by kdunglas on 9/6/21, 1:50 PM with 285 comments
by dang on 9/6/21, 8:38 PM
Climate activist arrested after ProtonMail provided his IP address - https://news.ycombinator.com/item?id=28427259 - Sept 2021 (552 comments)
ProtonMail logged IP address of French activist after order by Swiss authorities - https://news.ycombinator.com/item?id=28433131 - Sept 2021 (139 comments)
by smnrchrds on 9/6/21, 4:50 PM
Their threat model and all threat scenarios should be front and centre on their front page and sign up page. That is if they care about user privacy not just the bottom line. They have a choice between better-informed customers or more money, and so far, they have chosen the latter.
What this and the new Apple debacle have proven to me is that privacy is not a product that can be purchased. If you want real privacy, you have spend a lot of time learning how to preserve your privacy. No matter what Apple and ProtonMail and similar companies tell you, you cannot buy privacy off-the-shelf.
by flotzam on 9/6/21, 4:13 PM
1. It's impossible to create a paid account with cryptocurrency: You can only use it to pay for an existing account
2. It's impossible to anonymously create any account over Tor: You have to at least pass SMS / secondary email verification, and it better not be an easy to get address ("Email verification temporarily disabled for this email domain" etc.)
Lots of marketing and boxticking (.onion: check), but it looks curiously hostile to anonymity if you actually try to use it.
by rogers18445 on 9/6/21, 3:09 PM
This is false.
Each time you visit protonmail you re-download (cache can be invalidated) their client. It would be trivial for them to serve a specific user a modified client which uploads their encryption keys.
This problem is not specific to protonmail, any service which contends to be secure with respect to some server (the protocol relies on the client to decrypt stuff the server cannot) can be compromised this way because of implicit trust in the client software which can be modified at any time with no notice - making any auditing entirely meaningless in the case of targeted attacks.
This problem should perhaps be addressed by browsers since it seems they are becoming pseudo operating systems.
by potatoeater515 on 9/6/21, 3:25 PM
As the manager of various accounts used by environmental and social activists on Protonmail, this is really bad.
I understand they have to follow Swiss law, but surely there are higher standard and processes than: police forward foreign request. Don't challenge or question, just do task required.
Interpol requests are not as universally recognized as what some people here are alluding to. Countries can file these requests with interpol but it's up each country to determine if they act or recognize the request.
If the Chinese government files 500 requests via interpol and the swiss police merely pass them on the proton, will proton mail automatically comply and install malware on their client on targeted accounts?
I hope this is not the case but I expect this to be clarified. On th face of it, organizing an occupy protest hardly seems to pas the bar of "serious criminal cases"
by janmo on 9/6/21, 7:38 PM
It's in french but here is a summary: Law enforcement contacted Protonmail directly and the company told them to use the "Europol channel", which law enforcement did.
Protonmail then provided the date when the account was created, the IP address (Not clear if it is the one when it was created or last login) and the "device", I suppose they are talking about the user agents.
Please keep in mind that companies can charge processing fees on law enforcement requests. I would really like to know if ProtonMail is earning money on this.
by kodah on 9/6/21, 3:14 PM
> For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying premises rented by Le Petit Cambodge — a restaurant that was targeted by the November 13th, 2015 terrorist attacks in Paris.
by yjftsjthsd-h on 9/6/21, 3:20 PM
> ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.
But the arrest was by the French police. So the Swiss government used a warrant to get info from PM and then passed it to France because the charges passed muster under Swiss law ("Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)")?
by indymike on 9/6/21, 2:53 PM
At some point everything on the internet becomes local, because people and businesses eventually must exist at a location in the real world. Proton is always going to be subject to local law enforcement wherever they are based.
by istingray on 9/6/21, 3:58 PM
This is a weak response. "What we're changing" isn't specific. It's a "our shit doesn't stink" kind of reply.
"What we're changing" should be far more specific. Start educating users about Tor on your homepage.
Start blogging about Tor more than once in 2017. Have a score for how many users log in through Tor. Have a score for how many times your privacy policy is loaded.
Stop claiming to be the best simply because you have a Tor site with an old version of your app. That's not good enough.
I'm looking for leadership. Protonmail is clearly an "explainer" more than a leader. I'll keep my eyes peeled for whoever comes along to replace them.
by MitchellCash on 9/6/21, 3:11 PM
They’re not explicit with regards to the activist, this would mean the activist was notified upon ProtonMail receiving the request?
