Apart from it’s an old story, discussed already back and forth, Proton’s claims regarding privacy are really weak. Especially when it comes to presenting Switzerlamd as a privacy safehaven. Switzerland is a tax evasion savehaven, not a privacy safehaven, Proton. How Proton puts it: we provide world class privacy (but have to break our claims and comply with Swiss law immediately once there is a legitimate or not request from law enforcement, oepsie sorreyy!)
Why is this a surprise? IP Logging is pretty normal for any service.
2.5 IP logging: by default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our Terms of Service (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities. If you enable authentication logging for your Account or voluntarily participate in Proton’s advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.
Source: Their privacy policy.
That’s some funny language around “May be obtained permanently” though. Is this minority report? Do they know ahead of time that someone is going to violate their TOS?
That said, I’m not totally against proton mail. It’s a lot better than other free alternatives. Of which there are few left. I’m sure Gmail tracks the IP of your rectum.
This seems necessary if they’re to maintain an IP ban list. You shouldn’t just be able to unban yourself by submitting an information deletion request.
I would rather they have funny language in their privacy policy opposed to mandatory logging, they have to cover themselves legally as well so they got to utilize legal-ise so they aren’t sued into the dirt.
I’m sure Gmail tracks the IP of your rectum.
I bet Google predicted you would say that!
Proton are very open about what they do and don’t provide.
They’re not going to protect you and they will turn on you the second they get a letter in the mail or a text from the cops.
But what they DO provide is the ability to register an email address (with a domain that isn’t blocked by most services) without providing any other information. And, from there, you can encrypt it yourself if it is a particularly sensitive message.
As for IP logging? if only there were tools like VPNs and Tor to negate that.
In most cases, they fight tooth and nail and use their own lawyers if necessary
Did they in this case?
Proton needs to get its head out of its ass and fire Andy already, grow a pair and get off Reddit and back onto Mastodon and face the backlash like actual adults.
I dont really blame Proton for this. Accessing anything on the internet on a clear connection and not through a VPN or TOR makes it your own damn fault when you get identified.
Victim blaming at its finest!
So Protonmail was required to log the IP of the user after being ordered to via the proper international Swiss legal channeks, per Swiss/Europol law. And at some point recently, Protonmail thus removed the copy from their frontpage that advertised never tracking IPs.
What the article doesn’t really explain, is what exactly changed about Swiss or euro law? And when? What rules or acts have sprung up that made this possible? Or, was this always something that was possible that has only just now made precedent?
It’s important to hold accountable the named individuals who are harming individual security, safety, and trust in this manner so that they can be prevented from continuing to do so.
Then what makes a privacy oriented service different from others when they can open a backdoor for government? The thing is government wants control and they will change laws for exactly that. What Proton should have done was to eliminate the chance of this happening in the first place. Why are they having a logging mechanism? Why don’t they use RAM only servers or something like that? Privacy services should have the infrastructure and legal power to say “No”, or they are lying.
You need to read the article. It explicitly and IMO satisfactorily answers your excellent questions.
The lesson here is despite what a service says, don’t trust it and take the appropriate measures to cover your tracks.
You can create an access the inbox through Tor at
protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onionThe important thing is to always access it through Tor.
You can create an access the inbox through Tor at protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion
That’s just such an easy link to memorise, isn’t it? Just like the New Emergency Number
Onion TLDs are inherently not human readable for many well documented reasons of varying levels of legitimacy.
The idea is that you write it down ahead of time (bookmarks and password managers are a thing) and paste it into your TOR browser or bake it into your privacy oriented live USB.
Also pay attention to what the service says and what it doesn’t. We get into this spot regularly because of things people assumed about Protonmail without being told.
A big problem is people see the word “privacy” and think that means anonymous. Neither Tuta nor Proton claim to be anonymous.
Yeah it’s getting really annoying at this point.
It’s also worth clarifying that ProtonMail doesn’t collect IP addresses by default. Instead, the monitoring/ logging starts after ProtonMail gets a legal request.
They still have to adhere to legal requests.
they should inform the victim about it
Under Swiss law, ProtonMail should notify the user if a third party makes a request for their private data and if the data is for a criminal proceeding. However, there’s a big catch/ loophole here. On its law enforcement page, ProtonMail highlights that the notification can be delayed in the following cases:
Where providing notice is temporarily prohibited by the Swiss legal process itself, by Swiss court order, or applicable Swiss law;
Where, based on information supplied by law enforcement, we, in our absolute discretion, believe that providing notice could create a risk of injury, death, or irreparable damage to an identifiable individual or group of individuals;
As a general rule though, targeted users will eventually be informed and afforded the opportunity to object to the data request, either by ProtonMail or by Swiss authorities.
