Both ProtonMail and Apple will challenge subpoenas when they believe they are not valid, however neither company has the final say in the matter and can be compelled to provide access to data that they reasonably have access to. It is up to the user to plan what information they provide to service provides in order to not leave a trail of crumbs, and also evaluate what kind of man-in-the-middle weaknesses a service might have for the possibility of wiretapping. It should go without saying that linking a phone number or back-up email address can be a pretty large crumb.
The learning here is to recognise that these services can be compelled to provide whatever small information that they have reasonable access to, and that this information may be useful in unmasking an identity.
I suppose the second learning is to elect governments which respect democratic freedoms, even if that puts them on the back foot.
The whole controversy surrounding Proton started when they marketed themselves as "secure and private email", promising they would NEVER give away their users' data, until they did. I had a similar discussion with my friends today about this topic and the issue I have with it is that Proton tries to market itself as an email which will never snitch your data to the authorities. And we've seen countless times (they have provided data to almost 6k requests last year) that this isn't the case.
The problem as I see it is that Proton is not even trying to challenge the requests anymore. It's not like Tuta, who you can read on the news that they keep challenging almost every order they get from the authorities, even if they lose the battle in court: https://techcrunch.com/2020/12/08/german-secure-email-provid...
As I read on a website comparing "private email services", the question here is not whether a service provider will or will not abide by the court requests. It's whether it will do anything to challenge it or just giveaway the data without questions asked.
https://proton.me/legal/privacy
https://proton.me/legal/transparency
I standby the assertion that people will believe what they want to, despite there being easily accessible information that contradicts those ideas.
The only option for getting your email _out_ of their systems is to select small batches of them one-by-one in their app and export them.
There have been many requests for something similar to Proton’s bridge functionality that haven’t gone anywhere. A more useful export function has been near the top of their public roadmap[0] for half a decade now it looks like.[1]
Guess I’ll go find out what their refund process is like.
Don’t mind me. Just yelling into the void.
[0] https://tuta.com/roadmap/ [1] https://github.com/tutao/tutanota/issues/1292
You store my access times and IP addresses? I should see that.
I think this would align well with GDPR, too.
And therein lies the problem. We on HN may have a few ideas about how to do this, but the typical user of a secure email/VPN/tor unfortunately doesn’t and realistically can’t understand the corner cases and tricks.
Realistically, even HN users would make enough mistakes.
This is why I’m dubious of these types of products marketing to average consumers
Democratic freedoms, in the United States at least, protect people from UNREASONABLE search and seizure.
Compelling a third party to reveal information about a customer via a court order is not now, has never been, and will never be until the end of time and space, unreasonable.
The order itself might be unreasonable and should be challenged if so, but the procedure and ability to do so is not and will never be.
Its unreasonable if the standards for issuing the court order (as applied, even if not in theory) are unreasonable.
And that is often now, and has often been, and will often be (likely until the end of human history), unreasonable.
They should not be able to push a button and learn everything about a person. If they want to learn about an individual's private life, they should have to get a warrant then put people to work on the guy's case. They should have to literally follow their targets, photograph them, put hardware keyloggers into their keyboards. That sort of hardship imposes natural limits on the scale of their operations: there are only so many police officers you can assign. With computerized dragnet surveillance, the scale of their operations is essentially limitless.
These encrypted communications services aren't generally in the business of going to jail in their customer's place. They gotta comply with the government laws. When a court orders them to do something, they either obey or they are held in contempt of court if not worse. It can't be helped. It's still helping reduce global surveillance by forcing them to target their attacks.
You're conflating what's written in the law and the sad reality of how a lot of that is simply ignored by law enforcement, while they are standing on your neck, searching your car.
This will _never_ happen. It's the human condition....
Admittedly this is not really an easy solution with something as open as emails, it's possible within corporations but I don't know of a solution between "random" people.
But outside of email and things that have to be unencrypted for interoperability, everything should be encrypted and inaccessible to the company so this situation is impossible.
I think the ship has sailed on the idea of electing people who will actually care about privacy of their citizens.
In this case the email address was the lead, but I wonder what other info would be enough to get the phone provider to spill the beans. For instance would an IP address used at a specific time be uniquely identifying if it was VPNed by Apple at that moment ?
Or a Google Ad cookie that could get correlated to other devices showing similar behavior (the same way Google tracks households or related accounts) ?
