Mulvad, and accepts also cash payments.
          And has more features that comes with subscription.

          Security and privacy wise I think there is not much difference between the two.

          Yes proton has gave this IP address, but who can tell for sure that Mulvad didn't secretly..

          As mentioned many times in this forum user is the weakest link in this story.

          Thanks to all for the help

          I use Mullvad, not as much to hide my identy, but to avoid trackers and ads. Mullvad has a good adblocker-trackerblocker dns included in their service, so i don't need to use any adblockapp, what is convenient.

          For those who want to buy anonymous, but don't want to handle with crypto currency's, you can buy 6-month scratch cards on Amazon. I used one month to see if it's good, paid with credit card. When i decided to use it regularly, i simply deleted the app, bought a scratch card from Amazon and generated a new user account. For the account they don't need any personal information, it's just a random number you write down and you can add payments to these, like explained on their website.

          Mullvad works good so far, they deliver what they offer. Using a vpn doesn't make you invisible for all instances, but it does what is possible for the idea behind a vpn.

          The speeds are mostly fast, i didn't find a website not working with them. Though they are mostly blocklisted by streaming providers, but i don't use them for that.

          BluishHumility exactly this. Following the actual Swiss law, they can't ask providers to log VPN data, only email ips. So using both Proton VPN and Mail, they can't reveal IPs. As simple and profound as that.

            I'm not sure about Mullvad, but ProtonVPN offers Wireguard config files. I consider that as a huge benefit because for most VPNs, the native app drains the battery too quickly. Also Wireguard is generally more convenient for switching between different providers.

            Another thing to consider is ad blocking. Proton offers ad blocking settings so you don't need to install any blockers on your device. I find that useful for Vanadium browser since it doesn't block ads natively yet.

              roddyd I'm not sure about Mullvad, but ProtonVPN offers Wireguard config files. I consider that as a huge benefit because for most VPNs, the native app drains the battery too quickly. Also Wireguard is generally more convenient for switching between different providers.

              But Android does not support WireGuard - wouldn't you need to still use yet another client app for WireGuard?

                  f13a-6c3a

                  f13a-6c3a Yes, I use the third party Wireguard app. It's very barebones and just provides "switches" for each VPN you set up. The benefit is that it has a lot less background tasks and saves power.

                        roddyd I've used WG original client in the past during troubleshooting calling issues while on VPN but not in lieu of Proton app for continuous use. Now I'm intrigued and will give it another try

                          roddyd Yes, I use the third party Wireguard app

                          Hello, could you please provide more info on what app do you use for wireguard

                              roddyd I'm not sure about Mullvad, but ProtonVPN offers Wireguard config files.

                              This is also the case for Mullvad. I use on my laptop the Wireguard configuration files. On my phone, I use the Mullvad app that supports and use Wireguard by default.

                              roddyd Another thing to consider is ad blocking. Proton offers ad blocking settings so you don't need to install any blockers on your device

                              This is also the case for Mullvad, although it might be less user friendly at the moment: you have to manually input in the Advanced settings of the Mullvad app their DNS server address that blocks ad and/or malware domains. They plan to implement this functionality natively in a future update of the Android app.

                                  nosferatu

                                  Interesting case. I think the Swiss authorities definitely were in their rights to assist in investigating this assassination threat. Mullvad would have complied with this too.
                                  The indictment shows very disturbing content: https://www.justice.gov/usao-md/press-release/file/1416926/download

                                  I don't know why people are assuming "privacy" == "shielded from the law".
                                  A very important note: The crime doesn't have to be committed in Switzerland or involve Swiss persons. It just needs to be something that is illegal in Switzerland. So you're safe from laws of your home country if it's legal in Switzerland.

                                      nosferatu There was also a case of Proton providing data about a user to the US authorities

                                      Protonmail itself has not disclosed any user data to US law enforcement agencies. This would be punishable. According to Art. 271 StGB of the Swiss Criminal Code (StGB), no actions for a foreign state, such as the USA, may be carried out that belong to an authority or an official without the permission of Switzerland. However, Swiss authorities have cooperated with US authorities, so that the Protonmail user was convicted by US authorities. In other words: Switzerland, with its surveillance laws, cooperates with the USA.

                                      Twitter statement from ProtonMail CEO:

                                      I can well imagine that many ProtonMail users are currently unsettled. The CEO of ProtonMail, Andy Yen, therefore clarified the situation on Twitter. The English tweets from the ProtonMail CEO, freely translated (by me) into German:

                                       There is a lot of false information about ProtonMail and an alleged cooperation with US authorities. Some clarifications:
 1) ProtonMail does not share data with US authorities. This is illegal under Article 271 of the Swiss Criminal Code
 2) ProtonMail only follows legally binding orders from Swiss authorities. This means that the legal standard is that Swiss law is violated (not US law or any other law)
 3) In the Fauci case, the Swiss government decided to assist the US authorities in their investigation, since Swiss law was also violated (sending death threats is highly illegal)
 4) The only information received from ProtonMail was the date the account was created as that was all that was available.
 5) Under no circumstances can encryption be circumvented.
 Please do not use ProtonMail to break Swiss law - it is illegal.

                                      Reading the DOJ affidavit, the investigation really hinged on the suspect having his Mail.com (unencrypted) account subpoenaed, sending username/passwords for his Protonmail accounts, and using the same username as his Instagram.

                                        Graphite Criminal activity is not excusable. Nevertheless one should be aware that Switzerland is not the bastion of privacy it once was. Such statements as "protected by Swiss privacy laws" don't hold much water anymore, and if there is a takeaway from the cases mentioned in this threat, it is that if privacy is your goal, then services like those provided by Proton may not be your best option.

                                            nosferatu

                                            IMO strong bastions of privacy that would be willing to shield users from the law, are not sustainable. There are many "bulletproof" services on the Internet. They come and go like the wind. They inevitable attract the worst criminals, and get infiltrated/raided/seized/shutdown.
                                            Even in the past, the stronger Swiss privacy laws would not have changed the outcome in this case.

                                            nosferatu "protected by Swiss privacy laws"

                                            That statement is too easy to misinterpret. Criminals be dumb, and think that such a statement can help them.

                                            nosferatu if privacy is your goal, then services like those provided by Proton may not be your best option.

                                            I disagree. I think people don't often ask themselves the all important, "Privacy from whom?"

                                            I moved to Proton because Gmail was getting more and more crazy with my data. In my Google profile, there was a history of "purchases", that were scraped from emailed receipts from Amazon. That was the last straw.
                                            I didn't start using Proton because I wanted to do crime. I can understand some people disagree with the laws of their own country when those laws aren't "common" among more free/permissive countries like Switzerland. For them, their actions may be a crime in their home country, can benefit from the change in jurisdiction.

                                            But for those who want to commit crimes that are crimes pretty much everywhere... then just changing jurisdictions to Switzerland isn't going to help. At most you are just giving LE extra steps.
                                            So if the answer to "Privacy from whom?", is "from all law enforcement, everywhere", then services like those provided by Proton or Mullvad may not be your best option.

                                                    • [deleted]

                                                    • Post #40

                                                    roddyd this statement would only be true if all your communications were end-to-end encrypted on Proton services. But most of our emails cross over to different services such as gmail, outlook, you name it and are only transport layer encrypted at most so who is to say they can't be read on the other end or anywhere in between?

                                                        [deleted] That's true. I guess I meant the storage of data rather than emails in transport. Even though the emails can be seen in transport, it's hard to get 100% surveillance by a single party without access to the destination, which is still a better option than using Gmail. Ideally we would've adopted universal encryption by now but it just hasn't caught on yet.