WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

626

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.

The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account.

On its website, ProtonMail advertises that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first."

Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by requests from non-Swiss law enforcement authorities, it will be required to do so if Swiss agencies agree to assist foreign services such as Europol in their investigations.

"There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case)," the company said in a lengthy response posted on Reddit.

Put simply, ProtonMail will not only have to comply with Swiss government orders, it will be forced to hand over data when individuals use the service to engage in activities that are deemed illegal in the country.

"Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we're required by Swiss law to answer requests from Swiss authorities," ProtonMail founder and CEO Andy Yen tweeted, adding "It's deplorable that legal tools for serious crimes are being used in this way. But by law, [ProtonMail] must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced."

If anything, ProtonMail users who are concerned about the visibility of their IP addresses should use a VPN or access the email service over the Tor network for additional anonymity.

"The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used)," the company said.

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account. On its website, ProtonMail advertises that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first." Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by requests from non-Swiss law enforcement authorities, it will be required to do so if Swiss agencies agree to assist foreign services such as Europol in their investigations. "There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case)," the company said in a lengthy response posted on Reddit. Put simply, ProtonMail will not only have to comply with Swiss government orders, it will be forced to hand over data when individuals use the service to engage in activities that are deemed illegal in the country. "Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we're required by Swiss law to answer requests from Swiss authorities," ProtonMail founder and CEO Andy Yen tweeted, adding "It's deplorable that legal tools for serious crimes are being used in this way. But by law, [ProtonMail] must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced." If anything, ProtonMail users who are concerned about the visibility of their IP addresses should use a VPN or access the email service over the Tor network for additional anonymity. "The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used)," the company said.

(post is archived)

[–] 11 pts

That place was taken over by Israeli intelligence shortly after they went live.

Stay away. Far away.

[–] [deleted] 7 pts

Well this is disturbing beings that I started using Protonmail last year and got rid of everything Google and/or Gmail.

[–] 4 pts

Once you release everything is jewed and you have a hardware back door into your computer no matter what you use you can just move on and stop giving a shit.

If they wanted to get you they'd just upload illegal shit to your computer anyway.

[–] 2 pts

I have been using privatemail. I have no idea if they are any better but I chose them because I have been using torguard as a VPN for a while. I picked them because they didn't advertise as heavily as the others.

[–] 1 pt

I was just about to do the same thing. Very disappointed.

[–] 0 pt

>Go to google or freeshitmail, or better, run your own mail server from your home goy! But don't ever use protonmail, ever!

Fuck off

[–] 0 pt

Do you think tutanota is any good or are there no secure email providers and you have to roll your own?

I understand there are too many layers to trust, we didn't make the hardware, write the firmware, OS, etc. but the only alternative seems to be to go neo-luddite.

[–] 3 pts (edited )

I don't think there are any safe alternatives for e-mail. Snail mail is only secure because they need a warrant to open a letter.

Run your own e-mail server at home is about the only secure option but email rolls over public networks.

Exchange PGP keys with those you converse with and run your own server. I still think the NSA can read anything they want.

[–] 0 pt (edited )

Run your own e-mail server at home is about the only secure option

It's not, especially if you're new to this, needless to mention the fact that it points directly at your physical "home"

Let's be serious here, you want some sort of anonymity on the network you access the network through means that aren't directly tied to your bank account at one point or another other for a start. The internet connection you use isn't attached to your credit card (or anyone's credit card/bank account related to you), the machine you use hasn't been bought with your credit card, your name isn't attached to it and you don't use that machine with anything attached to your credit card

From there even if you still can be seen on the network as a connected machine, your IP and MAC addresses and geolocation or whatever, aren't directly pointing at your identity

The hardest part is the connection, until no one can buy anything without a credit card of course

[–] 0 pt

The FBI doing an old fashioned mail cover? No agent has been assigned to do that in 25 years.

[–] 2 pts

Your best bets are obfuscation by proliferation (simply using normie mass email services like Gmail and keep changing addresses) or use disposable services like Guerrilla Mail that achieve the same result but will self destruct after use. Secure email providers are a meme and Proton Mail was compromised ages ago.

[–] 3 pts

The Gmails all end up getting linked together. The second you sign in from another device or even IP it throws warnings and wants verification. Before you know it your google account has 5 email addresses in it.

[–] 0 pt

disposable email addresses are frequently blacklisted, and their self destructing nature means their not exactly that good for communication either.

[–] 1 pt

The problem with roll your own is that you will never know if you have been compromised. You lack the sophisticated counter measures and detection systems that a quality commercial operation has. Even they have a hard time of it and they spend all day every day looking for it. You dont have the time for it. So your home brew email system is even more compromised than a commercial system.

[–] 0 pt

Yeah my thoughts exactly, and that's without even mentioning being blacklisted by other email services because blah

[–] 1 pt (edited )

I use several VPNs (one for a group of sites, another for another group, etc) and I looked into starting my own but when I started to look into my requirements I realized none of them were capable of providing those nor am I smart enough to walk through the code of an entire Linux distro to make the code removals.

