Climate activist arrested after ProtonMail provided his IP address

Disclaimer: Paying Protonmail customer<p>Their homepage says &quot;By default, we do not keep any IP logs&quot;<p>In 2021, any soft language like this should be a red flag for anyone who is against surveillance. Maybe in 2018 it was good enough. But in 2021 it&#x27;s not. Come on, Protonmail, you&#x27;re supposed to be leading the way -- don&#x27;t make me figure it out myself.<p>Replace immediately with &quot;By default we don&#x27;t log IP, but may be required to by local law enforcement. We recommend everyone connect through Protonmail through Tor. This month, 60% of our users connected through Tor&quot;.

Disclaimer: I have a ProtonMail account that I pay for.<p>I have seen a ton of disturbing pieces about ProtonMail. Every time I&#x27;ve looked into them, they seem to be maliciously motivated and usually not true, or otherwise twisting of the truth. This has been a confusing thing for me because why is there a small subset of people so vehemently against them?<p>In this case, I&#x27;m not surprised. They say quite clearly they can be compelled to collect IP addresses - including in the linked tweet. This seems like a pretty clear cut case of them being compelled to provide an IP address. What the authorities can&#x27;t do, is read that person&#x27;s email. And that&#x27;s what I and others pay for.<p>I&#x27;m not sure what there is to be upset about here? Other than perhaps France prosecuting this individual to begin with? If we had faith that ProtonMail wouldn&#x27;t hand over anything to the government, why would anyone even care about having encrypted emails?

for those who are curious,<p>this seems to be the reply from protonmail on reddit[0]<p>&gt;Hi everyone, Proton team here. We are also deeply concerned about this case. In the interest of transparency, here&#x27;s some more context.<p>In this case, Proton received a legally binding order from the Swiss Federal Department of Justice which we are obligated to comply with. Details about how we handle Swiss law enforcement requests can found in our transparency report:<p><a href="https:&#x2F;&#x2F;protonmail.com&#x2F;blog&#x2F;transparency-report&#x2F;" rel="nofollow">https:&#x2F;&#x2F;protonmail.com&#x2F;blog&#x2F;transparency-report&#x2F;</a><p>Transparency with the user community is extremely important to us and we have been publishing a transparency report since 2015.<p>As detailed in our transparency report, our published threat model, and also our privacy policy, under Swiss law, Proton can be forced to collect info on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account. Under no circumstances however, can our encryption be bypassed.<p>Our legal team does in fact screen all requests that we receive but in this case, it appears that an act contrary to Swiss law did in fact take place (and this was also the determination of the Federal Department of Justice which does a legal review of each case). This means we did not have grounds to refuse the request. Thus Swiss law gives us no possibility to appeal this particular request.<p>The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used). We will continue to campaign against such laws and abuses.<p>to me this seems like they did all the could in regards to handling this request.<p>[0]<a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;ProtonMail&#x2F;comments&#x2F;pil6xi&#x2F;climate_activist_arrested_after_protonmail&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;ProtonMail&#x2F;comments&#x2F;pil6xi&#x2F;climate_...</a>

I guess there isn’t much Protonmail can do if the prosecutor shows up with an ~Interpol~ Europol warrant.<p>I wonder what this “activist” did to earn himself Europol attention. At least before the world went insane, that would only happen for serious crimes.

Disclaimer: Paying Protonmail customer<p>I wanted to test how Protonmail is doing for new users I created an account from scratch just now over Tor.<p>1. Am asked to verify new account by entering a cell phone (edit: this is horrible. They lie and say account creation is anonymous, as pointed out by the poster below)<p>2. Upon login, &quot;Basic&quot; logs are selected which do not display IP. You can enable &quot;Advanced&quot; logs to log IP. I would suggest Protonmail make it crystal clear that these &quot;Basic&quot; logs do not store IP. In 2021, lies by omission are not good enough. Get rid of the soft language.<p>3. Their help page [1] says that &quot;Advanced&quot; (IP stored) logs are enabled by default. However, I created the account and it&#x27;s just the Basic (no IP) logs. <a href="https:&#x2F;&#x2F;protonmail.com&#x2F;support&#x2F;knowledge-base&#x2F;authentication-logs&#x2F;" rel="nofollow">https:&#x2F;&#x2F;protonmail.com&#x2F;support&#x2F;knowledge-base&#x2F;authentication...</a>

