Tldr: Yes, still secure and private.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
What are they supposed to do as an internationally known and used company? Reject legal proceedings and ignore official national laws?
I mean, the answer to that is clearly they should structure their service to store the absolute least possible personal information needed to allow the service to function so that when a legitimate law enforcement agency comes knocking they can honestly say they don't have much.
Which... appears to be pretty much what they do.
I agree with you. Losing the protection of a right -- even one as fundamental as privacy -- is by definition not a violation so long as that happens through due process. Now we can certainly talk a lot about what level of process is due, and I'm sure it will be basically unanimous that current standards around the world are FAR too accommodating to law enforcement, but at least in principle a warrant justifies the invasion of privacy. That's what the warrant is for.
This story kind of makes me want to switch all my stuff to ProtonMail.
Yeah I would agree with you that given the service they provide (email is brutal), they couldn't really collect any less info or improve security/privacy much more.
they could not log the ips
Idk for most people, but the reason I use proton mail is to avoid google parsing everything I receive to send me ads. I "have nothing to hide" on a legal pov, I'm not a criminal, the worst offence I do is like Jay walking or crossing at a red light on foot when there is no one at midnight. I don't use proton services to protect myself from the law (or in other words to avoid the consequences of my acts), I just want to be a customer instead of a product.
This is exactly why I use Proton as well. I'm not worried about law enforcement, I just want Google and other big tech's tentacles out of my fucking business. I don't want to be advertised to.
YOU JAY WALK!?
You are a disgrace!!! How do you sleep with yourself?
DISGUSTING!
/s
But that’s a really great point. It’s easy to thinking of your threat model as all or nothing. And you are right. I’m not hiding from the law. I’m hiding from advertisers. If the government acquires my information then it was a mistake on their part as there is nothing there to find other than emails from my bank.
This exactly. This is the audience for proton mail, and their success while sticking to this model is hope for us all
My threat model is not LE, its google, facebook, etc. If me using privacy services happens to make LE's job harder well thats just the cherry on top.
At the same time it's also important that the provider only complies with requests where it legally has to. I trust Proton to act this way.
The article is actually pretty balanced. Yes Proton is secure and private, but if you're hiding from law enforcement, don't expect a third party to take the fall for you.
If you're hiding from the LEOs in any real way you sure as fuck aren't using email.
I mean.... It's not like mailcow is too hard to set up if you want to write down your crimes in the same way Janice from accounting sent you that obnoxious blinking new Year's .gif Mail
Well I'm a customer and I think it's fine if the requests are legitimate. The question then of course is what is legitimate.
Its always about petty shit like piracy. You'd wish it was all them catching CSAM creators but thats a sliver of it. They'd be catching more rich dudes if it was.
Arresting XR rebels... So jo, it's not legitimate at all
My understanding is that the email is encrypted still so… they hand over the encrypted data which might be useless.
(CEO did a podcast this week for a Linux podcast)
deleted
I thought the email body is e2e encrypted nowadays by default(?). And I mean regardless of who your provider is.
Tangentially related information... this post led me to check on how many data requests Google receives from law enforcement (internationally). The answer is about 420,000 requests in 2023 (if you take the most recent data from Q1 and Q2 2023 and double it).
The question then becomes, how much more users does google have than proton
I did think about this but a mail service like Proton is going to attract proportionately more attention from the authorities because its users are going to be made up primarily of people who are more privacy/security focused (perhaps with something to hide) so having user numbers is not going to be that helpful in terms of doing a comparison. Also Google has a bit of a fake account problem, and a lot of people have a Google account only to enable them to access Google services (Android, Google Docs), and some people have multiple Google accounts.
I suppose they now keep logs of their VPN service too then.
Swiss law doesnt allow complying with VPN services afaik.
ProtonVPN and ProtonMail are completely seperate too.
Do you mean the law doesn't allow forcing the VPN service to comply with VPN log requests by authorities?
And what do you mean by "completely separate"?
Proton VPN... is operated by the Swiss company Proton AG, the company behind the email service Proton Mail.
@sqgl @ReakDuck
From what I understood :
Under Swiss laws, VPN providers are not forced to log anything.
They also can't comply with orders coming from a foreign country if not approved by Swiss authorities.
If someone is put under surveillance, he/she have to know that.
However, always remind that that's just the law, not what is technically possible. If you're considered as a real threat for an important country, neither Switzerland or any country will protect you.
ProtonMail was not even against cooperation with the RuSSian terrorist government, and this post was still downvoted, funny.
Have you already decided whether privacy is important to you or not?