This incident seems to fall under the first case, and that’s why ProtonMail didn’t notify the user. “Some orders are final and cannot be appealed, that’s just how the legal system works, not everything can be appealed. The user wasn’t notified for the same reason that you don’t notify a suspect before arresting them,” says ProtonMail founder Andy Yen.
Proooobably part of the request that they are not allowed to do that.
Yes, exactly.
Privacy is and should be a right, absolutely if you’ve done nothing wrong.
But it doesn’t absolve anyone from the right to shroud from any crime committed, period.
if you’ve done nothing wrong
Through who’s lens?
When a person is raped and seeking an abortion from Texas, do they deserve to be stripped of privacy? What about countries that see being gay a crime?
I don’t particularly care about proton outing people, but they should absolutely be restricted from advertising that they’re more private or secure than any other provider out there.
Apples and Oranges comparisons here also, you’re making some bad examples out of the gate that probably isn’t worth breaking down.
When Proton advertises about being more private and secure. That’s a lot to be said there than say Google, who dances badly to the tune of “we’re not evil”, lying to your face on a consistent basis. You won’t ever know if Google is reading anything you’ve got in your little GMail box or what you decide to use in the services they offer. Do you truly believe that you’re getting privacy from all fronts from the countless things Google offers you? It’s too good to be true. Why do you think it knows so much about you when you use several of their services?
that probably isn’t worth breaking down.
I could say the same about your comment.
Yeah because you have nothing intelligent to reply with. Don’t be choking on those upvotes of similarly minded people who also probably have nothing intelligent to add or any answers to what I presented. Still doesn’t paint you any smarter.
Dude why are you being so hostile for no reason ?
If people are going to rush in acting like an idiot, they’re going to get treated like they’re an idiot.
“No reason” my ass.
what an eloquent way to get blocked!
should be a right, absolutely if you’ve done nothing wrong.
The loss of privacy happens before the determination whether that person has done anything wrong. If the person’s criminal case goes well, do you have a time machine to go back and not invade privacy?
No, because that’s the part where someone should’ve learned a lesson or two. What do you mean if a criminal case goes well? If someone is suspected of something and may be involved in a crime, what entitlement do you have? It is part of a criminal investigation process. You either comply or worsen your odds by raising suspicions if you continually refuse to cooperate because you’re too busy debating police officers about “MUH PRIVACY”. Duuuuuhhhhhhh!
Did you think you stepped on some checkmate kind of discovery here? No, you didn’t.
I’m from the US and we have a system in place for search warrants. It’s not a great system if I’m being honest, but I believe something of the sort will likely always be necessary. Do you have an alternative suggestion? I’m legitimately interested in different options.
At the very least have controls in place ensuring disposal of data when court cases are fully processed to the full extent of appeals possibilities. Not allowing broad requests such as « everyone that connected to a given antenna for a month » or even « all connections toward NET or ASN whatever ». Additionally have the data fully isolated, removing all possibilities to cross use data initially granted for a purpose. I could go on for a while… It’s all a balance though, sometimes reuse leads to solving unrelated cases but it’s bound to the imperfections of local authorities everywhere one’s data can be requested.
Agreed on all counts, and that’s mostly how warrants should work, but that does not address the persons point. They seem to suggest full privacy should exist until found guilty of a crime.
That’s definitively not how they work in Europe and even though I’m not expert in other regions I assume that it’s absolutely not the case in USA either. Technologically there’s no solutions fully preserving everyone’s privacy hence the importance of the local culture. But if the current practices improve with the likes of the controls I mentioned I would say that it would be good enough.
I have added the text and a generic online summary below, but generally the issue is that judges are becoming more and more lenient and are unwilling to put their foot down when there are requests that are actual overreach. This is for a variety of reasons, and the law might need to be more clear/strict, but according to the letter and interpretation of the law they need to be specific about what they are looking for and it should minimize intrusion in general. Judges have just stopped caring in many cases, and of course the people carrying them out are trigger happy jackboots.
Edit to add: we have a pretty open legal and recordkeeping system here in the US, so the removal from public record is pretty against that. I don’t know enough about the particulars to state whether I think that would be a wholly good or bad thing. I think a transparent judicial process is important, and things submitted to the court generally have a high degree of specificity and do involve redactions when relevant. I don’t know the benefits necessarily, but if proposed I would not necessarily be against sealing cases where the party was not found guilty.