Protonmail customer here. Sigh. This is why I keep my own domain and can point it wherever I need. Dear Protonmail, email is fucking cheap and easy, I pay you $58 a year to solve stupid shit like this.<p>Vendors really need to figure out how to thread the needle of &quot;No don&#x27;t trust us&quot; but still encourage customers to buy. Protonmail failed here. Apple&#x27;s still very much in the &quot;trust no one but us!&quot; vibe, and it&#x27;s just not sustainable.<p>I&#x27;ll be switching my Protonmail use to default to Tor now. Open to Tor-first vendors...are there any?<p>I like how Brave has &quot;open in Tor&quot; displayed on Tor-mirrored sites. There&#x27;s even an option for &quot;Automatically redirect .onion&quot; sites too. Makes it easy to switch over.<p>What if Protonmail pushed their Tor services more? &quot;Guide to using Protonmail as privately as possible&quot;, have a switch for &quot;Private Mode&quot; that kicks you over to Tor&#x2F;download Tor.

I’m a web developer, and I assume a lot of HNers are too. So I’m really confused by the lack of understanding around IP addresses in the comments here.<p>Everyone realizes that, by default, literally just connecting to another service over the web, will expose your IP address?<p>It’s trivial to monitor and report your IP to the authorities, as soon as you login to ProtonMail, despite lack of “logging”.<p>Logs only matter for historical data. This legal request is impossible to &#x2F;not comply&#x2F; with.<p>Does anyone here have a feasible way to solve this? Or is it just a bunch of ProtonMail hating FUD?

Also mentioned in another submitted tweet:<p><a href="https:&#x2F;&#x2F;nitter.eu&#x2F;OnEstLaTech&#x2F;status&#x2F;1434575322465382404" rel="nofollow">https:&#x2F;&#x2F;nitter.eu&#x2F;OnEstLaTech&#x2F;status&#x2F;1434575322465382404</a><p>Translation: &quot;The company @ProtonMail delivered IPs of climate activists to the police, after which the activists were arrested and searched. ProtonMail claims on its website, however, that it does not store the IP addresses of its users.&quot;<p>Source (in French): <a href="https:&#x2F;&#x2F;secoursrouge.org&#x2F;france-suisse-securite-it-protonmail-a-communique-a-la-police-ladresse-ip-de-militant%c2%b7es-anti-gentrification&#x2F;" rel="nofollow">https:&#x2F;&#x2F;secoursrouge.org&#x2F;france-suisse-securite-it-protonmai...</a><p>Translation (via Google Translate):<p><i>The year 2020 and 2021 was marked by the establishment and repression of a series of occupations in the district of Place Sainte Marthe, in Paris, in order to fight against its gentrification. Some 20 people were arrested, three searches were carried out and several people were sentenced to suspended prison sentences or to fines of several thousand euros (more info here and here). In addition, seven people are on trial in early 2022 for “theft and degradation in assembly and home invasion” following the occupation of a with a file of more than 1000 pages. During the investigation, the police focused on the collective “Youth For Climate”. In particular, they were able to use photos published on Instagram, even if they were blurred because of the clothes.</i><p><i>The police also noticed that the collective communicated via a protonmail email address. They therefore sent a requisition (via EUROPOL) to the Swiss company managing the messaging system in order to find out the identity of the creator of the address. Protonmail responded to this request by providing the IP address and the fingerprint of the browser used by the collective. It is therefore imperative to go through the tor network (or at least a VPN) when using a Protonmail mailbox (or another secure mailbox) if you want to guarantee sufficient security.</i><p>(Disclaimer, Protonmail user.)

Has ProtonMail done anything wrong themselves, or is this just a case of them existing in the wrong country? If they refused to cooperate, could the government have just seized their servers and collected the data they wanted themselves?

So with FastMail under Australian privacy-bashing laws and now this, what are our options for secure, private e-mail?

