undefined | Better HN

0 pointstephra4y ago0 comments

So also a proton customer here. "By default we do not keep any IP logs" and this case does not seem like the default? Seems like they were required to by law to log and turn over this specific IP? (Of course I haven't seen the actual case but I would assume that meant a warrant.)

0 comments

18 comments · 3 top-level

polote4y ago· 6 in thread

We do not kill people except the people we kill

I see that you want to protect Protonmail, but if they want to stop being misleading they can just remove the IP log sentence

istingray4y ago

Put "By default we don't keep IP, but may be required to by local laws. We suggest you connect through Protonmail through Tor".

I would much prefer this, as a Protonmail paying customer.

dredmorbius4y ago

Tor helps, but is not especially robust against state-level actors / APTs. An actor running a sufficient number of entry/exit nodes could perform at least some traffic analysis.

Tor is an improvement. It's still a limited tool.

3 more replies

tephraOP4y ago

I mean they are misleading in so far you want them to...

I'm a privacy activist and certainly think that a company should be able to not keep logs. If the law in the country they are in (or area, see for example the data retention directive in the EU) we should of course (and I am) work to change those laws.

It should come as no surprise to anyone who is privacy minded and actively seek out privacy focused services that are located within the EU or Switzerland that your IP (or other information) can be requested with a warrant and that a company is required to hand that over.

pessimizer4y ago

As a privacy activist, what's productive about arguing that protonmail shouldn't need to make a greater effort to pound into their customers' heads exactly what you just explained?

I get that you think people should already know this, but do you feel they should be punished for not already knowing this, and not reminded by a company that markets itself on protecting its users? Protonmail was forced to get an IP address, but they're not forced to keep the fact that they respond to warrants a big secret.

Not everybody who is an activist is a big techie, or even computer-literate.

1 more reply

s1artibartfast4y ago

It's not misleading in that many services do keep records by default. If people don't understand what default means, they should grow their understanding, not be outraged that their uninformed opinion was wrong.

istingray4y ago

Default means "we do whatever the fuck we want, any assumptions are your fault"

1 more reply

istingray4y ago· 5 in thread

If this doesn't matter, what's important for you about being a Protonmail customer?

(also a paying Protonmail customer)

neltnerb4y ago

That your emails are supposedly stored encrypted, that if other services support it end-to-end email encryption supposedly can be enabled easily, and that supposedly you cannot be served targeted ads because they cannot read the contents of your email (not that they have ads anyway).

Of course Protonmail is accessible via Tor. Not that you should need to do that to remain private.

vntok4y ago

> That your emails are supposedly stored encrypted, that if other services support it end-to-end email encryption supposedly can be enabled easily, and that supposedly you cannot be served targeted ads because they cannot read the contents of your email (not that they have ads anyway).

Gmail does all of this for free though, right?

1 more reply

COGlory4y ago

End-to-end encrypted emails, not massive collection of metadata to build advertising profiles, and, maybe this will sound strange, but I wanted to pay for these services because I want to show everyone that there is a paying market and you don't have to rely on advertising to be profitable in this space.

No service is capable of completely hiding IPs and still getting you the data. If you "threat model" includes hiding from Western governments, I'd recommend not using the internet.

tephraOP4y ago

I never said it didn't matter. I think the data retention laws and for what crimes the police are able to get certain warrants in the EU and Switzerland can be better.

But that is not a proton issue that is an issue with our current governments.

istingray4y ago

Ah I see. It's an issue for my use of Protonmail, in that I may cancel and move to another vendor who is more forthright. Here's what I would expect my future vendor to say about this:

"Hey, we respect your needs. However, we have to tell you that you should treat us as a bit of an adversary. We will do what we can as a private company, but ultimately we can be compelled by the government, rogue employee, or if somehow we get hacked. This is the case for any company no matter what they promise or avoid telling you. We do tell you. As our customer, here's what we recommend you do: Use Tor, fund open source, vote, etc."