I’m not sure there’s much you can do but lawyer up if you receive such a notice, but potentially the activist could have immediately started using Tor (maybe too late though, because to read the notice they might have already leaked their IP).
by YLYvYkHeB2NRNT on 9/6/21, 2:43 PM
Very classy post. To-the-point. There are limitations with digital services.
If you don't like what happened, you need to change things. They only way to change things is to change the law. This begins with voting.
by bluelu on 9/6/21, 3:46 PM
by COGlory on 9/6/21, 7:18 PM
by rinron on 9/6/21, 6:10 PM
the only way for an entity to never comply with government orders and continue to function is to remain anonymous and their servers accessible only via temporary addresses or tor since static ip's and domains can be taken away. Making it impossible for receiving email and more effort than the average person would want to access. It then becomes a catch 22 as you cant fully trust an anonymous, transient entity since their motivation can never be verified(they could be a honey trap), they can rarely be held accountable if they betray you, and they could be replaced or compelled to comply without anyone knowing(someone part of a visible physical social network could have friends put out a warning if something suspicious happened to them).
What it comes down to is what we already know. they only way to be sure your email provider wont hand over your emails is to run your own email server anonymously. For anyone who cant do that protonmail is still likely the best choice even if its imperfect. plus adding whatever other layers of protection on top you are capable of.
by kdunglas on 9/6/21, 1:52 PM
by avodonosov on 9/6/21, 5:18 PM
by o8r3oFTZPE on 9/7/21, 9:09 AM
It seems prudent that Proton customers would want to have a look at those "Swiss laws" (a) to see what sort of protection they offer and (b) to make sure they dont violate one. In the case of (b) the customer will potentially lose all privacy protections, as emphasized in this announcement.
1 It appears that Swiss law is conveniently published in English however the English translation is not what Swiss courts use.
by TwinProduction on 9/6/21, 7:29 PM
I'm seeing a lot of people here that are surprised by the fact that even a company who has privacy as their main marketing point has to deal with compliance, but really, unless you host your own mail server, you just can't guarantee your own privacy.
I don't generally advise hosting your own mail server due to all the troubles that come with it, but this is really one of the only ways I can think of where you can achieve a decent enough level of control when it comes to exchanging emails.
by un_montagnard on 9/6/21, 4:03 PM
by joering2 on 9/7/21, 12:34 AM
I would definitely love to switch to something like this.
Edit: in addition, every time there is a new javascript library installed, user need to have confirmation if he/she wants to proceed. Otherwise it could be email provide on behalf of LE under their enforcement installing middle man.
by filmgirlcw on 9/6/21, 10:12 PM
It’s also concerning, legal or not, that logging was required in this case, which is not about drugs or the murder or corruption. But climate activism. By very young people. If the Swiss police will demand that data for something so small, that’s a a concern about trusting their laws and authorities to be “better” than the alternative.
by system2 on 9/6/21, 6:00 PM
Seriously I thought I was the uncool kid for not using ProtonMail and some other HN favorites. In the end, they are all someone's server with unknown connections. Do not trust other companies no matter what. Period.
by LWIRVoltage on 9/6/21, 6:18 PM
So, this might be in line with their policy of not having logs by default- but I have to wonder if this applies to phone numbers(which the crowd that signs up using VPN/TOR reports that they're required to provide).
If they don't keep that info, then Protonmail would be solid as long as you access it via VPN well before a order tells them to start monitoring the IP.
I'm also curious, I see here they do this for spammers - there is no way, a better system can't be created to 'verify' users against spammers ,since I see their logic here that spammers are why they do it https://old.reddit.com/r/ProtonMail/comments/phnyd9/why_is_p...
I'm aware that every other major email provider bans your account if you don't provide a phone umber shortly after account creation, such as Outlook for example. (Others require phone numbers up front, and all of them ban VOIP numbers)
We're nearly at the point that you can't email anyone without providing your phone number or other details...I know social media is already like that.
One thing i noticed, For things like Discord even, if you make an account, give them a non-major email address and they then force you to give a email, or else you can't sign in to that formal account. for now one can still use a permalink to get to a discord server without having to make an account...for now..
Protonmail is a standout if they don't log any of it, and still the best option left in the world, but this is still a icky situation.
I see also they point out Swiss law means this cannot happen to the ProtonVPN service, as email providers are specifically legally in the situation they have to allow active monitoring. Not for Swiss VPN providers...