This is strike two.<p>ProtonMail went under fire several months back about opting to use Google&#x27;s reCaptcha for login in a time crunch, rather than setting up hCaptcha even if it took a little extra time.<p>The tradeoff was cost vs. user privacy and they chose cost, which is NOT why a lot of us pay PM to begin with.<p>This is unacceptable, but unfortunately there are no alternatives that hit all the check marks PM has in terms of features.<p>The response of &quot;use Tor to connect&quot; doesn&#x27;t really help. If you so much as accidentally connect once with a normal IP, that&#x27;s enough to nab you.

&gt; IANAL, but I have a hard time seeing how young people squatting buildings in Paris is an extreme criminal case. In any case, I have an issue with this lack of transparency from ProtonMail, if any police service can ask them to log IP addresses, that is not anonymous<p>(Quote from the Twitter thread, by same author.)<p>Yeah, <i>that</i> is the problem. We don&#x27;t know who, we don&#x27;t know why, we don&#x27;t know shit. All we know is that the request took place. We don&#x27;t know if the request was or is justified. Those who trust police or dislike climate activism might say &#x27;of course&#x27; and those who distrust police or like climate activism might say &#x27;of course it wasn&#x27;t justified&#x27;. Meanwhile, police (Europol in this case) are not releasing details for the neutral readers to make up their mind, because they&#x27;re still fully in the investigation.<p>I&#x27;m very much pro-privacy, and actually I find the environment very important, but I also want to give Europol the benefit of the doubt. So I suspect a climate activist, using Protonmail, might&#x27;ve gone a step or two too far. And if Protonmail just runs some VPS in some other countries, they&#x27;ll have to abide by the law in these, on top of Swiss law. That a Swiss company has to cooperate with Europol because Europol has mandate in Switzerland is also a no-brainer.

I&#x27;m seeing a lot of comments along the lines of &quot;there&#x27;s nothing ProtonMail could have done in this case.&quot;<p>This is patently false. The first thing they could have done is not hosted their service in a jurisdiction susceptible to these kinds of logging requests, at least not openly. In other words, they could have concealed the location of their services.<p>Instead, ProtonMail is attempting to have their cake and eat it too: on the one hand, they repeatedly publicize the fact that they have &#x27;Swiss privacy laws&#x27; as a selling point, but yet on the other hand when a privacy violation such as this occurs, they claim that their hands are tied because of....Swiss laws.<p>It&#x27;s this two-faced behavior that is deplorable.

It always amazes me that there is this hardcore of people on hn who are so anti ProtonMail.<p>If you use gmail, It is my understanding that google ai will routinely read all your messages and add anything interesting to your profile so they can target you for ads. Law enforcement also has open access to everything in your mailbox all of the time.<p>ProtonMail don&#x27;t read your email but will supply metadata to authorities in response to a lawful warrant.<p>That still feels like a difference between gmail and ProtonMail. I pay for that difference, your money your choice.

We know that PM saves all kind of metadata and happily provides it to any kind of agency. You have to use an anonymous VPN service (obviously not ProtonVPN) in combination with ProtonMail, if you want to avoid exposure by PM.<p>ProtonMail lost it&#x27;s essence to be honest. As soon as my subscription runs out I&#x27;m gonna host my own mailserver instead. There are no advantages in using ProtonMail snymore.

This comment will probably get buried. But I’m a paying ProtonMail customer and I noticed a number of things that seem to indicate the company is doing things to enable user surveillance without it being directly attributed to the company.<p>1) Malware scanning services. I noticed that links in my email are sent to a third party to be scanned for malicious content. I never signed up for this service.<p>2) Mobile phone analytics. Using a third party for mobile analytics known to track users.<p>3) CDN: using a content delivery network in countries that do not have the same privacy requirements as ProtonMail’s corporate domicile.<p>Privacy is a gimmick for the company at the very least, a front at the worst. I still use them because I trust other companies even less.

I moved from Gmail to ProtonMail exactly because they were promising strong encryption, no logging of IPs and no data leaked outside for whatever reason.<p>I know that every IT company eventually turns into a bunch of creepy and greedy jerks that end up contradicting all of their initial &quot;don&#x27;t be evil&quot; statements. But please, Proton, don&#x27;t do this so early in the process. I&#x27;m tired of migrating from one jerk company to a we-are-not-jerks-yet company all the time. If it turns out that Proton really leaked the IP and device info of an activist to the authorities I&#x27;ll just go back to setting up my own mail server like it&#x27;s 1995 and f*ck all this madness.