From Cornell law school: Amdt4.5.4 Particularity Requirement Fourth Amendment:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
“The requirement that warrants shall particularly describe the things to be seized makes general searches under them impossible and prevents the seizure of one thing under a warrant describing another. As to what is to be taken, nothing is left to the discretion of the officer executing the warrant.” 1 This requirement thus acts to limit the scope of the search, as the executing officers should be limited to looking in places where the described object could be expected to be found.2 The purpose of the particularity requirement extends beyond prevention of general searches; it also assures the person whose property is being searched of the lawful authority of the executing officer and of the limits of his power to search. It follows, therefore, that the warrant itself must describe with particularity the items to be seized, or that such itemization must appear in documents incorporated by reference in the warrant and actually shown to the person whose property is to be searched.3
Footnotes 1 Marron v. United States, 275 U.S. 192, 196 (1927). See Stanford v. Texas, 379 U.S. 476 (1965). Of course, police who are lawfully on the premises pursuant to a warrant may seize evidence of crime in “plain view” even if that evidence is not described in the warrant. Coolidge v. New Hampshire, 403 U.S. 443, 464–71 (1971). back 2 In Terry v. Ohio, 392 U.S. 1, 17–19, (1968), the Court wrote: “This Court has held in the past that a search which is reasonable at its inception may violate the Fourth Amendment by virtue of its intolerable intensity and scope. Kremen v. United States, 353 U.S. 346 (1957); Go-Bart Importing Co. v. United States, 282 U.S. 344, 356–58 (1931); see United States v. Di Re, 332 U.S. 581, 586–87 (1948). The scope of the search must be ‘strictly tied to and justified by’ the circumstances which rendered its initiation permissible. Warden v. Hayden, 387 U.S. 294, 310 (1967) (Fortas, J., concurring); see, e.g., Preston v. United States, 376 U.S. 364, 367–368 (1964); Agnello v. United States, 269 U.S. 20, 30–31 (1925).” See also Andresen v. Maryland, 427 U.S. 463, 470–82 (1976), and id. at 484, 492–93 (Brennan, J., dissenting). In Stanley v. Georgia, 394 U.S. 557, 569 (1969), Justices Potter Stewart, William Brennan, and Byron White would have based the decision on the principle that a valid warrant for gambling paraphernalia did not authorize police upon discovering motion picture films in the course of the search to project the films to learn their contents. back 3 Groh v. Ramirez, 540 U.S. 551 (2004) (a search based on a warrant that did not describe the items to be seized was “plainly invalid” ; particularity contained in supporting documents not cross-referenced by the warrant and not accompanying the warrant is insufficient); United States v. Grubbs, 547 U.S. 90, 97, 99 (2006) (because the language of the Fourth Amendment “specifies only two matters that must be ‘particularly describ[ed]’ in the warrant: ‘the place to be searched’ and ‘the persons or things to be seized[,]’ . . . the Fourth Amendment does not require that the triggering condition for an anticipatory warrant be set forth in the warrant itself.” back
Here’s so generic information about the above: Requirements for a Valid Search Warrant
The police who submit an affidavit supporting a warrant must attach a sworn, detailed statement. The officer must then appear before a neutral judge or magistrate. The judge will check to see if the officer has probable cause to execute the search.
In Carroll v. United States, the U.S. Supreme Court held that probable cause exists when a police officer has facts and circumstances that provide a reasonably trustworthy basis to believe a suspect has committed or is about to commit a crime.
If the police request a search warrant to search a location, the police must provide probable cause that evidence of a crime exists at that location. The officer must also state, with specificity, the items they are looking for.
Reasonableness Requirement
Even if the police have a warrant, their search must still be reasonable. Although the facts of the case dealt with a warrantless seizure, the court in Brinegar v. United States reiterated that the presence of a warrant does not give the police the power to conduct an unreasonable search.
The police officer’s search must be reasonable, or the prosecutor won’t be able to use the evidence they find in court. For example, if the police are looking for a large suitcase that contains drugs, it wouldn’t be reasonable for them to look in your bedroom drawers. A large suitcase or duffel bag could not fit in a nightstand drawer.
It’s an atrocious system, innocent people get killed every year over it.
I don’t think the concept is inherently flawed, but the execution is obviously terribly flawed. If several people credibly report seeing someone burry a body in their yard, the description of which corresponds to a missing person, I understand how getting a warrant to at least visually inspect their property would be necessary to fully investigate this claim. I don’t think this requires the kind of force we often see, but I don’t see people offering alternatives to warrants in general. I understand that privacy is a fundamental right, but presumably that’s where a judge would come in to decide if there was probable cause to partially suspend that right.
