Clarifications regarding arrest of climate activist

Recent and related:<p><i>Climate activist arrested after ProtonMail provided his IP address</i> - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=28427259" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=28427259</a> - Sept 2021 (552 comments)<p><i>ProtonMail logged IP address of French activist after order by Swiss authorities</i> - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=28433131" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=28433131</a> - Sept 2021 (139 comments)

I understand the points about having to comply with laws. But what is is unjustifiable is my view is that their marketing does not match the reality. They probably did some A&#x2F;B testing and saw that keeping vague promises about not tracking users increases conversion rate. You, as an HN reader, being in the top 0.1% of the population in terms of tech-savviness, may be able to read through the nonsense and understand how little it means when they say &quot;by default, we do not keep any IP logs&quot;. But the other 99.9% of the population won&#x27;t understand it, and that&#x27;s why their marketing strategy works: they are selling a level of privacy that does not exist to customers who do not know better without <i>technically</i> lying.<p>Their threat model and all threat scenarios should be front and centre on their front page and sign up page. That is if they care about user privacy not just the bottom line. They have a choice between better-informed customers or more money, and so far, they have chosen the latter.<p>What this and the new Apple debacle have proven to me is that privacy is not a product that can be purchased. If you want real privacy, you have spend a lot of time learning how to preserve your privacy. No matter what Apple and ProtonMail and similar companies tell you, you cannot buy privacy off-the-shelf.

They claim to have exceptionally good Tor support, when in reality people have (rightly) been screaming at them for years now to fix their permabroken Tor signup flow.<p>1. It&#x27;s impossible to <i>create</i> a paid account with cryptocurrency: You can only use it to pay for an <i>existing</i> account<p>2. It&#x27;s impossible to anonymously create any account over Tor: You have to at least pass SMS &#x2F; secondary email verification, and it better not be an easy to get address (&quot;Email verification temporarily disabled for this email domain&quot; etc.)<p>Lots of marketing and boxticking (.onion: check), but it looks curiously hostile to anonymity if you actually try to use it.

&gt; Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.<p>This is false.<p>Each time you visit protonmail you re-download (cache can be invalidated) their client. It would be trivial for them to serve a specific user a modified client which uploads their encryption keys.<p>This problem is not specific to protonmail, any service which contends to be secure with respect to some server (the protocol relies on the client to decrypt stuff the server cannot) can be compromised this way because of implicit trust in the client software which can be modified at any time with no notice - making any auditing entirely meaningless in the case of targeted attacks.<p>This problem should perhaps be addressed by browsers since it seems they are becoming pseudo operating systems.

Throwaway.<p>As the manager of various accounts used by environmental and social activists on Protonmail, this is really bad.<p>I understand they have to follow Swiss law, but surely there are higher standard and processes than: police forward foreign request. Don&#x27;t challenge or question, just do task required.<p>Interpol requests are not as universally recognized as what some people here are alluding to. Countries can file these requests with interpol but it&#x27;s up each country to determine if they act or recognize the request.<p>If the Chinese government files 500 requests via interpol and the swiss police merely pass them on the proton, will proton mail automatically comply and install malware on their client on targeted accounts?<p>I hope this is not the case but I expect this to be clarified. On th face of it, organizing an occupy protest hardly seems to pas the bar of &quot;serious criminal cases&quot;

Here is what is written in the police report, and it doesn&#x27;t look good for Protonmail: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;OnEstLaTech&#x2F;status&#x2F;1434576598418796549&#x2F;photo&#x2F;3" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;OnEstLaTech&#x2F;status&#x2F;1434576598418796549&#x2F;p...</a><p>It&#x27;s in french but here is a summary: Law enforcement contacted Protonmail directly and the company told them to use the &quot;Europol channel&quot;, which law enforcement did.<p>Protonmail then provided the date when the account was created, the IP address (Not clear if it is the one when it was created or last login) and the &quot;device&quot;, I suppose they are talking about the user agents.<p>Please keep in mind that companies can charge processing fees on law enforcement requests. I would really like to know if ProtonMail is earning money on this.

Does anyone have information on what the climate activist is accused of? This is the only thing I&#x27;ve found:<p>&gt; For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying premises rented by Le Petit Cambodge — a restaurant that was targeted by the November 13th, 2015 terrorist attacks in Paris.

