ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

ProtonMail deletes "we don't log your IP" after French activist arrested

(1/4) > >>

Cops can read SMTP spec too, y'know...
Encrypted email service ProtonMail has become embroiled in a minor scandal after responding to a legal request to hand over to Swiss police a user's IP address and details of the devices he used to access his mailbox – resulting in the netizen's arrest.
--- End quote ---

Their website prior to this event stated: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first."  Apparently, that wasn't quite correct.  They have changed that statement to something a bit more vague.
In their defense, they were served with a bona fide legal order from Swiss (not French, though it was vis-a-vis Europol) authorities, which they are legally beholden to.

In this case, Proton received a legally binding order from the Swiss Federal Department of Justice which we are obligated to comply with. There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case).
--- End quote ---

The sticky question as to why they were logging access via IP address when their policy explicity stated that was not so is addressed in the comments at the article.  Apparently, they don't log IPs as a matter of course, but at the behest of a court order, they were obligated to do so.

Caveat Emptor.
Found at CodeProject News

Thanks for sharing this. I was unaware that this had happened.

I have to admit, I skimmed the article (because I was looking for it to state what Swiss law was broken in France) and it didn't seem like it gave much pertinent information. This article from TechCrunch seems like it does a more thorough job:

There, ProtonMail is quoted as seeming to suggest that if the person had been using Tor or a VPN--including ProtonVPN!--their actual IP address would not have been given to the authorities.

It is simply proof that at no point are you ever truly anonymous on the net. If at anytime a state authority wants information, they can get it.

Used to be they could just go in and demand the logs. Now they know better. They get a court order to monitor your actions and the company is forced to comply. Sure they still do not log anything for everyone else, but if you're targeted by that state agency there is little they can do to stop it.

I think protonmail is caught between a rock and a hard place with this one. But they aren't prevaricating or obfuscating when asked questions. One hilarious example-

That's from and some interesting comms there.

Personally, I don't see anything wrong with what ProtonMail did. They followed the law. An argument could be made that the law(s) should be changed. But they complied as they were legally required to do. And if the person of interest had been a little more careful about masking his IP address, ProtonMail would not have had anything useful to give to the authorities.

ProtonMail still didn't give the contents of the emails to the authorities, because they can't! And if you have read through their FAQs, etc., they were always very explicit (at least in English) in saying which info could be gleaned and which info was encrypted/protected from outsiders (which includes ProtonMail).


[0] Message Index

[#] Next page

Go to full version