Paying customer<p>I do not trust protonmail with my privacy. I only use them to sign up for various services, trying to escape the data mining google does.<p>Not sure I want to support a company that is dishonest however. I&#x27;m reaching the bye-bye point myself slowly but surely.

Cryptographers and developers need to step up their game...<p>There needs to be a messaging service where as well as the messages being encrypted, the graph of who is talking to who and when must be encrypted.<p>I&#x27;m imagining a system where your device forwards hundreds of messages for <i>other people</i>, hiding your own message flow.<p>I perhaps send a few hundred messages per day, and even multiplying that by 1000, and the typical message length of a few words, it&#x27;s still a tiny amount of data transfer.

If you think that&#x27;s bad, Tutanota was forced by the court to change their SW, so that all incoming e-mails for a specific account would be intercepted before encryption: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=27303712" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=27303712</a>

So ... squating a building and running a punk climate action is enough to de-anonymize a proton mail account? Jesus.<p><a href="https:&#x2F;&#x2F;twitter.com&#x2F;OnEstLaTech&#x2F;status&#x2F;1434661903293423618" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;OnEstLaTech&#x2F;status&#x2F;1434661903293423618</a>

Arrested for what? &quot;Climate activist&quot; seems like emotional manipulation.

I read here ProtonMail were compelled to log the IP by the authorities... Could they have done anything else? Could any sort of malicious compliance have been an out? Like: &quot;if we hear there is an investigation on you then we want nothing to do with your shit and we&#x27;ll delete your account&quot;?<p>I suppose this would land them in hot water, but there might be something else really clever?

Do we still like Runbox? Based in Norway. They claim to be the most secure email provider due to Norwegian laws:<p><a href="https:&#x2F;&#x2F;runbox.com&#x2F;why-runbox&#x2F;privacy-protection&#x2F;email-privacy-regulations&#x2F;" rel="nofollow">https:&#x2F;&#x2F;runbox.com&#x2F;why-runbox&#x2F;privacy-protection&#x2F;email-priva...</a>

Also a ProtonMail user. While I would prefer that ProtonMail never captures or divulged my ip and or logged my access I pay because I was a long time gmail user and am trying to ween myself off of alphabet in general. I don’t want my mail skimmed for ads or worse.

Why is a &quot;Climate activist&quot; being arrested?

Climate activist or general miscreant masquerading under the guise of climate activism?

What does Youth for Climate do that required arrest? I’m unfamiliar with them.

Question: is it possible they do not log any of the data but were required to capture it on the next login? All the talk here implicitly assumes ProtonMail provided historical information.

This same sort of issue came up with Tutanota a while back. What do people expect when law enforcement shows up with a valid warrant? Is the service provider supposed to open fire?<p>Anonymity (which is different than privacy) is something that can only be achieved in very particular circumstances for a limited time. It always involves work on the part of the person involved, usually ongoing. It isn&#x27;t something you can just go out and buy. Most people have no need of it most of the time.

Would be good to have some other sources for this story.<p>So a Swiss company has been apparently forced to provide details of a user who is under investigation by police in another country? I&#x27;m curious about the way that actually works, that a Swiss court receives a request from a foreign police force and a private company has no recourse to refuse or appeal the resulting order. Seems a bit weird to me, although I don&#x27;t know a lot about the legal system there.

Cases like this always remind me this XKCD:<p><a href="https:&#x2F;&#x2F;xkcd.com&#x2F;538&#x2F;" rel="nofollow">https:&#x2F;&#x2F;xkcd.com&#x2F;538&#x2F;</a><p>Technology people always want to imagine that technology will save&#x2F;deceive them.<p>Imagine a situation where some &quot;enemy of the state&quot; is using some &quot;secure&quot; service like &quot;securomail&quot; or similar.<p>Is it hard to imagine Police&#x2F;Interpol&#x2F;KGB coming to the offices of &quot;securomail&quot; and demanding providing IP addresses, no longer encrypting, installing malware for this particular user, etc? Or else all the C-level of &quot;securomail&quot; are &quot;helping the enemy of the state&quot; with all the consequences.<p>There is always this &quot;5$ wrench human layer&quot; which no technology will protect from.

