This is non-news, like all tech companies, they are bound by law to do this. It happens more than 6000 times per year for Proton. However, this user just had bad opsec. Proton emails are all encrypted and cannot be read unless law enforcement gets your password, which Proton does not have access to. Even if Proton hands over all data.
Proton doesn’t get a free ride here.
They are bound Swiss law and should not be retaining any identifying information.
If they are going to give up everything they have on you when the feds come knocking, they shouldn’t keep anything or they shouldn’t market themselves as private and secure .
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
The user specifically requested that Proton retain this PII for account recovery.
Speaking of which, how do they implement recovery emails? Do they save your private keys only if account recovery is enabled?
Recovery email only restores access to the account, so you can get future emails. But all data is lost, emails sent in the past (saved emails) are not recovered.
No, Proton does get a free ride here. The information they provided was the recovery email address, which they were required to do by law.
The only data they don’t encrypt (can see) is that which they absolutely need to store unencrypted. If they encrypt your recovery email address, then… they can’t send you any recovery emails to it since they can’t see it.
This is 100% the fault of the user.
All any service can do is give you the best tools available to maintain your privacy, but they can’t stop you from shooting yourself in the foot.
Firefox is also great for privacy, but if I use it to fill out some info on some phishing sites then that’s not a them problem.
Don’t forget that most of your email arrives at their servers unencrypted, supposedly they immediately encrypt it, but you have to take their word on that. And there’s always the possibility that they are forced or just decide to make a copy of emails as they’re encrypting for your inbox.
They are bound by Swiss Law, so they have to comply with lawful orders. They are very up front about this even within their marketing that pertains to protection from other government authorities. They are also very good at explaining exactly what is protected and what inherently isn’t. A recovery email isn’t. In order for a recovery email to work by its very nature, Proton has to have a record of it. But at the same time they don’t require you to set one. Proton hasn’t done anything that they’ve promised not to. There comes a point where you need to put a little effort into understanding the product you’re using.
Don’t tell me, tell the guy they gave up . ?
They market to activists and people concerned with the business of protest, not Swiss law experts - and are very much are not up front about what could happen if they are contact by LE. Of course They don’t hide it, but you won’t find it on the front page, where they trumpet about Swiss privacy… You and I know the detail, many users may not.
At the end of the day, they attract a lot of activists and protesters to their service, with the offer of “safe and secure email. “ .
They hold a database of all them, in a jurisdiction that requires them to comply with legal requests for information.
They service some 6000 such requests from their database of every year, or around 30 per day.
You can decide for yourself who this efficient and eminently accessible single source of protesters information helps the most.
But if you use their service for free, you do not have to provide any identifying info. As far as I am aware there is no check what you enter is legit and there is no requirement to supply a backup address. So the whole solution for a user to stay anonymous as much as they can with Protonmail is simply to not enter any identifying info.
How do you imagine a recovery email to work, if the provider doesn’t store it, and you lost access to your email by definition in the moment you need it? Recovery email is not needed, you can totally use your account without and proton doesn’t ask for it. It’s a feature where you obviously are disclosing that piece of information and link two accounts. It’s either that or not using that feature.
It would be cool if they stored a hash of the recovery email, then you type it out during the recovery process and they can send if the hash matches what they got.
Proton’s mails are encrypted… between proton accounts. Send an email to a hotmail account and bye-bye encryption. Proton does rely on PGP so you can use that if the recipient supports it.
They mean encrypted at rest. As in, Proton cannot hand over a copy of all your emails to a law enforcement agency, they don’t have access.
This means law enforcement would have to capture an unencrypted email in transit, or obtains your emails from either recipient individually.
https://proton.me/support/password-protected-emails
A Password-protected Email is an email that requires a password to open it. It’s a way you can send a secure, end-to-end encrypted email to anyone who isn’t on Proton Mail.
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
I like how no ones talking about how Apple (the one its fanboys say is most privacy centric company) was the one that helped identity the individual.
