Accounts with third-party service providers were used “for exfiltration or infrastructure,” according to a post by law enforcement on LockBit’s seized darkweb domain.
Essentially. Police or anyone could report an account for illegal activity which is against ToS for all three of the services. From there the service would need to be able to substantiate the claim and then shut down the account. I’ve seen a few cases of proton accounts getting shut down. Proton can’t read emails but they can read headers and if you’ve posted illegal activity in public using your proton email address or if law enforcement/ someone reports you for using proton for illegal activity then proton will be able to review headers to determine if you’re violating ToS. Like a few years ago i think someone was using proton for ransomware, and proton was able to match the headers with emails that had been posted in public, and acct got shut down.
Unfortunately can’t find that specific case but that was one example I’ve seen
So the police provide the companies with addresses associated with illegal activities and the companies disable those accounts?
Essentially. Police or anyone could report an account for illegal activity which is against ToS for all three of the services. From there the service would need to be able to substantiate the claim and then shut down the account. I’ve seen a few cases of proton accounts getting shut down. Proton can’t read emails but they can read headers and if you’ve posted illegal activity in public using your proton email address or if law enforcement/ someone reports you for using proton for illegal activity then proton will be able to review headers to determine if you’re violating ToS. Like a few years ago i think someone was using proton for ransomware, and proton was able to match the headers with emails that had been posted in public, and acct got shut down.
Unfortunately can’t find that specific case but that was one example I’ve seen
That sounds reasonable. Thanks for the explanation.