Adrianna TanFor all the Proton fans
Campbell Jones@skinnylatte I jumped off of them for unrelated reasons. This just reinforces my decision.
k3ym𖺀@serebit @skinnylatte unless you’re planning on self hosting there is literally no other email service you could jump to that hasn’t done the same thing.
@k3ym0 @skinnylatte I mean yeah, but I'll put it this way: Proton sells its service on how unbelievably private it is and how they'd never give away your identity. When they turn around and do it, it stings far more than another company who never made those promises doing the same. Kinda like Target and DEI: it was a complete 180 from the way they'd sold their brand.
@serebit @skinnylatte what got him was paying for his “anonymous” account with his Platinum Visa like a normie buying socks on Amazon.
Proton handed over the payment identifier, Swiss authorities passed it to the FBI, and suddenly your anonymity has a name on it.
if you’re not paying with Monero or cash, you don’t have an anonymous email. you have encrypted email with a billing address. those are very different things.
Carl_This really should be front and centre of the discussion. They complied with a valid Swiss court order, as stated on their ToS.
The account holders opsec is the issue if they required full anonymity (possible? Another discussion).
This whole thing is the same as the statement "Your VPN provider won't go to jail for your $5".
If they were served with an administrative warrant from an out of jurisdiction LEA and complied, then WAY more to be upset over.
HTPC NZ@chroma0 @k3ym0 @serebit @skinnylatte exactly, why is it so hard for people to undertsnd this? guess from a US lens they look at it, oh my local cop without even a magistrate warrent got everything from the us corp, so court orders in another county holds the same weight as that email the cop sent through.
Nathan A. Stine@chroma0 @k3ym0 @serebit @skinnylatte the disconnect here is that people think proton is offering something it has never claimed to offer. They will obey all warrants issued to them under Swiss law. They will hand over all personal data they have on you. They have never said otherwise. It is incumbent on the user to give them a minimum of personal info.
Proton sells an email service with messages they can't decrypt. They do not sell anonymity.
David Penfold 
@stinerman @chroma0 @k3ym0 @serebit @skinnylatte
They tried to sell it as that until the French environmental activists got dobbed in. Now it's just services like VPN they sell as being anonymised.
I knew about the Swiss law in 2015 when I binned a privacy-oriented Swiss document management system (for many reasons, including this).
It's not incumbent on the user to have to cloak their IP address. Use Tuta instead. Why can't Proton just not log this information?
@davep @chroma0 @k3ym0 @serebit @skinnylatte
Proton doesn't log IP addresses. In the case Adrianna is referencing, they had to give the info of the payment processor to the Swiss authorities, who gave it to the FBI, who got the identity of the user.
Use Tuta all you want. People should! I guarantee that they will follow German/EU law when served with a legal request.
@stinerman @chroma0 @k3ym0 @serebit @skinnylatte
Interesting re the French activisits, "ProtonMail explicitly says it will be forced to log and hold users’ IP addresses if they are found to be in violation of Swiss laws."
So I guess they could potentially be forced to do the same for VPN users etc.
ProtonMail caves in to French authorities’ demands for user IP addresses
Encrypted email website ProtonMail passes user’s IP address to French authorities, leading to arrest of climate activistA French climate activist has been arrested after the private email service ProtonMail cooperated with authorities after a court ruling, logging details of a user before providing it to the police to identify a French citizen.On Monday, Andy Yen, the founder and CEO of Proton, the company behind the Swiss email provider ProtonMail,
@stinerman @chroma0 @k3ym0 @serebit @skinnylatte
Also, "In his statement, Yen said that the contents of the arrested person’s emails are encrypted and could not be accessed, even by Proton. Under Swiss law, email and VPN (virtual private network) services are treated differently, Yen wrote, claiming that sister company ProtonVPN cannot be compelled to log user data and hand it over to the relevant authorities."
It would be interesting to see whether the law specifically applies to email and not VPN services. It seems an odd distinction to make.
@davep @stinerman @chroma0 @serebit @skinnylatte Tuta and Proton have the exact same policy on logging IP addresses:
Tuta: "By default, we don’t record IP addresses of our users. Therefore, IP addresses can only be recorded for a single user account after we received a valid German court order for a real time monitoring (TKÜ), but not for the past."
https://tuta.com/blog/transparency-report#guide-to-types-of-requested-data
Proton: "From time to time, Proton may be legally compelled to disclose certain user information to Swiss authorities, as detailed in our Privacy Policy. This can happen if Swiss law is broken. As stated in our Privacy Policy, all emails, files and invites are encrypted and we have no means to decrypt them."
William PietriI just looked at their front page and their signup flow. The big print says "Secure email that protects your privacy", and I don't see anything saying, "Oh, but pay us in cash if you really want that." I think it's reasonable that users expect their privacy to be protected. (I also think it's reasonable that people who know the domain deeply scoff at that, because they know better. But definitionally, most people don't know what experts know.)
@chroma0 @k3ym0 @serebit @skinnylatte The out of jurisdiction LEAs will just go via a Swiss judge and they have to comply. The question is why they're logging IP addresses etc.