Proton leaked the recovery email. Apple has never given any guarantee about their mail service, which isn’t the case of Proton
Don’t put any recovery info on Proton
Proton has never given any guarantee about hiding all account metadata from the Swiss government either.
They’re all like “privacy and freedom”, “take control of your data”…
They’re saying they’re the best for privacy literally on their website. You might argue that Apple does it too, which is fair, even though everyone knows it’s a lie
But yea anyways that’s a big flaw, they shouldn’t push customers to enable a feature that effectively deanonymizes them
Don’t put any recovery info on Proton
About that. I’m still making the transition from gmail and currently most of my mail still goes to gmail first and gets forwarded to Proton through their easy switch process. Surely this is just as up for grabs as a recovery email, right?
FWIW I’m not likely to be investigated any time soon so I’m not worried either way.
That’s significantly worse privacy-wise, since Google gets a copy of everything.
A recovery email in this case was used to uncover the identity of the account-holder. Unless you’re using proton mail anonymously (if you’re replacing your personal gmail, then probably not) then you don’t need to consider the recover email as a weakness.
“Privacy” means two different things depending on the audience. For me privacy means that my information is not being used to advance some organizations commercial interest. For others it means that my information will never be shared with a government.
Don’t advertise to me
Or
Don’t narc on me
I guess I don’t really expect a company to resist pressure from government agencies on my behalf. Especially if I have been using their service to commit crimes in my country. If you are doing things your government would prefer you didn’t, hire a good lawyer and consult with them about what should be sent via email (spoiler, it’s nothing). The mafia doesn’t send emails, or put anything in writing, if you do crimes, you shouldn’t either.
I guess I don’t really expect a company to resist pressure from government agencies on my behalf.
Personally, I expect them to resist to the extent possible by law. The cops need to follow a lot of rules to make legally binding requests for data. I understand that if they do, there’s not much a company can do other than hand out the info, but if there’s a legal way to deny such a request, I expect the company to pursue it.
Companies selling data don’t tend to be picky who they sell to. Governments and police buy data all the time.
The best part is a government can buy data and and can change the rules on what is illegal.
So, if they decide tomorrow that your innocent behavior is a threat, you’re now a criminal.
They provided the backup e-mail address
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
Just in case anyone thinks they decrypted mails and handed them over, nope. I hadn’t thought about that “settings” are not encrypted. Guess if you want to stay anonymous you shouldn’t add your private mail address in there as a backup.
Yeah. Even if they couldn’t hand over recovery emails, having a personal email as a backup to a “private and sensitive” email account is bad practice.
But what do you do if that field is needed? A throwaway address won’t work as it’s easy to recreate. Buy your own domain and run a server?
I put the Simplelogin email alias as my backup mail. Which forwards mail to my proton, so I guess it isn’t really a backup. Even more so if you realize I need to sign into simplelogin with my protonmail account and protonmail owns Simplelogin.
I don’t believe you need that field with Proton, correct me if I’m wrong. If you do need that field with an email provider, and you need complete opsec, use a different provider.
No, domain names are tied to a person and, even if that person register the domain with fake person details, there will be a digital payment associated with the purchase.
I don’t know much about the case beyond some very lazy peripheral searching, but it strikes me that Proton’s compliance isn’t an issue, but the requests themselves are totally unjustifiable and based on malicious prosecutions to nab some separatists on ridiculous terrorism charges for their nonviolent action and protests.
This individual is suspected of being a member of the Mossos d’Esquadra (Catalonia’s police force) and of using their internal knowledge to assist the Democratic Tsunami movement.
The requests were made under the guise of anti-terrorism laws, despite the primary activities of the Democratic Tsunami involving protests and roadblocks, which raises questions about the proportionality and justification of such measures.
Probably the request to Proton arrived from a Swiss judge, who received a request from Spanish judge, and he evaluated the request and decided that it has merit.
