Their homepage says "By default, we do not keep any IP logs"
In 2021, any soft language like this should be a red flag for anyone who is against surveillance. Maybe in 2018 it was good enough. But in 2021 it's not. Come on, Protonmail, you're supposed to be leading the way -- don't make me figure it out myself.
Replace immediately with "By default we don't log IP, but may be required to by local law enforcement. We recommend everyone connect through Protonmail through Tor. This month, 60% of our users connected through Tor".
For starters, I emailed Protonmail support.
Here's mine: Hi, Your homepage reads "By default, we do not keep any IP logs..."
This language is soft and misleading. Maybe in 2018 when I first began using ProtonMail it was good enough. But in 2021 it's not. I expect better from ProtonMail.
Replace immediately with something clearer. "By default we don't log IP, but may be required to by law enforcement. We recommend all customers connect through Protonmail through Tor. This month, 60% of our users connected through Tor".
If you can't come up with anything better for users, just fall back on your privacy statement verbatim and avoid any marketing language.
Think about a journalist in Afghanistan, a whistleblower in the USA, or a human rights activist in China. They're all engaging in potentially dangerous activities.
I advocate on behalf such people by supporting services like Protonmail with my money. If Protonmail isn't supporting these users, why should I bother supporting Protonmail?
I expect Protonmail to educate users like this about how Protonmail itself can be turned into an adversary. Educate users about how to use Tor. Do better. Improve the internet.
I look forward to your reply.
Also, registering a new account through Tor requires a phone number for verification, even though Proton says no unique identification is required to register. If this requirement isn't removed by the time I renew my account I will no longer renew.
Their page is full of what are now obviously lies. They admit that in the cases of "extreme crimes" they might be forced to give up information. _By no stretch of the imagination are these peaceful political protests "extreme crimes"._
I specifically advocate for the sorts of people that Protonmail ratted out and had arrested - climate change activists.
They are thinking about them. They want to make sure such people don't get them in trouble with the US or China, so they sell them out immediately.
For the non-Swiss customers working with a Swiss provider can be a good enough protection to avoid inconvenience of Tor. After all, even in the mentioned case it required review and approval of 3 agencies before request came to Proton - from French police, from Europol, and then from Swiss authorities. If this is not enough barriers to protect from politically motivated prosecutions and corruption, then we have much bigger problem in Europe.
The proposed statement above is intended to help people like that.
Do I have such activities? Nope. But I believe that those activities should be enabled, whether for me in the future or others around the world.
I advocate on behalf such "dumb" people by supporting simple services like Protonmail with my money. If Protonmail isn't supporting these users, why should I bother supporting Protonmail?
Well, in this case isn't it clear that these barriers were in fact not enough? Or do you think anti-squatting is a major enough problem that it warranted this level of international cooperation, without any politically motivated thinking?
These seem to have been climate activists engaging in sit-ins.
Surely these are the very sorts of people that secure accounts are intended to protect?
Even though they claim no identity is required to register.
I confirmed this today when I created a fresh Protonmal account over Tor: https://news.ycombinator.com/item?id=28428092
Are you human?
If you are having trouble creating your account, please request an invitation and we will respond within one business day. Request an inviteI have two - both on MVNOs, not in my name, and sitting in my office doing nothing but relaying sms to email:
We cannot rely on what companies say about their privacy guarantees, or rely on vendors' technical analysis of their own black box systems, because a simple court order can essentially be a backdoor.
and
> Proton reached out to us to confirm that the only data provided to Swiss authorities was the date of account creation. [1]
[1] https://proprivacy.com/privacy-news/protonmail-authorities-u...
A week ago: "Proton reached out to us to confirm that the only data provided to Swiss authorities was the date of account creation." [1]
Today: Article published claiming Proton gave up user data. Did Proton officially now state they "allowed the account to be monitored"?
Am I getting this right?
[1] https://proprivacy.com/privacy-news/protonmail-authorities-u...
Something their marketing material appears to disclaim. This is just excuse-making. ProtonMail did what ProtonMail has (for years!) led their customers to believe they would not do. And they did.
I think there's an argument to be made that any commercial email/messaging provider simply can't do what ProtonMail claimed to do. But that doesn't change the fact that ProtonMail did it.
I agree PM should be more forthright in their messaging but realistically I don’t believe any company that takes payments and doesn’t track any info at all.
I can't understand what just happened. I truly believed it's all save and secure.
I'll call that a win for all customers who emailed Protonmail about this.
HN discussion: https://news.ycombinator.com/item?id=28443449
In 2021 the most powerful canary statement should be "Don't trust us. Seriously, treat us as an adversary. We still want you to be our customer of course, but here's how we really recommend you use our service, Tor, semi-anonymous payments, etc. In God we trust, for everyone else use math."
