WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

1.3K

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.

The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account.

On its website, ProtonMail advertises that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first."

Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by requests from non-Swiss law enforcement authorities, it will be required to do so if Swiss agencies agree to assist foreign services such as Europol in their investigations.

"There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case)," the company said in a lengthy response posted on Reddit.

Put simply, ProtonMail will not only have to comply with Swiss government orders, it will be forced to hand over data when individuals use the service to engage in activities that are deemed illegal in the country.

"Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we're required by Swiss law to answer requests from Swiss authorities," ProtonMail founder and CEO Andy Yen tweeted, adding "It's deplorable that legal tools for serious crimes are being used in this way. But by law, [ProtonMail] must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced."

If anything, ProtonMail users who are concerned about the visibility of their IP addresses should use a VPN or access the email service over the Tor network for additional anonymity.

"The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used)," the company said.

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account. On its website, ProtonMail advertises that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first." Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by requests from non-Swiss law enforcement authorities, it will be required to do so if Swiss agencies agree to assist foreign services such as Europol in their investigations. "There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case)," the company said in a lengthy response posted on Reddit. Put simply, ProtonMail will not only have to comply with Swiss government orders, it will be forced to hand over data when individuals use the service to engage in activities that are deemed illegal in the country. "Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we're required by Swiss law to answer requests from Swiss authorities," ProtonMail founder and CEO Andy Yen tweeted, adding "It's deplorable that legal tools for serious crimes are being used in this way. But by law, [ProtonMail] must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced." If anything, ProtonMail users who are concerned about the visibility of their IP addresses should use a VPN or access the email service over the Tor network for additional anonymity. "The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used)," the company said.

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (78).
[–] 11 pts

That place was taken over by Israeli intelligence shortly after they went live.

Stay away. Far away.

[–] [deleted] 7 pts

Well this is disturbing beings that I started using Protonmail last year and got rid of everything Google and/or Gmail.

[–] 4 pts

Once you release everything is jewed and you have a hardware back door into your computer no matter what you use you can just move on and stop giving a shit.

If they wanted to get you they'd just upload illegal shit to your computer anyway.

[–] 2 pts

I have been using privatemail. I have no idea if they are any better but I chose them because I have been using torguard as a VPN for a while. I picked them because they didn't advertise as heavily as the others.

[–] 1 pt

I was just about to do the same thing. Very disappointed.

[–] 0 pt

>Go to google or freeshitmail, or better, run your own mail server from your home goy! But don't ever use protonmail, ever!

Fuck off

[–] 0 pt

Do you think tutanota is any good or are there no secure email providers and you have to roll your own?

I understand there are too many layers to trust, we didn't make the hardware, write the firmware, OS, etc. but the only alternative seems to be to go neo-luddite.

[–] 3 pts (edited )

I don't think there are any safe alternatives for e-mail. Snail mail is only secure because they need a warrant to open a letter.

Run your own e-mail server at home is about the only secure option but email rolls over public networks.

Exchange PGP keys with those you converse with and run your own server. I still think the NSA can read anything they want.

[–] 0 pt (edited )

Run your own e-mail server at home is about the only secure option

It's not, especially if you're new to this, needless to mention the fact that it points directly at your physical "home"

Let's be serious here, you want some sort of anonymity on the network you access the network through means that aren't directly tied to your bank account at one point or another other for a start. The internet connection you use isn't attached to your credit card (or anyone's credit card/bank account related to you), the machine you use hasn't been bought with your credit card, your name isn't attached to it and you don't use that machine with anything attached to your credit card

From there even if you still can be seen on the network as a connected machine, your IP and MAC addresses and geolocation or whatever, aren't directly pointing at your identity

The hardest part is the connection, until no one can buy anything without a credit card of course

[–] 0 pt

The FBI doing an old fashioned mail cover? No agent has been assigned to do that in 25 years.

[–] 2 pts

Your best bets are obfuscation by proliferation (simply using normie mass email services like Gmail and keep changing addresses) or use disposable services like Guerrilla Mail that achieve the same result but will self destruct after use. Secure email providers are a meme and Proton Mail was compromised ages ago.

[–] 3 pts

The Gmails all end up getting linked together. The second you sign in from another device or even IP it throws warnings and wants verification. Before you know it your google account has 5 email addresses in it.

[–] 0 pt

disposable email addresses are frequently blacklisted, and their self destructing nature means their not exactly that good for communication either.

[–] 1 pt

The problem with roll your own is that you will never know if you have been compromised. You lack the sophisticated counter measures and detection systems that a quality commercial operation has. Even they have a hard time of it and they spend all day every day looking for it. You dont have the time for it. So your home brew email system is even more compromised than a commercial system.

[–] 0 pt

Yeah my thoughts exactly, and that's without even mentioning being blacklisted by other email services because blah

[–] 1 pt (edited )

I use several VPNs (one for a group of sites, another for another group, etc) and I looked into starting my own but when I started to look into my requirements I realized none of them were capable of providing those nor am I smart enough to walk through the code of an entire Linux distro to make the code removals.

Assuming Linux as the OS:

For example, no logging. Proton was probably just disabling logging at the daemon level (turn off syslog). My requirement would be to remove the entire code base for syslog and recompile Linux so the OS has no idea how to log anything. Then you have the TCP/IP code, which by design is not secure. That has to be changed to prevent security tools from working. They can use microscopes and physically recreate data from a hard disk. So there's another code base to change. The list of requirements starts growing pretty quick. Even if you manage to run your entire VPN from a CD-ROM with no way of storing logs or data you still have RAM that can be reviewed. RAM chips can be kept alive with low voltage.

[–] [deleted] 0 pt

Smoke signals and encoded clicking noises work the best.

[–] 0 pt

What actual private email alternatives even exist at this point?

[–] 2 pts

Nothing involving the public internet, and even private networks are suspect these days.

[–] 0 pt

There isn't any. Even if you solve end to end secure communications you still run the risk of targeted malware. Suppose your group ends up recruiting an informer. A PDF or JPG file, once opened, can attempt to access your system and lay dormant for weeks or longer and then attempt to access the internet without the system owner suspecting anything. The Chinese do that shit every day. I would say 90% of malware comes from email.

Groups need to develop secure communications and good memories instead of relying on the internet except with necessary.

[–] 0 pt

Your own mail server.

[–] 4 pts

Traces back to you by it's very nature, doesn't aggregate anything to obfuscate.

[–] 0 pt

Chinese or Russian email servers if you dont live in those countries and live somwhere USA friendly. The hate between USA and China/Russia keeps your data away from USA government.

[–] 0 pt

The old reliable: https://lavabit.com/signup.html This one looks good on paper, but needs further research: https://ctemplar.com/ Beyond these, a search on the Darknet would be in order.

[–] 0 pt

theres no such thing, the internet was never designed with privacy in mind(it is essentially a glownigger project from the very begginning after all) and so even a company that genuinely wants to offer a secure service cant do it.

the only way to do anything approaching true anonymity is to do what the sandniggers do and communicate in fortnite rooms