They do. It's often required by law.
I assume it could be easily challenged in court (network was compromised, “i give out my WiFi to anyone who visits my home”) without other supporting evidence.
> 2.5 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.
Irrelevant to the point. Proton Mail provided authorities with user data.
If you are doing battle with or an enemy of the state, much less an agent of the state acting in bad faith simple privacy will do nothing for you. Worse your misunderstanding of it is actually a vector, like in this case. The measures for anonymity you require will not incorporate fancy UIs, nice features, or even reasonable reliability at times because they will be sacrificed in the name of leaving no trace.
Like privacy is also meant to e.g. not disclose topics you have communicated about so that it can't be abused against you. For example there is a long history of states persecuting people for idk. being gay, believing in a certain religion or being a journalist which was involved in a unpleasant disclosure.
Still privacy and anonymity are two tightly related but different things. Mainly privacy of communication doesn't always imply anonymity, through sometimes does (and has too!).
Anyway it is foolish and somewhat strange to believe that a legally operating email service will protect you against judge backed lawful orders (no matter if it should be lawful or not).
Handing out metadata isn't even the worst which can happen, e.g. a judge might order them to make copies of unencrypted mails you receive or make copies of unencrypted mails you write or even undermine your encryption the next time you login.
They can try to dispute it and that alone does reduce abuse potential (if they operate in a place which still can be called a state of law) in the end especially for mail there is just no true privacy and even less anonymity.
Which doesn't mean their service is useless.
Just if you worry about political prosecution by EU countries, or do crime it's not protecting you.
I've emailed them to ask that they fix this. I also created a post on their user voice thing about it.
https://protonmail.uservoice.com/forums/284483-proton-mail/s...
TLDR; Proton Mail tells users to do this:
gpg --armor --export-secret-keys "${USER_ID}" | import-into-proton-mail
gpg --armor --export-secret-subkeys "${PROTON_ENCR_SUBKEY_ID}!" | import-into-proton-mail
gpg --armor --export-secret-subkeys "${PROTON_SIGN_SUBKEY_ID}!" | import-into-proton-mail
Anonymity is simply people not knowing who you are, not necessarily what you say. It's not privacy of communication, but privacy of identity.
I can post on the internet as Anonymous Coward, and those posts are public even though my identity is private.
I can encrypt an email and send it, and it will be picked up by all the relays. They can look up the source and identify me, but hopefully not read the email contents.
>The right not to be subjected to unsanctioned invasions of privacy by the government, corporations, or individuals is part of many countries' privacy laws, and in some cases, constitutions.
So according to Wikipedia, at least in some cases, privacy is protection against the state. Where does your definition come from?
GPs definition might as well come from wikipedia.
But the concept certainly doesn't mean that a business is going to help you cover your tracks in regards to data you've already shared. (in this case, the recovery email address)
If you give out your personal information, commit a crime, and ask that person to help you hide, you're not asking for anonymity, you're asking for an accomplice.
In the case of governments, private data is only hidden until the government decides that it needs to look for it (or ask for it). Anonymity means the data isn't there, regardless of whether the government decides it needs to, and has legal justification to, demand access to the data.
Anyone providing anonymity is only an accomplice if they know your intent. Simply not collecting data doesn't make you an accomplice, not collecting data with the intent of hiding someone else's illegal behavior does.
What matters here is what Proton promises and advertises to users/potential users vs. what it can actually deliver. I don’t know if Proton is more open about this, but hopefully this isn’t just buried in some long Terms of Service that almost nobody reads.
This is the main statement from Proton about their privacy protection. They say they obey Swiss privacy laws. So if one has a problem with Protonmail complying with Swiss law, maybe one should complain to Switzerland.
Public doesn't care mostly. Governments on the other hand...
You got a few days of Tor on each device; then they need to burn.
I really don't know what more you can do beyond making your own chat client. Internet is not a place for revolution.
Welcome do dystopia and hope that governments in developed world will not become too nasty (CCP-level nasty) too soon due to inertia.
While I get what you are saying, that is a little too black and white for the entire field. Privacy can be used to shield whistle blowers from the state.
> Once he got it, he asked Apple for information about this second email address, and got its name, home address, and phone number. Afterwards, the Civil Guard also asked the telephone company responsible for the telephone number who was the owner of the line, which matches the name provided by Apple. Also, they say they have found that this person is registered at the same address provided by Apple.