What is far less clear is if you can trust the continuation of a canary statement to indicate the absence of the action it denies, since it is both legally disputed whether continuation of the statement could be mandated by government and because anyone who has an interest in the PR value of providing a canary statement also potentially has the same interest in continuing it as long as it is impractical to falsify.
They provide protection from your local network, but you they can do all the same things and more.
Is the parent suggesting that no one should bother to read the Terms and Privacy Policy, linked to from the homepage. https://protonmail.com/privacy-policy
Despite the parent's claim, the Privacy Policy says the company may log IP address. Temporarily. Irrespective of any request from local authorities regarding a specific user. IOW, they may log anyone's IP address temporarily regardless of whether the particular user is casuing trouble; they can log IP address for everyone. The policy says they log this data for the purposes of preventing fraud and abuse. The problem for privacy-conscious users is that if they log the data, then that entices authorities to try to successfully request it.
The policy, which imposes no obligations on the company BTW, reads as follows:
"IP Logging: By default, we do not keep permanent IP logs in relation with your use of the Services. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (spamming, DDoS attacks against our infrastructure, brute force attacks, etc). The legal basis of this processing is our legitimate interest to protect our Services against nefarious activities."
There is nothing that says "By default we do not retain any logs". This clearly states they may be expected to retain IP logs. ("IP logs may be kept temporarily...")
But wait there's more.
"We will only disclose the limited user data we possess if we are instructed to do so by a fully binding request coming from the competent Swiss authorities (legal obligation)."
This clearly states the company may disclose the data they possess, e.g., IP logs collected to combat fraud and abuse, if in response to a request from competent local authorities.
Further down is a curious statement about decrypting messages.
"If a request is made for encrypted message content that we do not possess the ability to decrypt, the fully encrypted message content may be turned over."
Why include a statement such as this, specifically the part that says "that we do not possess the ability to decrypt". The company already specified it may disclose the data it possesses. This further statement suggests there could be some situation where they may have the ability to decrypt some messages. Besides their own communications with customers, why would they ever have encrypted messages that they can decrypt. They could state something like "If the request is made for encrypted communications addressed to us or sent by us, ...", but they do not. As such, their statement must include other messages, too.
Just how transient do logs need to be to fit this criteria?
Am guessing the 7 years or so we need for some of our specific logs might fit the temporary definition too.....
I basically decided to just give up. Email is an insecure protocol and there's not much that can be done about it. Choosing a "secure" email provider feels like choosing a "secure" VPN provider: it's impossible to verify the provider's claims so it's a kind of security theatre.
Email can't guarantee E2EE without a block cipher tool like GPG. Even if your provider stores and transmits only encrypted email data, once sent it does not maintain that guarantee while being passed by another entity's MTA.
If you email google, google gets to do whatever googly stuff it would like to do with its algorithm. If you email exchange, roundcube, ISP, hotmail, it could wind up being archived to tape, or simply be sitting for a long time in some unencrypted mail spool, maybe in a public cloud. If you selfhost, you would be forgiven if you find you have made a mistake or simply got pwned.
I've never selfhosted email, but I understand it is a lot of work to set up if you aren't familiar, and while maintenance is okay once you get rolling, there are occasional emergencies or hiccups that require intervention.
Aside from being much slower, regular mail is quite better since you can easily inspect the envelope for evidence of tampering, while email will be imperceptibly copied.
Notionally, I would imagine something that looks like "email" and acts like "e-mail" (to the end user) could eventually exist that provides the same (conceptual) security that the Signal protocol provides (and perhaps a hosting provider option that's the same level of user confidentiality that we get the Signal foundation), although you're correct that foundationally it would be a different protocol. Backwards-compatibility would be required, at least for seamless transition (perhaps represented as "secure" and "plaintext")
Wasn't Ladar Levison (the individual behind Lavabit) working on something like this? https://darkmail.info/
But if you want truly private and secure communication, you'll have to forget about email. Even with encryption there's still way too much metadata floating around that can identify you.
I don't thinks that dedicated server provider (like Hetzner) or cloud provider (like Digital Ocean or Vultr) stores traffic logs with enough details to be useful in such case.
But payment will be a problem...
One expensive but possible option would be to build a server yourself with sufficient traps to shut off when it's tapered with. Then set it up with full disk encryption and put it in a shared rack.
Things like hiding or destroying evidence of a crime generally are separate crimes of which you can be convicted even if you're acquitted of the original crime (e.g. burying a corpse in the woods or throwing a gun in the river).
