Heads up, ProtonMail users: Some of their claims about privacy may be more marketing than truth.
Climate activist arrested after ProtonMail provided his IP address
https://news.ycombinator.com/item?id=28427259
Proton's response, and criticism thereof:
https://protonmail.com/blog/climate-activist-arrest/
https://news.ycombinator.com/item?id=28433601
#cososec
nosanitize
@voltronic that's a BIG OOOOF!
@voltronic
I just signed up to proton mail for my music bookings. The free version is plenty for that and it's superb!
Next stop, VPN, which I will get to as soon as I can afford to contribute. I want to pitch in.
@stueytheround
I've been using ProtonMail for quite a while and I really like it. This story is not a great look, however.
@heyrhiannon
I posted that above; it's in the second HN thread link. Their response makes this worse, because it contains more marketing-speak to save face.
@voltronic It is concerning. Their reputation is based on personal security. @heyrhiannon
@voltronic @heyrhiannon @stueytheround their response is literally them explaining why they did it, why they had to do it, and pointed to their transparency reports.
How is this worse?
They have to comply with swiss law, and they had no way to fight this particular order. According to their reports, they DO fight orders. The guy in question was posting his exploits publically, and was identified. I don't agree with it, but PM was ordered to log his IP via a legal court order.
@voltronic TBH. A company has to comply with existing laws. and it seems that if the User was using a VPN account this wouldn't happen.
Protonmail link is busted
But I found this on Reddit
And the link they posted in that comment for more info is this (which I think is the link you posted hat was broken):
https://protonmail.com/blog/climate-activist-arrest/
nosanitize
Sounds like they had no legal way to resist, and the bar for this request is much higher than in most legal jurisdictions, and like someone else said, this wouldn’t have happened if they had been using a VPN, because it is technically impossible for an email client on its own to not know IP’s that access/use it, and it’s proportionate to request info on a particular user.
VPN’s are different, they’d have to log every IP, so that is legally considered disproportionate.
^ Since those HN threads are asking about alternatives, I should mention that I also have an account at https://dismail.de which is a one-person operation on Germany. They have a variety of services besides email, such as an XMPP server supporting OMEMO encryption.
This comparison chart at Dismail shows you a lot of security and privacy information for various email providers, including Proton.
https://dismail.de/serverlist.html