And one needs a 'big' email provider address, or else it gets rejected by multiple services now that require a email address for sign up or usage.
I hope they clarify that payment details /phone numbers of TOR/VPN users doesn't get logged, like IP addresses, by default. Also, more importantly- that they move forward in fully dissuading spammers, and remove the phone requirement of people signing up anonymously
by bjowen on 9/6/21, 10:58 PM
This is subject to carve-outs of course, but it would be interesting to see how PM seeks to achieve this.
by e12e on 9/6/21, 7:01 PM
So, they could offer the service only over Tor and their own vpn (possibly adding in mullvad/Firefox and a few others to the whitelist) - and the email logs would be less useful?
Ie: build vpn into the email app?
by lossolo on 9/6/21, 9:57 PM
by OrvalWintermute on 9/6/21, 7:13 PM
by poetaster on 9/6/21, 8:55 PM
by notjes on 9/6/21, 7:28 PM
No matter what PM promises, without addressing this issue it is all bull.
Ladar Levison from Lavabit (Snowden email case) tries to square this circle to provide safe services.
by yololol on 9/6/21, 4:18 PM
I don't understand what this is about. Would they had refused to comply, was that the case?
by joering2 on 9/6/21, 6:45 PM
This is false. Just like LE forced them to turn on IP logging on someones account, same LE can force them - by law - to install some javascript code to AJAX back home the unencrypted content of the email once the client opens their email. How stupid do they think people are??
> There was no legal possibility to resist or fight this particular request.
WTF? So Switzerland is a fascist or authoritarian state now that you cannot take your own Government (in this case LE) to court and argue in front of a judge? I thought there is a separation of power in Switzerland, no? Then why the heck did Protonmail chose Switzerland to host their mail if they are being so oppressive?
by moedersmooiste on 9/6/21, 6:22 PM
by not1ofU on 9/6/21, 3:38 PM
by exabrial on 9/6/21, 6:32 PM
by ur-whale on 9/6/21, 4:58 PM
That is not something I'm ready to believe.
I remember trying to sign for a protonmail account a while back.
At some point in the process, they do ask for a valid cell phone number, which, unless you go to the length of getting a burner (not easy in many European countries except maybe the UK) basically means they know exactly who you are.
When I saw this, I walked away.
> under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation.
There's complying with the law like a good little sheep, and there's acceptable civil disobedience.
In this specific instance, proton should have taken the latter approach.
Take the fine, go to court, fight the injunction tooth and nail, make sure that even if they lose, the Swiss govt. knows the kind of fight and waste of time and money they're in for each time they come knocking.
They just bent and complied like good little boys.
Now their business model is compromised, serves them right.
by melbourne_mat on 9/6/21, 9:24 PM
by djoldman on 9/6/21, 4:15 PM
Is it a list of access time, IP tuples? Is that it or more?
by LightG on 9/6/21, 4:50 PM
What are the best alternatives to ProtonMail?
by steveharman on 9/6/21, 6:04 PM
"...we are one of the only email providers that supports this). "
What now?
by beermonster on 9/6/21, 4:08 PM
Don’t know why they can’t plonk a tcpip->tor->ProtonMail reverse proxy in front of their infra offering this facility to every connecting client, and transparently. After all, their services (including ProtonVPN) already support tor to some extent.
by ocdtrekkie on 9/6/21, 3:01 PM
It seems like the safest way to use email is to use email operated outside your own country.
by jijji on 9/6/21, 3:01 PM
by tlogan on 9/6/21, 3:20 PM
And I bet that these big corporations have better security.
Please advise…
by macinjosh on 9/6/21, 2:44 PM
by joering2 on 9/6/21, 6:43 PM
Good PR job! Instead of saying "okay we remove "by default" from our marketing materials because yeah if LE ask us to start logging, we gladly do whatever the case against someone is, i.e. jaywalking", they simply post a fake outrage in hope to minimize people leaving them. Well, I wasn't to, but now after this blog, I am moving away my 8 domains on platinum account. I mean seriously Google Suite is $6 per month, so why the heck should I need this fancy email hosting in the middle of Switzerland mountain BS, if at the end of the day they will comply with everything LE will throw at them, and then some. Seriously at this point it looks like Google legal arm is better at trying to fight subpoenas against you and force LE to show serious crimes, than Proton is.