Destruction of evidence with the intent to hide it from prosecution also may enable so called 'adverse inference' where essentially the jury/judge can assume that the destroyed evidence actually showed what the prosecution intended to find there. For example, if you're being prosecuted for possession of child sexual abuse material, there's a warrant for your hard drive, but it gets fully destroyed because you have rigged some device to destroy it (and the prosecution proves that you did that with the intent to destroy evidence) then the court may take it as a fact that the hard drive did indeed contain CSAM and treat it as sufficient evidence to convict you.
In short, self-hosted service on a rented service does not provide much protection.
Even if they don’t, as long as they have the email address then they can probably find the mail server even if the payment is anonymous.
So tutanota would be a good alternative to protonmail. And mailbox.org is a good alternative to fastmail. Both are based in Germany.
> Storage only takes place for IP addresses made anonymous which are therefore not personal data any more.
What the heck does "IP addresses made anonymous" mean?
It gives no worse privacy guarantees than protonmail and possibly way better - because if you use protonmail through a web client and they get a court order to serve you a "special" client that forwards your certificate you won't notice it.
I have seen a ton of disturbing pieces about ProtonMail. Every time I've looked into them, they seem to be maliciously motivated and usually not true, or otherwise twisting of the truth. This has been a confusing thing for me because why is there a small subset of people so vehemently against them?
In this case, I'm not surprised. They say quite clearly they can be compelled to collect IP addresses - including in the linked tweet. This seems like a pretty clear cut case of them being compelled to provide an IP address. What the authorities can't do, is read that person's email. And that's what I and others pay for.
I'm not sure what there is to be upset about here? Other than perhaps France prosecuting this individual to begin with? If we had faith that ProtonMail wouldn't hand over anything to the government, why would anyone even care about having encrypted emails?
Is there any evidence this is what happened?
An alternate scenario is that they were not keeping logs, and were then compelled by the authorities to start keeping them on that user.
I think trusting your security or privacy to website-based email is a bad idea. If the email is being displayed in your browser, then the authorities can coerce the company that owns the website to include JavaScript in that page that sends the plaintext content to them too -- or demand the website's TLS key and start intercepting the traffic that you see.
The only encryption-based security that you can reliably trust is encryption that happens locally on a device you control, and that doesn't involve a web page or website loaded from a 3rd party.
If you want privacy protection with real end-to-end encryption that the government can't get past trivially with court orders, use services where the decryption happens on devices that you own, such as WhatsApp or Signal or iMessage. If you must use email, do the encryption yourself on a hardened Linux distribution like Tails using PGP for email encryption; but this is much harder to set up than the above secure messengers.
I wouldn't say ProtonMail is a scam, but a trivial software change on their server-side would let the authorities see your email every time you do. If they can be compelled to make that change then the "encryption" you're paying for is worth nothing. The next time you sign in, a court-required modified version of their server software can capture your password, and then use whatever key derivation function gives them your encryption key.
This might not even require the company to actively participate. In the case of Snowden and LavaBit email, the US Government demanded LavaBit's TLS certificate so as to intercept the communications themselves at the ISP layer when LavaBit refused to comply with narrower court orders to provide information about his account.
What could police do with ProtonMail's TLS certificate and court authority to intercept and MITM traffic for your account? They can probably capture your password, use that to read all of your old email, and at minimum read your email as you read it. Even if decryption is happening in the browser somehow with JavaScript, that JavaScript is coming from the origin server that the government now controls by virtue of MITMing the traffic with the site's TLS cert, and so they can insert JavaScript that logs a plaintext copy of either the emails or the encryption key needed to decrypt them.
There is no security with web-based communications if the companies involved can be coerced with a court order. US based firms would be required to hand over their TLS cert if they weren't willing to help track someone, and at that point the government could do anything to your traffic.
The only secure encryption happens on your device with no browser involved.
By comparison, if you're using an iPhone, in theory the US Government could try to force Apple to modify WhatsApp/Signal on your phone, or force the App developers to do so. These companies would all fight tooth-and-nail in court against doing so. Plus, you can configure your iPhone to disable automatically updating apps, so once you have a working version of WhatsApp installed, unless Apple has some backdoor-ability to push an update of it to your phone anyway, you could turn off app update and be cautious & picky about when you choose to update WhatsApp or Signal. What I don't know how to do is verify the integrity of their binaries: to confirm that what you're getting is the same app distributed to everyone. Facebook would appeal to SCOTUS before allowing a government to install a backdoor into WhatsApp; so would Apple, based on their response to the government's request to unlock the San Bernadino shooter's phone.
All that being said, if the government's goal is simply to discover your identity, which was the case here, then Signal and WhatsApp won't help you. Their accounts are based on a phone number. If the govt has your phone number then unless it's a burner acquired with no name registration then they'll know who you are, and regardless will be able to find out approximately where you are, if you continue to use that phone number. They can triangulate where you are fairly rapidly with modern technology, and this is assuming that the cell company can't simply send a signal asking the phone for its GPS-based location; but even if the govt only knows your nearest cell towers, narrowing that down to a building is a matter of minutes once they're in the area.