I am open and interested in hearing alternatives, but I do not see them posed. I think what underlies the system would function fine with a less militarized group enforcing it.
The police gained access to the IP address because Swiss authorities chose to cooperate with the French government
We’ve seen this several times now. Proton is subject to Swiss law, just like every company in their respective countries. You choose Proton because Switzerland has the most privacy protections of any country on the planet (for now).
If you want private communications, don’t use email. In fact, if we could all stop using email entirely, that’d be wonderful. There are hundreds of truly-private alternatives, many with no company involved at all.
This is absolute nonsense. I would prefer most of Europe over Switzerland. The swiss government was always bad with privacy. See Fichenaffäre for example. Not to mention the new büpf and similar laws. I’m swiss. I would never store sensitive data in Switzerland on a public server. Well. Except taxdata, I guess. Can’t really get around that.
There are hundreds of truly-private alternatives, many with no company involved at all.
Such as…? I bet some ISPs or hardware maker companies are involved at some point.
Cwtch. XMPP. Matrix. SimpleX. Quiet. Delta Chat. Arcane Chat. Revolt. Briar. Meshtastic. etc. etc. etc.
Aren’t most of those requiring dedicated setup? How does that work without a pre-existing communication channel such as email to prep for them? You walk to every party you need to integrate?
Sorry, I don’t understand the words you’re using. Some of them are peer to peer. Some of them use servers which can be hosted by individuals. Some of them work locally over Bluetooth or WiFi.
Damn. They didn’t seem so wild especially compared to the flow of yours. All mediums / techs you listed are complex technologies that take efforts to setup. Compared to the ubiquitousness of email. How do you propose to make that as available to the baseline human being?
Email is much more difficult to configure than most of these services. Some of them require no configuration at all. You just open the app, type in the recipient’s address, and Bob’s your uncle.
For others, it’s already available through community projects like AdminForge and Disroot.
Users don’t need to configure email that’s kind of the point… and the receiving side of most of your techs still had to eventually setup the server side right? Adminforge is Linux tutorials, hardly something for the basic user. And disroot has not the best reputation if I can trust the few top links in my search results due to its gtc where they mentioned that they would collaborate in criminal investigations as well.
The “baseline human being” can easily set up most of those.
You should consider reviewing your baseline to integrate actual persons. Some need help to use WhatsApp so go figure how they would fare with most of those.
Most of those still rely on some company to host a server, except Briar, and in practice most Briar users are still relying on companies to access Tor to connect.
They are more robust, not perfect.
None of them require a company to host a server. That was my entire point.
Explain how you’d use Delta Chat without a server, please? I may have misunderstood its need for a mailserver when I tried it.
I didn’t say without a server, I said without a company-hosted server.
How do you even get a non-company-hosted server now? Public bodies don’t host services for outsiders much any more and aren’t really safe places for privacy in this type of case anyway.
Okay so I do remember this issue being brought up a long time ago so it’s not exactly news and the author has a poor time lapse of events.
ProtonMail is not like a safe haven for any criminal operation, that would make Proton incredibly liable. Just like Telegram became with what’s been happening with trafficking and children-related incidents.
Secondly, an IP address is like stupidly easy to get anyways on someone unless VPN.
There is just so many things wrong that people are not taking into account but I guess let others go on self-virtuous parades to demonize Proton. If you understand laws, this is not a problem. If you understand tech, you’d realize the same. If you understand both, then hooray! You get it.
There seems to be no suggestion yet that any crime was committed on/using ProtonMail itself. Just that it was a tool to track someone accused of offline crimes. So this comment feels like misdirection because there are probably options between being liable and effectively telling the cops where users are.
They have to abide by court orders.
Do Swiss courts not allow any defence to be presented?
I don’t know Swiss law well enough to answer that. But getting mad that a company followed the laws they’re bound to by their jurisdiction is dumb.
I unironically said this in my group chat, “proton mail is becoming more and more sketchy as being a privacy focused mail service” just like how signal is becoming more sketchy as a instant message service. There are things proton mail does such as logging activity that shouldn’t be the case as a paying customer, and yet here we are. When I request privacy I want it to be private, as in don’t give my data to anyone. it seems for that to happen it must be community driven and decentralized.
Email has been a decentralized federated system from the start, though I’m not aware of any community I’d trust to be a more privacy-respecting host than the available commercial offerings.