Assuming Linux as the OS:

For example, no logging. Proton was probably just disabling logging at the daemon level (turn off syslog). My requirement would be to remove the entire code base for syslog and recompile Linux so the OS has no idea how to log anything. Then you have the TCP/IP code, which by design is not secure. That has to be changed to prevent security tools from working. They can use microscopes and physically recreate data from a hard disk. So there's another code base to change. The list of requirements starts growing pretty quick. Even if you manage to run your entire VPN from a CD-ROM with no way of storing logs or data you still have RAM that can be reviewed. RAM chips can be kept alive with low voltage.

Smoke signals and encoded clicking noises work the best.

[–] 0 pt

What actual private email alternatives even exist at this point?

[–] 2 pts

Nothing involving the public internet, and even private networks are suspect these days.

[–] 0 pt

There isn't any. Even if you solve end to end secure communications you still run the risk of targeted malware. Suppose your group ends up recruiting an informer. A PDF or JPG file, once opened, can attempt to access your system and lay dormant for weeks or longer and then attempt to access the internet without the system owner suspecting anything. The Chinese do that shit every day. I would say 90% of malware comes from email.

Groups need to develop secure communications and good memories instead of relying on the internet except with necessary.

[–] 0 pt

Your own mail server.

[–] 4 pts

Traces back to you by it's very nature, doesn't aggregate anything to obfuscate.

[–] 0 pt

Chinese or Russian email servers if you dont live in those countries and live somwhere USA friendly. The hate between USA and China/Russia keeps your data away from USA government.

[–] 0 pt

The old reliable: https://lavabit.com/signup.html This one looks good on paper, but needs further research: https://ctemplar.com/ Beyond these, a search on the Darknet would be in order.

[–] 0 pt

theres no such thing, the internet was never designed with privacy in mind(it is essentially a glownigger project from the very begginning after all) and so even a company that genuinely wants to offer a secure service cant do it.

the only way to do anything approaching true anonymity is to do what the sandniggers do and communicate in fortnite rooms

[–] 11 pts

What a circular talking faggot. "We don't keep IP logs, but must comply with the law by handing over the IP logs we said we don't keep". I was considering ponying up for their VPN too.

[–] 5 pts

I took it to mean they can be forced to start recording IPs of users of accounts flagged by law enforcement.

[–] 2 pts

Yeah that reads like it might be the case especially with how they responded in the reddit thread. I'm watching it to see how they respond but Proton also said they notify the user when their data is requested as that is Swiss law too.

[–] 2 pts

To be fair you only have to log in to view the mail one time and they'll have the IP information. That's how they got one of the lulzsec hackers on irc.

So proton sends an email to inform someone that their IP is being requested at the same time they start logging the IP and by the time the person logs in and views the email they are fucked.

[–] 2 pts

Precisely. Ever corporation that exists in a legal jurisdiction is subject to that jurisdiction.

[+] [deleted] 0 pt
[–] 7 pts

"By default," they don't keep any logs, but once they get a subpoena they change that default.

[–] 4 pts

All the well known privacy things are actually honeypots.

There is a CHANCE some small service you stumble upon might be legit but anything that Google ads or most websites let advertise is guaranteed to be a honeypot.

[–] 1 pt

I already thought that myself. Everything that is being heavily promoted is suspicious. And after inspection if their staff practices look like the other homoglobo corporations it's another giveaway.

[–] 0 pt

Any that aren't will be offered large sums of money to become a honeypot. It's a clever scheme: let the people who are the most threatening self-identify by using these services.

[–] 0 pt

including all the VPNS that halfwits on this site smugly brag about using

[–] 4 pts

"activist"

A bunch of squatting commies stealing other people's real property and illegally pirating the electrical grid. Dangerous and theft.

[–] 3 pts

They don’t log stuff “by default” doesn’t mean they won’t implement something just for you if the laws in their region demand it.

[–] 0 pt

Frankly this sounds great if you are a normalfag who lives under the radar and doesn’t plan to commit any crime using the service. At least under Swiss Law as applied currently.

If you are already on a list and/or are planning to commit a crime using email, it's like painting a glow in the dark target on your ass.

[–] 0 pt

Uhhh, you kinda missed the point captain genius. Try to keep up.

[–] 2 pts

Ironic becauses in their latest newsletter ...

Dear Proton community,

During the summer we have focused on developing more features and making changes to ProtonMail and ProtonVPN to make them both smarter, faster, and more responsive to the needs of the Proton community. We’re committed to not only creating a better internet that is private by default but that also makes your life easier wherever in the world you live.

This newsletter covers:

ProtonMail gets smarter

New VPN Accelerator: ProtonVPN is faster than ever

OpenVPN/Alternative routing: Fighting censorship in real time

A discussion with Carissa Véliz, author of the book Privacy is Power

Explaining proposed Big Tech regulation bills in the US Congress

Proton for Business

[–] 2 pts

What did the bad acticists do?

Did they post one "it's ok to be white" sticker on a trash can?

[–] 1 pt

Left wing commie squatters who start riots.

[–] 2 pts

Yes, access it using Tor's CIA servers.

[–] 1 pt

They have been shit for years. Years.

[–] 1 pt

If you are going to go through the trouble of setting up encrypted email, why would you not be using a VPN?

[–] 1 pt

ProtonVPN is another service they have and your VPN provider always knows your real IP Address.

Load more (7 replies)