If you need to communicate in a way that keeps your identity a secret then you're probably best off using a free email service over Tor from a machine running Tails Linux, accessed from various locations that provide public wifi.
Tor solves this. Protonmail's Tor support is lukewarm. They have a Tor based login without captchas. It's mentioned on their homepage in the bottom menu under "Onion Site", (/tor). And there's one blog post from 2017 that still promotes their v2/shorter onion address.
I expect Protonmail to push its users to login through Tor. "Don't trust us, trust math". Embed Tor support in their apps as well. Rebuild their iOS app to offer to drive all connections through Tor.
And frankly, for $50 a year for email, I expect Protonmail to be thinking ahead about this, rather than me coming up with dumb ideas on a forum. Protonmail was neat in 2018 but 3 years later it's stagnant.
From where I stand, the only difference here is that ProtonMail has to receive the warrant before they give up all the info they have on you, and others may do it voluntarily even without that, just to keep on the good side of the police, but since it's not exactly hard to achieve such warrants (and in the US, as we learned, it's ok for the police to lie on such warrants and they know no punishment will come to them even if the lie is discovered later) the difference is minimal. If you have something the police really wants to see, and they can reveal it, they will.
What if authorities ask, serve this user this malicious JacaScript code to obtain their encryption key?
PM has to obey and the result is the same.
They come off as a very dodgy company willing to twist the truth themselves. They claim that they can provide E2EE for email, being careful not to give away the fact that this is impossible for regular emails to non-PM customers.
Frankly I only use them because they're the biggest "private" email service and that provides a kind of safety in numbers.
While I concur that it's a bit misleading nothing is stopping you from using your own key and mail client (albeit with their "bridge" solution) to send E2EE e-mails.
If you rely on the keys they generate you can export them and use them accordingly but one should be weary of the handling of said keys if they were compelled to make a backdoor as others have noted.
That being said this does leave a bad taste in my mouth.
I wonder what this “activist” did to earn himself Europol attention. At least before the world went insane, that would only happen for serious crimes.
[1] https://theconversation.com/explainer-what-is-an-interpol-re...
[2] https://www.journalofdemocracy.org/articles/weaponizing-inte...
If so, on which basis do you ironically call squatting a "terrible crime"?
Squatters in your house in France means that you you have zero rights on this place until a lengthy process gives it back to you, ruined. You are then expected to be grateful and can forget about any reimbursement from the poor people who stole your property.
Vandalising banks is stupid and also an efficient way to make powerful people dislike you.
Unfortunately this sort of extremist group is harmful to people and organisations genuinely trying to do something for the environment.
this seems to be the reply from protonmail on reddit[0]
>Hi everyone, Proton team here. We are also deeply concerned about this case. In the interest of transparency, here's some more context.
In this case, Proton received a legally binding order from the Swiss Federal Department of Justice which we are obligated to comply with. Details about how we handle Swiss law enforcement requests can found in our transparency report:
https://protonmail.com/blog/transparency-report/
Transparency with the user community is extremely important to us and we have been publishing a transparency report since 2015.
As detailed in our transparency report, our published threat model, and also our privacy policy, under Swiss law, Proton can be forced to collect info on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account. Under no circumstances however, can our encryption be bypassed.
Our legal team does in fact screen all requests that we receive but in this case, it appears that an act contrary to Swiss law did in fact take place (and this was also the determination of the Federal Department of Justice which does a legal review of each case). This means we did not have grounds to refuse the request. Thus Swiss law gives us no possibility to appeal this particular request.
The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used). We will continue to campaign against such laws and abuses.
to me this seems like they did all the could in regards to handling this request.
[0]https://www.reddit.com/r/ProtonMail/comments/pil6xi/climate_...
Maybe not having the IP address in the first place like they advertise was that was needed.
For a user the result is the same.
If the subject of this investigation had been using ProtonVPN to connect to ProtonMail, would this have (in a marginal way) protected their anonymity? If ProtonMail can be compelled to begin logging, surely the same must be said of ProtonVPN right?
It’s interesting how many “privacy focused” companies tout being based in Switzerland as some big badge of honor, which a layman consumer such as myself is supposed to be really impressed by due to the overall reputation of “Swiss privacy laws.”
In practice, I’ve never been to Switzerland. I don’t know any person that has had any legal issues there, let alone someone that’s litigated a digital privacy case there. I do not speak German or French, and don’t know where to start when it comes to looking up specific cases or court proceedings, so I’d be extremely slow on the uptake of the actual ins and outs of how the Swiss privacy model works from a practical standpoint.