Internet becoming more and more unusable
WHAAAAATTT???
The same company that supports Trump and closed the account of two journalists???
Who would’ve EVER EVER EVER expected that???
I AM IN SHOCK!!!
Stop spreading misinformation.
You can look it up for yourself but the tldr is that the company donates to leftist organizations that promote freedom, privacy, and open source.
They temporarily suspended 2 journalist accounts in order to verify if they were nation state hackers which was flagged by a CERT, which they reinstated.
Time will tell…
All these people relying on a private corporation for privacy have a serious screw loose.
Proton fully cooperates with all government requests. They are just another tech company selling “privacy” to make a buck. The only people who care are those foolish enough to give them their money.
yes. proton ceo is a fascist.
why are yall constantly surprised?
Oh ffs. We have known for years that Proton is just a for profit company like any other. They dont give a fuck about you or your privacy. They never have and they never will.
For profit or FOSS, they can’t ignore the Swiss government. It’s fucking stupid that people put this ridiculous standard on them like they’re able to just tell the Swiss no and face no consequences.
If you were in their position, you would roll over too, and if you claim otherwise you’re just straight up lying.
They complied with laws. Where is the issue?
- Authoritarian regime decides that being critical of the regime is illegal and makes laws to support this.
- Activists use Proton for privacy.
- Regime demands that they give up data on activists.
- Proton complies with the laws.
That’s the issue.
What data? Here it is the IP address and only under order by authorities.
I feel ever since the social media shitstorm people love to pile on Proton for anything. They never said they won’t comply with law enforcment, did they?
What data? Here it is the IP address and only under order by authorities.
Whatever they gather. It says as much in the article; they started recording IPs once a request by the Swiss government came through.
ProtonMail can’t directly share data with foreign governments. In fact, doing so is illegal under Article 271 of the Swiss Criminal code. The police gained access to the IP address because Swiss authorities chose to cooperate with the French government. ProtonMail also points out how Swiss authorities will only approve requests that meet Swiss legal standards.
Under Swiss law, ProtonMail should notify the user if a third party makes a request for their private data and if the data is for a criminal proceeding. However, there’s a big catch/ loophole here. On its law enforcement page, ProtonMail highlights that the notification can be delayed in the following cases:
That’s based on the currently available laws. So if a law gets drafted that says “if we suspect someone to be complicit in criminal activity we want you to gather more data” we should just be fine with that because the authorities say so? Because the authorities are always infallible and incorruptible, right?
The details of this individual case isn’t the problem, it’s the precedent it sets that is. When Mullvad got raided for their logs there was nothing recovered because they don’t store anything. Proton stores things based on if the authorities ask them to, and when they find out that it wasn’t a terrorist or child-trafficker they go “woops we had no idea the account belonged to a climate activist.”
The authorities aren’t infallible. Some years back here in Sweden we had police raid, physically abuse, and kidnap a guy they suspected was a pedophile because he’d sent images of him and his 30 year old boyfriend having sex via Yahoo Mail. There’s no reality where this man should’ve been fucking beaten up and traumatised the way he was, but it happened, and there was no recourse for him. Nowhere down the chain of responsibility did anyone get reprimanded or investigated for misconduct.
Complying with the law is such a bullshit fucking excuse.
ProtonMail does not log things by default, but they can still be court ordered to do so by swiss authorities - if you want to run any business at all, you have to submit to a jurisdiction, you can only choose which one to run under. And even if your chosen authority is alright by itself, it can still be misled by other jurisdictions like the French did, using the terror-cudgel against climate activists.
I can also recall that in this case Proton said that had their user actually bothered to use any VPN, even Proton’s, there wouldn’t have been anything to give to authorities except for an exit node IP.
Proton said that had their user actually bothered to use any VPN, even Proton’s, there wouldn’t have been anything to give to authorities except for an exit node IP.
“She shouldn’t have dressed that way.”
Proton could do better, and it’s ridiculous that there are people out here okay with them not doing better.
Our legal entity is in Sweden, where the law does not allow for any government to force us to spy on our users.
You’ll agree that Proton doing better would require them to move to a different country, right?
Also Mullvad doesn’t offer email accounts, does it? Seems that they couldn’t have a ‘no user data’ policy if they did since the emails would be exactly that.
Complying with the law is such a bullshit fucking excuse.
Yeah, they should just go to prison for someone they don’t know and had nothing to do with, that’s the only answer we should be ok with!
Do you hear how stupid that sounds?