1 more reply

jonas214y ago· 4 in thread

As a user, I'd take that to mean that they wouldn't keep any IP logs unless I turned logging on. I wouldn't expect that they would enable logging on their own.

Interestingly, ProtonMail's privacy policy lists a number of cases in which they may log your IP address permanently (including if you breach their Terms and Conditions). But a request from law enforcement is not one them.

chrisshroba4y ago

Use of the service for any “unlawful or prohibited activities” violates the TOS, so if law enforcement has evidence of that (which they may), then PM has a clear right to log IP.

adsche4y ago

Is that so? I thought, if one violates the TOS, the other side may terminate the service. I did not know they then had the automatic right to then log data suitable for tracking and identification.

woko4y ago

A user with the intent to engage in unlawful activities should read the terms of services in full. If that user only reads the homepage of the service, without understanding the implication of each word, and does not bother to review the terms in details, that is on him.

Moreover, I would like to point out that ProtonMail is about encryption of email *content*. It is foolish to expect more from them. They won't protect your identity: law enforcement can know who you are and who you communicate with, but they cannot know the content of your emails (if you recipient uses encryption services as well).

AmericanChopper4y ago

I understand it to mean they can enable IP logging for a mailbox in response to a court order.

j / k navigate · click thread line to collapse

0 comments

18 comments · 3 top-level

polote4y ago· 6 in thread

We do not kill people except the people we kill

I see that you want to protect Protonmail, but if they want to stop being misleading they can just remove the IP log sentence

istingray4y ago

Put "By default we don't keep IP, but may be required to by local laws. We suggest you connect through Protonmail through Tor".

I would much prefer this, as a Protonmail paying customer.

dredmorbius4y ago

Tor helps, but is not especially robust against state-level actors / APTs. An actor running a sufficient number of entry/exit nodes could perform at least some traffic analysis.

Tor is an improvement. It's still a limited tool.

3 more replies

tephraOP4y ago

I mean they are misleading in so far you want them to...

pessimizer4y ago

As a privacy activist, what's productive about arguing that protonmail shouldn't need to make a greater effort to pound into their customers' heads exactly what you just explained?

Not everybody who is an activist is a big techie, or even computer-literate.

1 more reply

s1artibartfast4y ago

istingray4y ago

Default means "we do whatever the fuck we want, any assumptions are your fault"

1 more reply

istingray4y ago· 5 in thread

If this doesn't matter, what's important for you about being a Protonmail customer?

(also a paying Protonmail customer)

neltnerb4y ago

Of course Protonmail is accessible via Tor. Not that you should need to do that to remain private.

vntok4y ago

Gmail does all of this for free though, right?

1 more reply

COGlory4y ago

No service is capable of completely hiding IPs and still getting you the data. If you "threat model" includes hiding from Western governments, I'd recommend not using the internet.

tephraOP4y ago

I never said it didn't matter. I think the data retention laws and for what crimes the police are able to get certain warrants in the EU and Switzerland can be better.

But that is not a proton issue that is an issue with our current governments.

istingray4y ago

Ah I see. It's an issue for my use of Protonmail, in that I may cancel and move to another vendor who is more forthright. Here's what I would expect my future vendor to say about this:

1 more reply

jonas214y ago· 4 in thread

As a user, I'd take that to mean that they wouldn't keep any IP logs unless I turned logging on. I wouldn't expect that they would enable logging on their own.

chrisshroba4y ago

Use of the service for any “unlawful or prohibited activities” violates the TOS, so if law enforcement has evidence of that (which they may), then PM has a clear right to log IP.

adsche4y ago

Is that so? I thought, if one violates the TOS, the other side may terminate the service. I did not know they then had the automatic right to then log data suitable for tracking and identification.

woko4y ago

AmericanChopper4y ago

I understand it to mean they can enable IP logging for a mailbox in response to a court order.

j / k navigate · click thread line to collapse