The “based in Switzerland” thing strikes me as a bit of a black box bit of marketing speak. How much time, energy and money did ProtonMail expend fighting this surreptitious logging mandate? Does “Swiss privacy” actualy mean anything if ProtonMail is happy to hand over your IP address when spooked?
I would not pay any attention to the “Swiss X” marketing.
it does not; witness the swiss banking system's capitulation to the US, crypto AG, etc
Even the government sucks at online security, see the debacle of the city of Rolle and the cyberattack they suffered last month. If this is not pure ignorance and incompetence, I don’t know what is.
Not even mentioning several “made in Switzerland” software company whose only claim to Swissness is that they have an office with two people in Switzerland and all the rest are European or Indian contractors (not that these people are worse, just that it’s a marketing thing to tout Swiss software if you’re going to outsource 90% of your development offshore)
Most of the time, claiming Swiss anything is a marketing move and an excuse to justify charging much much more for something.
I can only confirm your doubts about the "Swiss privacy laws". The current laws in Switzerland are very week (at least compared to the GDPR) and it has powerful surveillance laws in place (6 months data retention for telecommunication data, mass surveillance of internet traffic entering and leaving the country). If at all, being based in Switzerland as a privacy friendly company is rather a risk than giving you a "badge of honor".
I can only speculate where this myth and reputation of "Swiss privacy laws" is coming from. I guess it is related to the bank secret we had in place for a long time: It allowed you to own a bank account anonymously. While many states (especially the US) protested strongly (and for good reasons), it gave Switzerland an aura of discretion.
I believe it comes about due to the old trope of Swiss banks being the most secure places to hide money, which of course is not true and hasn't been for a long time. Even in that period, I am sure they complied with Interpol/Europol requests to divulge account details of evil masterminds with a beeellion dollars hidden away in a Swiss vault.
I wanted to test how Protonmail is doing for new users I created an account from scratch just now over Tor.
1. Am asked to verify new account by entering a cell phone (edit: this is horrible. They lie and say account creation is anonymous, as pointed out by the poster below)
2. Upon login, "Basic" logs are selected which do not display IP. You can enable "Advanced" logs to log IP. I would suggest Protonmail make it crystal clear that these "Basic" logs do not store IP. In 2021, lies by omission are not good enough. Get rid of the soft language.
3. Their help page [1] says that "Advanced" (IP stored) logs are enabled by default. However, I created the account and it's just the Basic (no IP) logs. https://protonmail.com/support/knowledge-base/authentication...
Interestingly the sentence on their front page, right before the most commonly quoted snippet in this thread, is:
> No personal information is required to create your secure email account.
A phone number is quite a personal, unique identifier.
Welp.......Now, please excuse me, I need to go check my Protonmail settings pronto....
Vendors really need to figure out how to thread the needle of "No don't trust us" but still encourage customers to buy. Protonmail failed here. Apple's still very much in the "trust no one but us!" vibe, and it's just not sustainable.
I'll be switching my Protonmail use to default to Tor now. Open to Tor-first vendors...are there any?
I like how Brave has "open in Tor" displayed on Tor-mirrored sites. There's even an option for "Automatically redirect .onion" sites too. Makes it easy to switch over.
What if Protonmail pushed their Tor services more? "Guide to using Protonmail as privately as possible", have a switch for "Private Mode" that kicks you over to Tor/download Tor.
If you were relying on Protonmail to conceal evidence of criminal activity for you, you may not have thought that all the way through.
Everyone realizes that, by default, literally just connecting to another service over the web, will expose your IP address?
It’s trivial to monitor and report your IP to the authorities, as soon as you login to ProtonMail, despite lack of “logging”.
Logs only matter for historical data. This legal request is impossible to /not comply/ with.
Does anyone here have a feasible way to solve this? Or is it just a bunch of ProtonMail hating FUD?
Current solutions like TOR, I2P, VPNs and/or mobile proxy services are just a matter of time and legality until they come obsolete due to their publicly known nature.
I am convinced that the only way to solve this is by simply not downloading the website from its origin. The origin tracks you, so don't talk to them. Talk to your peers and receive a ledged copy of it instead.
The only problem is that this contradicts all that came after Web 2.0, because every website _wants_ unique identities for every person visiting them; including ETag-based tracking mechanisms of CDNs.
I think it's not possible with supporting Web Browser APIs the same way in JavaScript (as of now, due to fetch and XHR and how WebSockets are abused for HDCP/DRM to prevent caching), but I think that a static website delivering network with a trustless cryptography based peer-to-peer end-to-end encrypted statistically-correct cache is certainly feasible. I believe that because that's exactly what I'm building for the last two years [1].