Right, because corporations are widely known for going to prison when they break the law. Where exactly did they imprison Facebook for interfering in elections? Running illegal experiments on people? Pirating books and pornography? Surveilling children and selling their data?
Look at Mullvad. They’ve denied access to their data multiple times, they got raided, and nothing of use was recoverable. That’s what respect for privacy looks like. Proton could set their infrastructure up in this fashion, but instead they’ve chosen to just hand out user data freely.
Now you’re comparing apples to oranges? Is that what you do when your position is untenable?
When Mullvad got raided for their logs there was nothing recovered because they don’t store anything.
Mullvad is not a mail provider…?
They both have no-log policies. One is “we never log” and the other is “we log sometimes” do you see the difference?
The difference is that they’re different products with different technical requirements.
So Proton should refuse to comply with the law and have to close their entire business?
I don’t know about ‘should’ but wasn’t that the impression their marketing tried to give? Or at least that they would fight to defend user privacy for noble activists? But when challenged, its owners seem to have folded quicker than a strapontin.
No. Nothing in their marketing says they’ll refuse to comply with lawful orders.
They do successfully challenge many of them. This is all documented in their transparency report.
Nothing in their marketing says they’ll refuse to comply with lawful orders.
Maybe not now, but it used to say ‘your privacy comes first’ which certainly gave the impression privacy would be more important than blindly believing and obeying courts.
Thanks for the link to their report.
Privacy is not binary. It lives on a Spectrum. On one end you have Proton and Tuta. And on the other, Gmail, Outlook, Yahoo, etc.
No. The impression their marketing gave was that they followed Swiss law.
Legal entity that doesn’t comply with the law is simply not possible. If you think otherwise, you’re being really naive
And yet, legal entities are often found guilty of not complying with the law. I think people were expecting Proton to at least try to fight a morally-questionable court order.
They said things that led the unwary to trust they wouldn’t. Remember, this isn’t some terrorist mass-murderer they handed over, but apparently an anti-gentrification youth activist linked to Greta Thunberg’s campaign groups.
Edit to add: in particular, Proton used to claim ‘your privacy comes first’ but this case suggests in reality, the Swiss government’s help for French police comes first.
Proton never says they won’t comply with orders from the Swiss government. You won’t find that claim anywhere on their website, any more than you’ll find it on Tuta’s website.
In fact, they frequently say that they’ll comply with orders from the Swiss government.
The Swiss aren’t Tuta’s government. They would, however, comply with an order from the German government, because they would have no choice.
I meant Proton is pretty open about complying with the Swiss government
of course they are, and that’s a good thing. because there’s a lot of people in the comments here that mistook privacy for anonymity and expect Proton to break the law for them out of principal. which, quite frankly, is unfair to Proton because I’m willing to bet none of the people in this thread would be willing to do that if they were in Proton’s position.
Please tell me a mail client that doesn’t comply with national laws.
I never said anything about complying with laws, people just interpreted it that way. Of course everyone will comply with local laws or secret government orders that come with threats of imprisonment. I dont know if Proton was required to log this data in the first place, but if they were then this specific situations is not their fault.
The issue with Proton isnt that they follow laws, but that they portray themselves like they are better or more private than others when they are just not. Bigger = worse in the tech world. Whenever too many people are using services of a single company, it becomes an attractive surveillance target.
What im also annoyed about is people being surprised by this and these headlines that make it look like its some sort of betrayal. You should always be worried about your privacy when you put data on a computer that isnt in your physical possession. Proton isnt trustworthy because nobody is trustworthy except yourself.
it’s always disappointing when people all about FOSS and shit suggest Proton to people looking to switch from google. no, don’t do that. use Tuta or self host or ANYTHING other than Proton. it’s such a shit company that does not deserve the praise they receive.
So Tuta would refuse a legal order from their government?
Probably yes since they don’t operate out of Switzerland. Sorry, couldn’t resist! But they would probably comply with a German legal order.
they would probably comply with a German legal order
So…why is Tuta better again?
Am I saying they are?
You’re replying to a comment chain that said “use Tuta”.
They are saying that they are technically right.
Yup, I noticed that and edited about five seconds before you replied lol
deleted by creator
You recognize that it is absurd to complain about recommendations and then recommend something you know nothing about and refuse to stand behind, right?
The answer is no. They would not refuse a legal order from their own government. And it’s ridiculous people think that.
Tuta are also a for-profit company, aren’t they? Just one that currently has better published positions than most. Use them, but make sure you keep a path to the exit door in view.