&quot;By default, we do not keep any IP logs&quot; is obvious to mean &quot;We MAY keep IP logs&quot;... I don&#x27;t know how people read it as simply &quot;We do not keep IP logs&quot;. It&#x27;s on you if choose to use it and get busted doing something illegal with it. Protonmail is not or should not be a safehouse for criminals.

For those using Tor, the Onion v3 address is<p><pre><code> protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion</code></pre>

It seems that they were compelled by Swiss authorities to start logging a particular user (i.e., logging their IPs which were not logged by default). ProtonMail seems like a very bad actor in that case. Even if they must have to obey that order, they could have prevented the user explicitly before doing so.

Remember there was this: <a href="https:&#x2F;&#x2F;www.forbes.com&#x2F;sites&#x2F;kashmirhill&#x2F;2014&#x2F;09&#x2F;16&#x2F;satoshi-nakamoto-email-hack&#x2F;?sh=5125aeb41dd9" rel="nofollow">https:&#x2F;&#x2F;www.forbes.com&#x2F;sites&#x2F;kashmirhill&#x2F;2014&#x2F;09&#x2F;16&#x2F;satoshi-...</a>

Is Javascript required to sign up or use ProtonMail.<p><a href="https:&#x2F;&#x2F;www.wired.com&#x2F;2015&#x2F;10&#x2F;mr-robot-uses-protonmail-still-isnt-fully-secure&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.wired.com&#x2F;2015&#x2F;10&#x2F;mr-robot-uses-protonmail-still...</a>

You can disable the recording of login sessions in Protonmail&#x27;s settings dashboard. I do that, not only to avoid Protonmail learning of the logs, but by a hacker who, once upon breaching your account; also gets to learn the IP you use to login with.

You&#x27;re better of using some service in China that does log ip&#x27;s if you&#x27;re not living in China(not being part of the five eyes anglo sphere is the goal) and vice versa if you are living in China. Security via sovereign obscurity.

It seems the lesson here is to always use a VPN (or Tor) if you&#x27;re under such threat.

I don&#x27;t think that ProtonMail complying with the law here is in any way the problem. They simply have to.<p>However, in this case just as in a few other ones before this one, it has become pretty clear to me that ProtonMail&#x27;s marketing is deceptive at best an in a few cases some of their claims just blatantly not true.<p>What surprised me most is that when I pointed this out in the past, I was immediately attacked by what appeared to be like Apple-style fanboys, whole would not stand by anyone criticizing ProtonMail.<p>To this day I&#x27;m not so sure if that was just the genuinely zealous behavior of a few deranged individuals, or if it might have been a concerted commercial effort at damage control.<p>Either way, to me ProtonMail certainly is not what it claims to be (if not explicitly than at least implied). To me it&#x27;s just another commercial entity trying to make a profit by tapping a relative niche market while convincing gullible people they are something they actually are not, in any way that will make them a bigger profit. Nothing really shocking about that, and mostly just standard behavior for any other modern commercial entity operating within a capitalistic economy.

Honestly, as soon as I saw ProtonMail was all implemented in JS, I ran for the hills.

ProtonMail did everything they legally can to protect privacy. The user must do the rest (like use Tor).<p>They don&#x27;t log IP, but if ordered they have to. They can&#x27;t choose what criminal cases are sufficient. They have to follow the law.

ProtonMail&#x27;s blog post: <a href="https:&#x2F;&#x2F;protonmail.com&#x2F;blog&#x2F;climate-activist-arrest&#x2F;" rel="nofollow">https:&#x2F;&#x2F;protonmail.com&#x2F;blog&#x2F;climate-activist-arrest&#x2F;</a>

Proton’s reply makes sense <a href="https:&#x2F;&#x2F;protonmail.com&#x2F;blog&#x2F;climate-activist-arrest&#x2F;" rel="nofollow">https:&#x2F;&#x2F;protonmail.com&#x2F;blog&#x2F;climate-activist-arrest&#x2F;</a>

The only good answer to this is end-to-end encryption, keys held by the individuals, and full decentralization. You must not put your private communications into the hands of any company, as great as they are.