I’m asking if there’s any feasible way for ProtonMail to not have the ability to know which IP addresses connect to their services.
You can come up with an excuse, depending on the service it might be laborious to get an IP on a running live system that doesn't otherwise care about connection information.
Depending on the truthfulness of that you might make yourself guilty of impeding investigations though.
Your contempt for web devs seems to correlate with your lack of understanding of how the web works. Responses like yours make me cringe, in how uninformed they are, despite trying to sound smart.
IP addresses can and will be exposed in any situation that a user connects to a service - it’s a fundamental property of the web. You cannot tell Government agencies, esp. when they have a 3-country-approved warrant, that “we don’t know how to”.
If you terminate a connection at the load balancer, they will make you monitor it. If that’s not owned by you, they will send the warrant onto your cloud provider or whoever.
https://protonmail.com/privacy-policy
They also provide a report of all warrants received https://protonmail.com/blog/transparency-report/
If you need trust, theres no way around rolling your own service.
However, better than most (both by jurisdiction and their own rules) than other email providers - and I'd have thought any of their users who were serious about anonymity would have used Tor/Tails etc to connect anyway and used pgp for their messages.
Details of connections to the account (IP and connection fingerprint) shouldn't matter if you were taking your privacy seriously.
Basically just signing up for protonmail doesn't make you secure and there's nothing they could do to help if you just rely on that.
There needs to be a messaging service where as well as the messages being encrypted, the graph of who is talking to who and when must be encrypted.
I'm imagining a system where your device forwards hundreds of messages for other people, hiding your own message flow.
I perhaps send a few hundred messages per day, and even multiplying that by 1000, and the typical message length of a few words, it's still a tiny amount of data transfer.
There's also a builtin I2P-Bote messaging system (bundled with the official I2P client) that is in a sense a substitute to email.
The tech is there, what the I2P ecosystem needs is a lot more users and a lot of UX improvements to make it 1-click accessible.
The reason I use tutamota (similar to protonmail) is to stop the Googles and Yahoos and hotmails from scanning all of my emails, using them to advertise to me, selling the information to advertisers. Could you imagine if the US post office opened up all your mail, read it, and sold this information to anyone who asked? Preposterous. And keep track and sell who you send stuff to and who you receive info from? Of course, if the government decided to monitor you regular mail, they could. Fine. Nothing anyone can do about that. But at least the USPS doesn't read everything you send and sell that info to commercial entities.
So, that is why I use those types of services. I don't want to be anywhere near Googlemail, or Yahoomail, or Hotmail, etc.
Personally, I've switched from Protonmail to Fastmail. Yes, Fastmail is in Australia which has draconian state surviellance laws and will comply with state requests for your data and share it with other countries. But you can't assume that any other email provider won't, as evidenced by what Protonmail just did. And Fastmail has better features for protecting you from being profiled, such as unlimited wildcard aliases, and the ability to create filters and deactivate aliases directly from incoming messages, in addition to a far better overall email experience.
https://www.forbes.com/sites/adamtanner/2013/07/08/how-the-p...
They don't sell your information to advertisers. So your threat model here is factually false.
If you use gmail, It is my understanding that google ai will routinely read all your messages and add anything interesting to your profile so they can target you for ads. Law enforcement also has open access to everything in your mailbox all of the time.
ProtonMail don't read your email but will supply metadata to authorities in response to a lawful warrant.
That still feels like a difference between gmail and ProtonMail. I pay for that difference, your money your choice.
Hard to incorporate what threat vectors their users should be mindful of and recommend steps to mitigate in their marketing without scaring people off who want to do nothing but outsource their privacy™ to someone else and not think twice about it, even if some of those people are hn users…
ProtonMail went under fire several months back about opting to use Google's reCaptcha for login in a time crunch, rather than setting up hCaptcha even if it took a little extra time.
The tradeoff was cost vs. user privacy and they chose cost, which is NOT why a lot of us pay PM to begin with.
This is unacceptable, but unfortunately there are no alternatives that hit all the check marks PM has in terms of features.
The response of "use Tor to connect" doesn't really help. If you so much as accidentally connect once with a normal IP, that's enough to nab you.
The submission title doesn't reflect the details.
I know that every IT company eventually turns into a bunch of creepy and greedy jerks that end up contradicting all of their initial "don't be evil" statements. But please, Proton, don't do this so early in the process. I'm tired of migrating from one jerk company to a we-are-not-jerks-yet company all the time. If it turns out that Proton really leaked the IP and device info of an activist to the authorities I'll just go back to setting up my own mail server like it's 1995 and f*ck all this madness.
