WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

1.4K

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.

The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account.

On its website, ProtonMail advertises that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first."

Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by requests from non-Swiss law enforcement authorities, it will be required to do so if Swiss agencies agree to assist foreign services such as Europol in their investigations.

"There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case)," the company said in a lengthy response posted on Reddit.

Put simply, ProtonMail will not only have to comply with Swiss government orders, it will be forced to hand over data when individuals use the service to engage in activities that are deemed illegal in the country.

"Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we're required by Swiss law to answer requests from Swiss authorities," ProtonMail founder and CEO Andy Yen tweeted, adding "It's deplorable that legal tools for serious crimes are being used in this way. But by law, [ProtonMail] must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced."

If anything, ProtonMail users who are concerned about the visibility of their IP addresses should use a VPN or access the email service over the Tor network for additional anonymity.

"The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used)," the company said.

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account. On its website, ProtonMail advertises that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first." Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by requests from non-Swiss law enforcement authorities, it will be required to do so if Swiss agencies agree to assist foreign services such as Europol in their investigations. "There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case)," the company said in a lengthy response posted on Reddit. Put simply, ProtonMail will not only have to comply with Swiss government orders, it will be forced to hand over data when individuals use the service to engage in activities that are deemed illegal in the country. "Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we're required by Swiss law to answer requests from Swiss authorities," ProtonMail founder and CEO Andy Yen tweeted, adding "It's deplorable that legal tools for serious crimes are being used in this way. But by law, [ProtonMail] must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced." If anything, ProtonMail users who are concerned about the visibility of their IP addresses should use a VPN or access the email service over the Tor network for additional anonymity. "The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used)," the company said.

(post is archived)

[–] 2 pts

Yeah that reads like it might be the case especially with how they responded in the reddit thread. I'm watching it to see how they respond but Proton also said they notify the user when their data is requested as that is Swiss law too.

[–] 2 pts

To be fair you only have to log in to view the mail one time and they'll have the IP information. That's how they got one of the lulzsec hackers on irc.

So proton sends an email to inform someone that their IP is being requested at the same time they start logging the IP and by the time the person logs in and views the email they are fucked.

[–] 0 pt

Unless the person has started using a VPN and/or the Tor version of Protonmail and never logs in without it.

Proton is saying the laws that "forced" their hand on email don't exist in Switzerland for VPNs. Of course that could change though.

[–] 0 pt (edited )

They say you can use their own email service to register to the VPN service but that's a weakness because now one entity can harvest data from your email messages and vpn browsing history if they have to and your VPN provider can see your real IP Address, your payment methods...