If your VPN is tied to a payment method then all you've done is give police one extra hop to follow to get at you, which wouldn't have saved this activist. Their list of VPNs only includes Mullvad in position 9 of 10, but as far as I'm aware it's the only one that offers payment methods that preserve your anonymity.
But you have to absolutely "air-gap" that from the rest of your identity, such as not making a proton e-mail address over TOR and then using your usual email address as the recovery one.
Most claim they don't, PIA even was subpoenad at least once and responded they don't have logs.
How are police going to find me behind that hop?
https://restoreprivacy.com/mullvad-vpn-says-customer-data-is...
Paying for a VPN account does not mean the VPN is going to start logging user activity. Keeping payment records does not equal logging user activity through VPN servers. And most of the big name VPNs allow for crypto payments.
> Under Swiss law, Proton Mail was compelled to collect and provide information on the individual’s IP address to Swiss authorities, who then shared it with French police.
They can claim all the privacy guarantees they want, but unless the privacy is guaranteed by cryptography, it's an empty gesture. Nobody is willing to do prison time to protect your privacy.
No, that was last year's issue.
This time it's:
> The core of the controversy stems from Proton Mail providing the Spanish police with the recovery email address associated with the Proton Mail account of an individual using the pseudonym ‘Xuxo Rondinaire.’ This individual is suspected of being a member of the Mossos d’Esquadra (Catalonia’s police force) and of using their internal knowledge to assist the Democratic Tsunami movement.
and
> Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
Just don't try to make encrypted email happen. It can't, and we don't need it to be. We have better solutions for encrypted communications, for those that need it.
or at least their favorite youtuber with the paid ads and zero domain knowledge of network topology
serious question I have is whether “internet reseller” is a compelling service. because that's all that VPNs are, and I dont mind paying to use them for that purpose.
Email content is encrypted and Proton Mail has no access
There’s a reasonable chance that they already had this info (possibly even cleartext email via an ISP lawful intercept), and the proton/apple jig whilst bad, wasn’t as bad as the real source
That's the strictest privacy policy any company can hope.
Proton Mail can't give email content, only things like email address, ip adressese etc.
Anything that is stored by anyone can be handed over. That information may be useful, may be useless or may be useless now and useful tomorrow when they have the key.
True, but they can trivially obtain them given they control everything in the browser.
The question then becomes, does the law allow compelling to that degree? Apple fought back in the San Bruno case, but they’re very well lawyered up
While we did use phone verification in the past, this is not the case any longer. Phone numbers were stored in the same way as the email addresses, so, again, we have no way to derive them back from the hash.
I've no reason to doubt this but brute-force cracking a hash known to be from a phone number would likely be pretty trivial.
Fwiw, I use protonmail and trust it more than most other services. But my threat model doesn't involve technically capable adversaries directly targeting me, certainly not ones that could compel protonmail to divulge phone number hashes.
This isn't true in practice. It's not hard to build a big list of ~every email address (give or take), and have a GPU churn through them all until you get a match.
If you've ever received a spam email, your email address is on such a list.
Unfortunately, it can and has been abused.
About the only way to even vaguely keep your email private is to use a self hosted server with GPG keys. And any lapse on security updates for that thing and you could be compromised almost immediately.
Beyond that I cannot think of anything more one could do.
I have always treated email as something to travels in the clear. My current provider (Fastmail) is compromised by authority. The Australian Privacy Act 1988 by being based in Australia and it gets caught up by PRISM as the servers are run out of New York.
If you continued using the account only through Tor, there wouldn't be any traceable info.
It did then prompt me to add an email and/or phone number as recovery methods, but that step was skippable.
Get one from your neighborhood coffee shop Wi-Fi, and pay cash for your coffee.
Also make sure to avoid CCTV...
https://www.forbes.com/sites/thomasbrewster/2023/08/08/proto...
Archive: https://web.archive.org/web/20230814144638/https://www.forbe...
This case is particularly noteworthy because it involves a series of
requests across different jurisdictions and companies, highlighting the
complex interplay between technology firms, user privacy, and law
enforcement. The requests were made under the guise of anti-terrorism
laws, despite the primary activities of the Democratic Tsunami involving
protests and roadblocks, which raises questions about the proportionality
and justification of such measures.I'll continue to use it despite some hyperbole on the site, but as long as my mail isn't being fed to an advertising engine it's a step up.