Email is supposedly decentralized, but under the umbrella of "anti spam" it's really an oligopoly of providers
If they are announcing this, think of the ones they are under gag orders to not announce /disclose
Something is going to move.
It also seems that it is not any restaurant but one of the 'victims' of the 2015 terrorist attacks [1]
Basically political extremists trying to disguise themselves as environmental activists. Not interesting people, to say the least.
[1] https://www.tellerreport.com/news/2021-01-04-%0A---justice-o...
Or they’re just some college students spouting inconvenient truths ¯\_(ツ)_/¯
Tremendously disappointed.
What’s next? Is ddg selling search data to google?
https://nitter.eu/OnEstLaTech/status/1434575322465382404
Translation: "The company @ProtonMail delivered IPs of climate activists to the police, after which the activists were arrested and searched. ProtonMail claims on its website, however, that it does not store the IP addresses of its users."
Source (in French): https://secoursrouge.org/france-suisse-securite-it-protonmai...
Translation (via Google Translate):
The year 2020 and 2021 was marked by the establishment and repression of a series of occupations in the district of Place Sainte Marthe, in Paris, in order to fight against its gentrification. Some 20 people were arrested, three searches were carried out and several people were sentenced to suspended prison sentences or to fines of several thousand euros (more info here and here). In addition, seven people are on trial in early 2022 for “theft and degradation in assembly and home invasion” following the occupation of a with a file of more than 1000 pages. During the investigation, the police focused on the collective “Youth For Climate”. In particular, they were able to use photos published on Instagram, even if they were blurred because of the clothes.
The police also noticed that the collective communicated via a protonmail email address. They therefore sent a requisition (via EUROPOL) to the Swiss company managing the messaging system in order to find out the identity of the creator of the address. Protonmail responded to this request by providing the IP address and the fingerprint of the browser used by the collective. It is therefore imperative to go through the tor network (or at least a VPN) when using a Protonmail mailbox (or another secure mailbox) if you want to guarantee sufficient security.
(Disclaimer, Protonmail user.)
This is patently false. The first thing they could have done is not hosted their service in a jurisdiction susceptible to these kinds of logging requests, at least not openly. In other words, they could have concealed the location of their services.
Instead, ProtonMail is attempting to have their cake and eat it too: on the one hand, they repeatedly publicize the fact that they have 'Swiss privacy laws' as a selling point, but yet on the other hand when a privacy violation such as this occurs, they claim that their hands are tied because of....Swiss laws.
It's this two-faced behavior that is deplorable.
Where is that ? Which country doesn't have a law that allows authorities to request such information ? I'm not aware of any, at least not among any sufficiently developed countries with useful infrastructures.
ProtonMail lost it's essence to be honest. As soon as my subscription runs out I'm gonna host my own mailserver instead. There are no advantages in using ProtonMail snymore.
I might end up doing the same. I think I'm stubborn enough to pull it off. Personally I got my eye on https://gitlab.com/simple-nixos-mailserver/nixos-mailserver
I've been in the market for a service like protonmail because I'm trying to degoogle. Reading news like this and looking at the price of these services for two accounts has me thinking twice.
But
Configuring logging on a user's IP address information on a private email service for what appears to be a fairly petty crime seems rather like dropping a nuke on an ant, both on the side of the French/Europol LE, and also for Swiss authorities, and then Swiss companies to be responsive to something so petty.
For something this "Organizing a Climate Camp" [1] involved I'd expect at least a serious felony, or a dramatic terrorist incident with loss of life.
If the crimes involved are truly so minor, it raises the spectre of what would they do for an actual serious crime?
I hope I am misreading this......
[1] https://www.liberation.fr/terre/2020/09/27/camp-climat-a-par...
https://www.wired.com/2015/10/mr-robot-uses-protonmail-still...
https://protonmail.com/support/knowledge-base/imap-smtp-and-...
But you are still making an IP connection. JS/no JS is not relevant to this discussion.
try using Tor to create a protonmail account and they require both javascript and a phone number.
yeh yeh client side encryption requires javascript, but seems better to just have an unlinked email that can be read server side and there are plenty of Tor-only email providers for that.
phone number under an "anti-spam" guise is just suspect.
> "Where can I read more about this? What was the alleged crime?"
>> "Organizing a climate camp. Some links (in French)..."
So either something else is missing, or investigations are biasedly heavy handed on these cases?
so today we are redefining what "not logging data" means. it changes meaning when used in the same sentence as the expression "by default". so by default, not logging data is not really not logging data.
we've redefined quite a few things in the past few months. will be interesting to see where we go from here.
Brilliant!
(Quote from the Twitter thread, by same author.)