Activists challenging their governments should use services hosted outside the jurisdiction where they live. Europeans should use Russian or maybe American services and vice versa. And encrypt in transit.

So what exactly did the activists do which required an interpol notice?

Everyone in this thread is missing the real context and the information that has been coming out in the past 24h of the case. Read more here: <a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;ProtonMail&#x2F;comments&#x2F;pil6xi&#x2F;climate_activist_arrested_after_protonmail&#x2F;hbqha63&#x2F;?context=3" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;ProtonMail&#x2F;comments&#x2F;pil6xi&#x2F;climate_...</a><p>TLDR:<p>1. Protonmail received Swiss legal request that was based on proven legal grounds and thus had to comply with.<p>2. They started monitoring the user&#x27;s account and informed them that their data was requested. (Informing is required by Swiss law)<p>3. Only data Protonmail keeps by default is account creation date. Now they also logged the IP of the tracked account.<p>4. This IP information was given to the Swiss authorities.<p>5. The Swiss authorities gave this information to Interpol.<p>What should Protonmail have done differently here?

Is anything actually known about what he is charged with? It seems totally possible that he has committed a crime unrelated or semi-related to his climate activism.

looking at the original source (in French at <a href="https:&#x2F;&#x2F;secoursrouge.org&#x2F;france-suisse-securite-it-protonmail-a-communique-a-la-police-ladresse-ip-de-militant%c2%b7es-anti-gentrification&#x2F;" rel="nofollow">https:&#x2F;&#x2F;secoursrouge.org&#x2F;france-suisse-securite-it-protonmai...</a>), it seems it&#x27;s more anti gentrification protesters than climate activists as indicated by the title on HN

Protonmail is a company that was started by people cashing in on the CERN and Switzerland brands, not a company started by privacy activists.

And, as with hushmail about a decade ago, people will eventually learn that web mail clients cannot provide magic security.

Anyone up for creating a competing service? We could host the service in a country with proper privacy laws like Iceland.

Happy user of posteo here which claims to strip IP addresses and there IS no relation between accounts and payments. All government requests are transparently documented.<p>The web interface is roundcube, but if you just use IMAP, it could work for you.<p>No custom domains though for sending stuff, catch all redirects obviously work.<p><a href="https:&#x2F;&#x2F;posteo.de&#x2F;en&#x2F;site&#x2F;transparency_report" rel="nofollow">https:&#x2F;&#x2F;posteo.de&#x2F;en&#x2F;site&#x2F;transparency_report</a>

i&#x27;m swiss. i think it&#x27;s interesting to contemplate that, in 2021, being a pacific climate activist, namely sitting in front of a bank with massive investments in fossil fuels or that sort of things to attract attention on the science, will result in you getting the full treatment reserved to terrorists.

Run. Your. Own. Email. Servers.<p>Please.<p>That&#x27;s the only way to keep this specific part of the decentralised by design, old internet alive.

metadata, metadata, metadata… things we all like to ignore, especially those selling privacy in a bottle…

&gt; Now, of course Protonmail has to comply with Swiss law<p>Do they though? What about even less friendly states?

I&#x27;m looking forward to the day where email is not mistakenly used for clandestine communication.<p>Why hasn&#x27;t there been made a Tor-only, store-and-forward, text-only communication app? You&#x27;d think this would be a no-brainer for communities that need <i>real</i> private communications.

I&#x27;ve always said never trust PM. See Cryptome for more info.<p>Also, their VPN...

I&#x27;m surprised nobody questions the &quot;why&quot; did the police did that. A climate activist doesn&#x27;t sound like someone who requires strong police investigation. And, for that matter, not that strong since the police didn&#x27;t read the content of the emails but merely used one IP address.<p>But here, it&#x27;s not climate activist. It&#x27;s people illegally occupying private properties, iow squatting. They do it for political reasons, fine, but it&#x27;s illegal nonetheless.<p>Also, I&#x27;m a bit surprised that these are climate activist at work here since gentrification (the process they fight against by squatting) is not really a climate issue but more a problem (as I read it) of capitalism.<p>(now I understand the whole issue down here revolves around disclosure of expected-to-be-protected information, but well, there&#x27;s a big picture too...)

