Elijah WaxwingMay 7, 2024

Protonmail is cop friendly. Any reasonable privacy aware email provider would hash the secondary email, not store it as cleartext. I implemented secondary email hashing for Riseup to prevent exactly this thing, over a decade ago.

https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/

Proton Mail Discloses User Data Leading to Arrest in Spain

Proton Mail came under scrutiny for its role in a legal request by the Spanish authorities leading to the identification and arrest of a user.

RestorePrivacy
Show threadElijah WaxwingMay 7, 2024
Also, WTF logging IP addresses?! I don't know about Swiss law, but at least in the US if you design your system so that you can't gather certain data you can't be compelled to re-engineer it to gather that data just because the cops want it. That is what the whole FBI versus Apple case was about, and the FBI backed down rather than lose in court
Show threadProtonMay 9, 2024

@elijah IP addresses are not logged by default, and you can see when they are in our Privacy Policy: https://proton.me/legal/privacy

Nothing has been reengineered - this is how it's always worked, and we have been transparent about it since we started in 2014: https://proton.me/blog/protonmail-threat-model

You may be referring to Proton VPN, which is a completely no-logs service: https://protonvpn.com/blog/transparency-report

Privacy Policy | Proton

Proton's privacy policy covering Proton Mail, Calendar, Pass, Drive, Wallet, VPN and Proton Business. Learn how we securely handle and protect your data.

Proton
Show threadElijah Waxwing
@protonprivacy Your policy states "IP logs may be kept temporarily to combat abuse and fraud"... How exactly is someone accused of leaking information to the Catalan independence movement committing "abuse or fraud"? Oh, is anything "illegal" abuse of your service? Good to know
May 9, 2024 at 6:30pmWeb
Show threadProtonMay 10, 2024
@elijah Note that, in this case, no IP addresses have been shared (and we didn't have any to share, because IP addresses are not logged by default, as explained above). Regarding the definition of service abuse, it's laid out in our Terms of Service: https://proton.me/legal/terms
Terms of Service | Proton

Terms of Service for using the proton.me website and your Proton Account, including Proton Mail, Proton Contacts, Proton Calendar, and Proton Drive.

Proton
Show threadElijah WaxwingMay 11, 2024
@protonprivacy so you agree that you share logged IP addresses for purposes other than fraud & abuse but just not this particular time? Or are you claiming this article is wrong? The core problem is that Proton claims jurisdictional arbitrage but in reality almost any jurisdiction is better than Switzerland
Show threadProtonMay 11, 2024

@elijah Swiss jurisdiction remains superior when it comes to privacy protection, as we have discussed with our community e.g. here: https://www.reddit.com/r/IAmA/comments/10y49ln/comment/j7w6kx4/ and here: https://www.reddit.com/r/IAmA/comments/10y49ln/comment/j7w7pbh/

Email privacy in particular, is better protected since our court victory in 2021: https://proton.me/blog/court-strengthens-email-privacy

Login IP addresses are simply not logged by default, and, no, they have not been logged in this particular case either.

Show threaddivergencyMay 11, 2024
@protonprivacy @elijah do you like working here, Proton person? Defending pieces of shit that would gave all of your information and identity, if government just asked?