ProtonMail is being criticized for sharing French activist’s IP address with Swiss authorities while claiming it does not save logs.
End-to-end encrypted email service provider ProtonMail is currently facing criticism after the company shared the IP address of an anti-gentrification activist with law enforcement agencies that led to their arrests in France.
Reportedly, the company informed Swiss authorities about the email address used by the activist, the IP address linked to that account, the device’s identification number, and its type/model.
Did ProtonMail reveal Private Info Out of Obligation?
According to a police report, the Switzerland-based company received a “legally binding order” from the Swiss Federal Department of Justice against a group called Youth for Climate. The company complied with the order and handed over the individual’s IP address and device-related information that the group used to access its ProtonMail account.
SEE: ProtonMail denies that it offers real-time surveillance assistance
Previously, ProtonMail claimed that it never asks for personal information to create a secure email account on its website.
https://twitter.com/tenacioustek/status/1434604102676271106?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1434604102676271106%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.theregister.com%2F2021%2F09%2F07%2Fprotonmail_hands_user_ip_address_police%2F
“By default, we do not keep any IP logs that can be linked to your anonymous email account. Your privacy comes first.”
But it seems like the company revised its policy and will be logging users’ IPs. Moreover, ProtonMail has revised its privacy policy which states that:
“If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation.”
ProtonMail’s Stance
ProtonMail claims that as per its policy, they must share information if a Swiss agency agrees to assist foreign intelligence/law enforcement agencies like Europol in investigations.
In a post on Reddit, ProtonMail explained the reason behind this step. The statement read:
“There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case).”
As per the company’s Transparency Report, it will have to comply with Swiss government orders and hand over required data if its users engage in acts or services deemed illegal in the country.
SEE: German court forcing Tutanota to let authorities read emails in plain text
“Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities,” tweeted ProtonMail founder and CEO Andy Yen.
“It’s deplorable that legal tools for serious crimes are being used in this way. But by law, must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced,” Yen added.
SEE: PureVPN Aided FBI to Track CyberStalker by Providing His Logs
Yen further clarified that ProtonMail didn’t reveal the data with French authorities or Europol and only agreed to share it when Swiss authorities became part of the investigation and requested the information.
Update (01:06 Tuesday, 7th September 2021 (BST)
ProtonMail has published a blog post with additional details about the incident. The update also revealed how the company can be forced to collect information on accounts belonging to users under Swiss criminal investigation.
Some thoughts on the French "climate activist" incident. It's deplorable that legal tools for serious crimes are being used in this way. But by law, @ProtonMail must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced.
— Andy Yen (@andyyen) September 5, 2021
Now that ProtonMail will share users’ data with law enforcement the best way forward is by not indulging yourself in illegal activities. However, to protect your privacy and data while using ProtonMail one must use a VPN or Tor browser.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.
“However, to protect your privacy and data while using ProtonMail one must use a VPN or Tor browser.”
Using a VPN won’t protect your IP address from law enforcement for the exact same reason the IP address wasn’t protected by ProtonMail in this incident.
Tor is the only answer here. NOT a VPN or Tor. Only Tor. Not a VPN.