ProtonMail removed “we do not keep any IP logs” from its privacy policy

ProtonMail offers end-to-end encryption and a declared approach to privacy for its email service, offering a user interface quite similar to that of more conventional services like Gmail.
Enlarge / ProtonMail offers end-to-end encryption and a declared approach to privacy for its email service, offering a user interface quite similar to that of more conventional services like Gmail.

This weekend, news broke That security / privacy-focused anonymous email service ProtonMail handed over the IP address and browser fingerprint of a French climate activist to the Swiss authorities. This move apparently contradicted the policies of the well-known service, which as recently as last week set that “by default, we do not keep any IP logs that can be linked to your anonymous email account.”

After providing the activist’s metadata to the Swiss authorities, ProtonMail removed the section that promised there were no IP logs and replaced it with one that read: “ProtonMail is an email that respects privacy and puts people (not advertisers) first. “

No registration “by default”

As usual, the devil is in the details: the original ProtonMail policy simply said that the service does not keep IP logs “by default”. However, as a Swiss company, ProtonMail was required to comply with a Swiss court order requiring that start record the IP address and browser fingerprint information for a particular ProtonMail account.

That account was operated by the Parisian chapter of Youth for the climate, which Wikipedia describes as a Greta Thunberg-inspired move focused on school students skipping classes on Fridays to attend protests.

According to multiple statements ProtonMail issued on Monday, he was unable to appeal the Swiss demand for IP registration on that account. The service was unable to appeal both because a Swiss law had been violated and because “serious crime legal tools” were used – tools that ProtonMail does not believe are appropriate for the case at hand, but is nonetheless legally responsible for complying. .

Break your Tor browser

In addition to removing the misleading, albeit technically correct, reference to the “default” logging policy, ProtonMail promised to emphasize the use of the Tor network for activists. The new “your data, your rules” section on the ProtonMail home page links directly to a landing page that adds information about using Tor for access ProtonMail.

Using Tor to access ProtonMail can accomplish what ProtonMail itself legally cannot: obfuscation of your users’ IP addresses. Since the Tor network itself hides the origin of the network from users before packets reach ProtonMail, even a valid subpoena cannot get that information out of ProtonMail, because it never receives it in the first place.

It’s worth noting that the anonymity Tor offers is based on technical means, not policy, which could serve as a textbook example of a double-edged sword. If a government agency or other threat may compromising the Tor nodes your traffic passes through in a way that offers you a way to trace origins, there is no policy preventing such a government from doing so, or using that data for law enforcement purposes.

ProtonMail also operates a VPN service called ProtonVPN and notes that Swiss law prohibits the country’s courts from forcing a VPN service to register IP addresses. In theory, if Youth for Climate had used ProtonVPN to access ProtonMail, the Swiss court could not have forced the service to expose its “real” IP address. However, the company seems to lean more towards recommending Tor for this particular purpose.

There’s a lot an email service can encrypt

ProtonMail is also careful to point out that although its user’s IP address and browser fingerprint were collected by Swiss authorities acting on behalf of Interpol, the company’s email guarantees content privacy was not violated.

The service uses end-to-end encryption and deliberately does not possess the key necessary to decrypt the body or attachments of a user’s email. Unlike the source IP address and browser fingerprint, collecting that data is not possible simply by changing a setting on the company’s own servers as required by a court order.

Although ProtonMail can encrypt the body of email with keys that are not available to the servers that process them, the SMTP protocol requires that the sender of the email, the recipient of the email, and the time stamps of the messages be accessible from the server. Accessing the service through Tor or a VPN can help hide IP addresses and browser fingerprints, but the service may still be legally required to provide any of those fields to the Swiss authorities.

Also, email subject lines could It will also be encrypted without breaking the SMTP protocol, but in practice the ProtonMail service does not, which means that the relevant courts can compel the service to provide that data as well.

ProtonMail listing image

Leave a Reply

Your email address will not be published.