It’s also worth clarifying that ProtonMail doesn’t collect IP addresses by default. Instead, the monitoring/ logging starts after ProtonMail gets a legal request.
They still have to adhere to legal requests.
Yes, exactly.
Privacy is and should be a right, absolutely if you’ve done nothing wrong.
But it doesn’t absolve anyone from the right to shroud from any crime committed, period.
should be a right, absolutely if you’ve done nothing wrong.
The loss of privacy happens before the determination whether that person has done anything wrong. If the person’s criminal case goes well, do you have a time machine to go back and not invade privacy?
No, because that’s the part where someone should’ve learned a lesson or two. What do you mean if a criminal case goes well? If someone is suspected of something and may be involved in a crime, what entitlement do you have? It is part of a criminal investigation process. You either comply or worsen your odds by raising suspicions if you continually refuse to cooperate because you’re too busy debating police officers about “MUH PRIVACY”. Duuuuuhhhhhhh!
Did you think you stepped on some checkmate kind of discovery here? No, you didn’t.
The police gained access to the IP address because Swiss authorities chose to cooperate with the French government
We’ve seen this several times now. Proton is subject to Swiss law, just like every company in their respective countries. You choose Proton because Switzerland has the most privacy protections of any country on the planet (for now).
If you want private communications, don’t use email. In fact, if we could all stop using email entirely, that’d be wonderful. There are hundreds of truly-secure alternatives, many with no company involved at all.
This is absolute nonsense. I would prefer most of Europe over Switzerland. The swiss government was always bad with privacy. See Fichenaffäre for example. Not to mention the new büpf and similar laws. I’m swiss. I would never store sensitive data in Switzerland on a public server. Well. Except taxdata, I guess. Can’t really get around that.
Apart from it’s an old story, discussed already back and forth, Proton’s claims regarding privacy are really weak. Especially when it comes to presenting Switzerlamd as a privacy safehaven. Switzerland is a tax evasion savehaven, not a privacy safehaven, Proton. How Proton puts it: we provide world class privacy (but have to break our claims and comply with Swiss law immediately once there is a legitimate or not request from law enforcement, oepsie sorreyy!)
The lesson here is despite what a service says, don’t trust it and take the appropriate measures to cover your tracks.
You can create an access the inbox through Tor at
protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onionThe important thing is to always access it through Tor.
Also pay attention to what the service says and what it doesn’t. We get into this spot regularly because of things people assumed about Protonmail without being told.
Proton needs to get its head out of its ass and fire Andy already, grow a pair and get off Reddit and back onto Mastodon and face the backlash like actual adults.
Why is this a surprise? IP Logging is pretty normal for any service.
2.5 IP logging: by default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our Terms of Service (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities. If you enable authentication logging for your Account or voluntarily participate in Proton’s advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.
Source: Their privacy policy.
Okay so I do remember this issue being brought up a long time ago so it’s not exactly news and the author has a poor time lapse of events.
ProtonMail is not like a safe haven for any criminal operation, that would make Proton incredibly liable. Just like Telegram became with what’s been happening with trafficking and children-related incidents.
Secondly, an IP address is like stupidly easy to get anyways on someone unless VPN.
There is just so many things wrong that people are not taking into account but I guess let others go on self-virtuous parades to demonize Proton. If you understand laws, this is not a problem. If you understand tech, you’d realize the same. If you understand both, then hooray! You get it.
So Protonmail was required to log the IP of the user after being ordered to via the proper international Swiss legal channeks, per Swiss/Europol law. And at some point recently, Protonmail thus removed the copy from their frontpage that advertised never tracking IPs.
What the article doesn’t really explain, is what exactly changed about Swiss or euro law? And when? What rules or acts have sprung up that made this possible? Or, was this always something that was possible that has only just now made precedent?
It’s important to hold accountable the named individuals who are harming individual security, safety, and trust in this manner so that they can be prevented from continuing to do so.
Nothing unexpected from a company that openly espouses fascism.
Could you elaborate on this comment?
Surely recent CEOs actions
A few months ago the CEO tweeted that he supported Trump and his policies. The most ironic part was that he’s an immigrant himself but lives in Switzerland.
Not sure if anything else happened since.
Unless I’m missing some recent news that sounds like a really misleading interpretation of what happened. I thought he tweeted that he thought republicans were better than dems on big tech legislation.
That was an insanely stupid statement but its far from supporting trump and all his policy.
Not sure if anything else happened since
Well, immediately since, the board supported the CEO’s support for Trump; but I don’t recall anything of note since then.
“climate activists have been taking over commercial apartments” So … trespassing? They breached privacy for apparent trespassing? Is that it?
I dont really blame Proton for this. Accessing anything on the internet on a clear connection and not through a VPN or TOR makes it your own damn fault when you get identified.
Victim blaming at its finest!
I mean, I understand where you’re coming from, they absolutely shouldn’t log IPs. BUT, if you’re committing crimes or even doing legal things the government doesn’t like, it would behoove you to put in the absolute bare minimum of OPSEC at least.
Like, some people know they have STDs and don’t warn people and spread them, right? And while the spreader is obviously the problem there, some commonly accepted advice to the victim is “you should have worn a condom anyway.” And they should have worn a condom to protect themselves (and also the spreader should be held liable.)
Like the previous example, anyone using any online service (for secrety things) should know to put a VPN condom on before they put their data inside that sexy, slutty server rack. And like how contraceptives were that knowledge needs to be spread.
LOL wearing condoms is copium now? Have fun with your STDs!
put a VPN condom on before they put their data inside
What if Proton is your VPN?
Those who used it imagined Swiss law to be less intrusive? I suppose it sounds like a good idea to anyone, which is mostly everyone, who doesn’t know Swiss law.
Yeah, they rolled over to the authority, as expected. But, they sold themselves as “private”, not “private up to the extent of Swiss law, and our laws here are very intrusive, so really the private part isn’t going to get anyone very far if they use this service for anything slightly questionable, let alone outright illegal. You might as well be using GMail for how ‘private’ this thing is.”
they sold themselves as “private”, not "private up to the extent of Swiss law
No, they sold themselves as “private up to the extent of Swiss law”.
WHAAAAATTT???
The same company that supports Trump and closed the account of two journalists???
Who would’ve EVER EVER EVER expected that???
I AM IN SHOCK!!!
Stop spreading misinformation.
You can look it up for yourself but the tldr is that the company donates to leftist organizations that promote freedom, privacy, and open source.
They temporarily suspended 2 journalist accounts in order to verify if they were nation state hackers which was flagged by a CERT, which they reinstated.
Time will tell…
Just switch over to a privacy focused mail service like… uh… like… well shit.
Journalists, activists and even lawyers on the side of activists should always use something like Tails. No matter what companies like Proton promise or what the law in the country they operate in says.