If you live in a country where homosexuality is illegal, and your local government is chasing you because of this, a Swiss company won't comply with data requests, and a Swiss judge has no reason to honour any data request.
If your local government is chasing you because of something that is recognised as a crime in Switzerland, then they will disclose data to foreign authorities.
Yup, until they receive a court order asking them to mitm an inbox, if they haven't already...
This entire system of "receive email in clear text but store it encrypted at rest" is smokes and shadows, really.
The former has distinctly less legal requirements than the latter, and authorities might be OK with keeping it that way, as metadata is already good enough in most cases.
It wouldn't technically be a MITM attack, they would just capture the incoming email. Tuta was famously forced to do that once by the German authorities.
While I agree this makes Proton unreliable for many things, there's no indication they were reading any emails.
If I wanted to conduct illegal activities I would not use my main account on it, at minimum.
Protonmail is a step up from Gmail/Outlook, but no more than that. You need more layers on top of it.
However.
What if say, russia/nk/china wants to catch somebody some journalist for speaking truth about their regimes? Or, like say, Jason Bourne exposing some IronHand in “democratic” country like USA? How can we protect good actors without enabling adversaries to do “bad stuff”? Is it even possible? I still don’t know the answer…
I have zero delusions however that they can protect me from state agents, let alone state agents with malicious intent. And I don't think it's realistic to expect that for the amount of money they cost. But that's fine with me - it's Joe from Marketing I'm scared about, and so far they seem to do a good job keeping Joe at bay :)
Par for the course at HN to have a "vaguely dislike-ish" relationship with Protonmail. Fastmail is the poster child of HN on the other hand.
I would guess the gist of it is that if you promise _any_ amount of security (or whatever feature), HN will nitpick you to death on not going 100% (despite the general improvement to your security). If you don't promise security at all, it doesn't matter that you're less secure than Proton. Something like that.
Gmail in that regard I've always perceived as worse - every few months or so they update their policy, linking to some gargantuan document that I can't be bothered to read, each time wondering how much of my soul I've sold this time around...
...and...
> The requests were made under the guise of anti-terrorism laws, despite the primary activities of the Democratic Tsunami involving protests and roadblocks, which raises questions about the proportionality and justification of such measures.
As I understand it, Catalonia has long desired for independence[1]. Is the Democratic Tsunami movement something different, entirely? If not, can someone fill-in the blanks of how vying for independence (in this case) gets umbrella'ed under terrorism?
[1] - https://en.wikipedia.org/wiki/Catalan_independence_movement
Edit: Accidental caps-lock on a word. My bad.
Its biggest action was probably at the Barcelona Airport in October 2019, a protest a couple of years after the Catalan independence election in October 2017. The election itself was deemed unconstitutional by the Spanish government. The registered voters/turnout of this election was 43.03%; where 92.01% voted for separation from Spain and 7.99% voted to stay within Spain –– see: https://en.wikipedia.org/wiki/2017_Catalan_independence_refe... –– but this was not a normal election by any means (read the link for more).
Typically the ANC –– see: https://en.wikipedia.org/wiki/Assemblea_Nacional_Catalana –– has been the leading organization in the independence movement. They have been organizing big independence rallies etc. and the actions has been peaceful (from what I've read and seen). The Democratic Tsunami based protests were different in this regard, where more direct confrontation was more the norm. From what I have read Democratic Tsunami is not particularly active at the moment, but of course this might change.
Also some members were arrested apparently planning even more extreme things.
The IRA and ETA were vying for independence too...
That said, I think it's crazy how much time the government wastes on this when the cities are full of petty criminals acting with impunity. Someone was stabbed to death outside my apartment just in a robbery and yet nothing changes.
OK, I think I grokked this. You might think that a Greco-Nipponese name for this organization poorly conveys Catalan nationalist pride. But in fact it quite effectively says "anything but Spanish". That's almost certainly the gag.
It is not up to corporations to decide which laws should be enforced, and this again shows how futile this specific kind of corporate resistence is.
Just change the law.
> In the police cooperation form requesting the information, the Spanish officers indicate to the Swiss authorities that the investigation is for the crime of terrorism.
What if my recovery email is to another proton mail account? What if my VPN used is Proton VPN?