No company is going to legally go to bat for you for $10/mo. I love how Proton nonchalantly calls out the user's dumb move in the article:
Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method. Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order...
It looks more like multiple companies were needed to pin the individual. I don't expect any company to not comply with legal requests. My understanding is this is why it's important to know what information a company retains.
For my own use, I have used Proton just to mitigate being a source of ad info and to get better service. I'm not interesting enough to overthrow anything.
Logically, any service, whether private or not, is required by law to reveal the user data they have, if there is a court order for a criminal investigation.
Proton cannot refuse, if it does not want to face a complaint that could even lead to the closure of its service. That is, in this headline the "Proton Mail" can be replaced by any other email, host, chat, social network, VPN, Lemmy, it can occur in any of them.
As said, read TOS and PP of what you use
Maybe also just consider any email insecure by default ? Like it's fcking email, having privacy, let alone security or anonymity is just like trying to mod a skateboard into a secure highway vehicule imho
On the one side, it's good to make sure people are aware of the limitations of secure email providers. However on the other the article almost reads as of this should be a surprise to people?
I use Proton mail and pay for my account. I don't pay for anonyminity - I pay for privacy. They are two very different things.
The article talks about Opsec (operational security) and they're right - if you need anonyminity then don't use your personal apple email as a recovery address. That is a flaw in the user approach and expectations that unencrypted data held by Proton is also "secure". Your basic details and your IP address are going to be recorded and available to law enforcement. Use a VPN or Tor to access the service and use another untraceable email for recovery, and pay via crypto if you want true anonymity. And even then there are other methods of anonymous or untraceable secure email that may be better than Proton mail (such as self hosted).
But for most users like myself, if you're not looking for anonyminity then Proton is fine as is. My email address is my name and I use it to keep my emails secure and not snooped on by Google etc.
Proton advertises itself as private, secure and encrypted. It does not claim to offer anonymity.
All the commenters suggesting that Proton is just a company and would always give in to legal requests and all other companies and any email provider would do the same, here's some more to add. Yesterday I saw a now invalid toot comment from ProtonPrivacy on Mastodon Social where they wrote that it was Apple who was to blame and that Proton gave the recovery email address only because this was a case of a terrorism suspect suggesting that if that (terrorism) was not the case they would not have given in to the request. Today their comment sadly gives a 404 error. Searching a bit further this article comes up mentioning Proton and Wire :
In the new resolution, the National Audience judge recalls that in January, in a judicial report he issued on the case, he highlighted a conversation from July 12th and 13th, 2020, about the king's visits, which was included in the Tsunami investigative evidence, and of which he admits that until that point he had not made reference in his investigation which extends over the period from 2016 to 2022. Specifically, one of the people under investigation, the Girona businessperson Josep Campmajó, spoke to the figure named Xuxu Rondinaire, with profile @marietadelulllviu, about mobilizations in 2019, using the Wire messenger app. The judge has asked for the identification of this person, information now obtained by the Civil Guard, which details that they used Europol to ask the Swiss authorities for the Wire firm to identify the person behind this pseudonym, with a profile that is also used in Proton Mail, an encrypted email system. In the police cooperation form requesting the information, the Spanish officers indicate to the Swiss authorities that the investigation is for the crime of terrorism.
Proton is not for activism. Treat it as bad as Gmail or outlook for that. Moon Of Alabama blog has lots of criticisms. If you want to be anal about using email for activism and whistleblowing, use a serious provider like Riseup or Disroot. All these Protons and Tutanotas are useless. They are only better than Gmail and Outlook.
There are some idiots that spread nonsense about me that I am paranoid or whatever. Yes I am proud of it, because they are the incompetent ones. Big Tech "security" shills and a lot of kiddies without experience do this.
Edit: I will take the liberty of recommending digdeeper's blog for email providers.
Proton should look who was asking the disclosure. He's a known far-right judge that opens cases like beer cans. And the "terrorist" group is marked as such because someone had a heart attack the same day there were protests in Catalonia.
And then I am the one exaggerating... I'll say it again, Proton is just another company that managed to find clever ways to profit from a group of people who value things such as "privacy".
They're just a very large marketing effort with little to nothing to show but everyone is convinced they're actually protecting users while they keep pushing proprietary / half open and non standard stuff as solutions for problems already solved with truly open tools, standards and protocols.