Is Europol legitimized to do that? If so, I think there needs to be a discussion because I don&#x27;t believe they have any mandate whatsoever. It is basically a criminal organisation because there is no accountability.

I&#x27;m also a proton mail user. It sounds like you have privacy as long as you don&#x27;t break any European law. That&#x27;s certainly not the &quot;Swiss bunker&quot; style of service I was expecting

The crime of the person arrested seems to be squatting a building in paris. The title was probably chosen with good intentions, but when I read climate activist, I imagined he committed violence.

Pretty sure it says right on their site that protonmail&#x2F;vpn cooperate with law enforcement when &quot;something obviously illigal&quot; is claimed. They have thousands of cases they give data on every year. The whole &quot;swedish court system&quot; is marketing. If they were legitimate they&#x27;d be talking about data center black boxes, why they were funded by NSA interests, how things actually works.<p>My bet is this, proton can&#x27;t actually afford to defend against thousands of court cases, so they comply. They can&#x27;t afford for their service to look insecure, so theyre selective in divulging how much surveillance they have to comply with.

okay.<p>so today we are redefining what &quot;not logging data&quot; means. it changes meaning when used in the same sentence as the expression &quot;by default&quot;. so by default, not logging data is not really not logging data.<p>we&#x27;ve redefined quite a few things in the past few months. will be interesting to see where we go from here.

Proble is not with ProtonMail. Problem is with the government arresting people for this type of action.

What are good alternatives?

I’m aware that this is a very silly sounding question, but I’m very confused about what’s going on here.<p>If the subject of this investigation had been using ProtonVPN to connect to ProtonMail, would this have (in a marginal way) protected their anonymity? If Proton<i>Mail</i> can be compelled to begin logging, surely the same must be said of Proton<i>VPN</i> right?<p>It’s interesting how many “privacy focused” companies tout being based in Switzerland as some big badge of honor, which a layman consumer such as myself is supposed to be really impressed by due to the overall reputation of “Swiss privacy laws.”<p>In practice, I’ve never been to Switzerland. I don’t know any person that has had any legal issues there, let alone someone that’s litigated a digital privacy case there. I do not speak German or French, and don’t know where to start when it comes to looking up specific cases or court proceedings, so I’d be extremely slow on the uptake of the actual ins and outs of how the Swiss privacy model works from a practical standpoint.<p>The “based in Switzerland” thing strikes me as a bit of a black box bit of marketing speak. How much time, energy and money did ProtonMail expend fighting this surreptitious logging mandate? Does “Swiss privacy” actualy mean anything if ProtonMail is happy to hand over your IP address when spooked?

For me, I NEVER expect protection from any governmemnt authorities. They have unlimited resources (compared to a regular person), and you can&#x27;t fight city hall, as the saying goes.<p>The reason I use tutamota (similar to protonmail) is to stop the Googles and Yahoos and hotmails from scanning all of my emails, using them to advertise to me, selling the information to advertisers. Could you imagine if the US post office opened up all your mail, read it, and sold this information to anyone who asked? Preposterous. And keep track and sell who you send stuff to and who you receive info from? Of course, if the government decided to monitor you regular mail, they could. Fine. Nothing anyone can do about that. But at least the USPS doesn&#x27;t read everything you send and sell that info to commercial entities.<p>So, that is why <i>I</i> use those types of services. I don&#x27;t want to be anywhere near Googlemail, or Yahoomail, or Hotmail, etc.

This is seriously messed up. Purely because their marketing has been very aggressive to promote total and complete anonymity, directly sometimes and mostly indirectly. If it’s true that the French wording makes it seem like they don’t keep logs at all whatsoever, then I believe the person arrested has grounds to sue them, and I would hope they do. But even if not, I consider their marketing is a total and complete dark pattern from now on imo.<p>Tremendously disappointed.<p>What’s next? Is ddg selling search data to google?

I knew they were snitch

&quot;We won&#x27;t store your IP, except when its sought by the government, which is the only reason you&#x27;d ever realistically pay for a service that doesn&#x27;t store your IP.&quot;<p>Brilliant!