Yeah, that is the problem. We don't know who, we don't know why, we don't know shit. All we know is that the request took place. We don't know if the request was or is justified. Those who trust police or dislike climate activism might say 'of course' and those who distrust police or like climate activism might say 'of course it wasn't justified'. Meanwhile, police (Europol in this case) are not releasing details for the neutral readers to make up their mind, because they're still fully in the investigation.
I'm very much pro-privacy, and actually I find the environment very important, but I also want to give Europol the benefit of the doubt. So I suspect a climate activist, using Protonmail, might've gone a step or two too far. And if Protonmail just runs some VPS in some other countries, they'll have to abide by the law in these, on top of Swiss law. That a Swiss company has to cooperate with Europol because Europol has mandate in Switzerland is also a no-brainer.
1) Malware scanning services. I noticed that links in my email are sent to a third party to be scanned for malicious content. I never signed up for this service.
2) Mobile phone analytics. Using a third party for mobile analytics known to track users.
3) CDN: using a content delivery network in countries that do not have the same privacy requirements as ProtonMail’s corporate domicile.
Privacy is a gimmick for the company at the very least, a front at the worst. I still use them because I trust other companies even less.
I do not trust protonmail with my privacy. I only use them to sign up for various services, trying to escape the data mining google does.
Not sure I want to support a company that is dishonest however. I'm reaching the bye-bye point myself slowly but surely.
I suppose this would land them in hot water, but there might be something else really clever?
https://runbox.com/why-runbox/privacy-protection/email-priva...
Anonymity (which is different than privacy) is something that can only be achieved in very particular circumstances for a limited time. It always involves work on the part of the person involved, usually ongoing. It isn't something you can just go out and buy. Most people have no need of it most of the time.
So a Swiss company has been apparently forced to provide details of a user who is under investigation by police in another country? I'm curious about the way that actually works, that a Swiss court receives a request from a foreign police force and a private company has no recourse to refuse or appeal the resulting order. Seems a bit weird to me, although I don't know a lot about the legal system there.
Technology people always want to imagine that technology will save/deceive them.
Imagine a situation where some "enemy of the state" is using some "secure" service like "securomail" or similar.
Is it hard to imagine Police/Interpol/KGB coming to the offices of "securomail" and demanding providing IP addresses, no longer encrypting, installing malware for this particular user, etc? Or else all the C-level of "securomail" are "helping the enemy of the state" with all the consequences.
There is always this "5$ wrench human layer" which no technology will protect from.
protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onionHowever, in this case just as in a few other ones before this one, it has become pretty clear to me that ProtonMail's marketing is deceptive at best an in a few cases some of their claims just blatantly not true.
What surprised me most is that when I pointed this out in the past, I was immediately attacked by what appeared to be like Apple-style fanboys, whole would not stand by anyone criticizing ProtonMail.
To this day I'm not so sure if that was just the genuinely zealous behavior of a few deranged individuals, or if it might have been a concerted commercial effort at damage control.
Either way, to me ProtonMail certainly is not what it claims to be (if not explicitly than at least implied). To me it's just another commercial entity trying to make a profit by tapping a relative niche market while convincing gullible people they are something they actually are not, in any way that will make them a bigger profit. Nothing really shocking about that, and mostly just standard behavior for any other modern commercial entity operating within a capitalistic economy.
They don't log IP, but if ordered they have to. They can't choose what criminal cases are sufficient. They have to follow the law.
TLDR:
1. Protonmail received Swiss legal request that was based on proven legal grounds and thus had to comply with.
2. They started monitoring the user's account and informed them that their data was requested. (Informing is required by Swiss law)
3. Only data Protonmail keeps by default is account creation date. Now they also logged the IP of the tracked account.
4. This IP information was given to the Swiss authorities.
5. The Swiss authorities gave this information to Interpol.
What should Protonmail have done differently here?
The web interface is roundcube, but if you just use IMAP, it could work for you.
No custom domains though for sending stuff, catch all redirects obviously work.
Please.
That's the only way to keep this specific part of the decentralised by design, old internet alive.
Do they though? What about even less friendly states?
Why hasn't there been made a Tor-only, store-and-forward, text-only communication app? You'd think this would be a no-brainer for communities that need real private communications.
Also, their VPN...
But here, it's not climate activist. It's people illegally occupying private properties, iow squatting. They do it for political reasons, fine, but it's illegal nonetheless.
Also, I'm a bit surprised that these are climate activist at work here since gentrification (the process they fight against by squatting) is not really a climate issue but more a problem (as I read it) of capitalism.
(now I understand the whole issue down here revolves around disclosure of expected-to-be-protected information, but well, there's a big picture too...)
My bet is this, proton can't actually afford to defend against thousands of court cases, so they comply. They can't afford for their service to look insecure, so theyre selective in divulging how much surveillance they have to comply with.