I&#x27;m not quite following:<p>&gt; ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.<p>But the arrest was by the French police. So the Swiss government used a warrant to get info from PM and then passed it to France because the charges passed muster under Swiss law (&quot;Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)&quot;)?

This is the exact kind of clarity that was needed for users to have confidence in their understanding of Protonmail. Andy Yen (Proton CEO) is a very thoughtful communicator and is making the world better.<p>At some point everything on the internet becomes local, because people and businesses eventually must exist at a location in the real world. Proton is always going to be subject to local law enforcement wherever they are based.

Disclaimer: Paying Protonmail customer<p>This is a weak response. &quot;What we&#x27;re changing&quot; isn&#x27;t specific. It&#x27;s a &quot;our shit doesn&#x27;t stink&quot; kind of reply.<p>&quot;What we&#x27;re changing&quot; should be far more specific. Start educating users about Tor on your homepage.<p>Start blogging about Tor more than once in 2017. Have a score for how many users log in through Tor. Have a score for how many times your privacy policy is loaded.<p>Stop claiming to be the best simply because you have a Tor site with an old version of your app. That&#x27;s not good enough.<p>I&#x27;m looking for leadership. Protonmail is clearly an &quot;explainer&quot; more than a leader. I&#x27;ll keep my eyes peeled for whoever comes along to replace them.

&gt; Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding.<p>They’re not explicit with regards to the activist, this would mean the activist was notified upon ProtonMail receiving the request?<p>I’m not sure there’s much you can do but lawyer up if you receive such a notice, but potentially the activist could have immediately started using Tor (maybe too late though, because to read the notice they might have already leaked their IP).

Disclaimer: I am a paying customer.<p>Very classy post. To-the-point. There are limitations with digital services.<p>If you don&#x27;t like what happened, you need to change things. They only way to change things is to change the law. This begins with voting.

So in other words, protonmail is only safe if you use it for tax evasion, as there the swiss authorities won&#x27;t help foreign governments.

I don&#x27;t understand why it is so hard for people on HN to understand that &quot;no logs by default&quot; is perfectly compatible with &quot;if the government orders us to turn on logs, we must&quot;.

No company or organization can sustainably stop a determined government request that they continue to operate in financially or physically. It doesn&#x27;t matter what the company says at some point they will be forced to either shutdown or give in eg lavabit(1). The government can trace and stop the flow of all or most of their money threating their primary motivation for the business. Or they can physically detain people or equipment required to function.<p>the only way for an entity to never comply with government orders and continue to function is to remain anonymous and their servers accessible only via temporary addresses or tor since static ip&#x27;s and domains can be taken away. Making it impossible for receiving email and more effort than the average person would want to access. It then becomes a catch 22 as you cant fully trust an anonymous, transient entity since their motivation can never be verified(they could be a honey trap), they can rarely be held accountable if they betray you, and they could be replaced or compelled to comply without anyone knowing(someone part of a visible physical social network could have friends put out a warning if something suspicious happened to them).<p>What it comes down to is what we already know. they only way to be sure your email provider wont hand over your emails is to run your own email server anonymously. For anyone who cant do that protonmail is still likely the best choice even if its imperfect. plus adding whatever other layers of protection on top you are capable of.<p>1. <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Lavabit" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Lavabit</a>

This follows <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=28427259" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=28427259</a>

What does the word &quot;activist&quot; mean in this case? What form did the activism take, that a criminal case was opened?

Heres the issue with Proton&#x27;s marketing that no one is mentioning. The CEO keeps making claims about &quot;Swiss law&quot; as if it is something to be desired. However he never adds any citations to the relevant laws or their interpretation. This seems strange because #1 How many Proton customers know anything about Swiss law (how many can even read German or French^1) and #2 The CEO is not a lawyer, he is a physicist.<p>It seems prudent that Proton customers would want to have a look at those &quot;Swiss laws&quot; (a) to see what sort of protection they offer and (b) to make sure they dont violate one. In the case of (b) the customer will potentially lose all privacy protections, as emphasized in this announcement.<p>1 It appears that Swiss law is conveniently published in English however the English translation is not what Swiss courts use.

Any company large enough _will_ have to deal with compliance at some point, that&#x27;s why most devs in large software companies have to take these silly &quot;exams&quot; every year telling you to not plug a USB key you found on the floor in your company laptop, even if it should be very obvious to most.<p>I&#x27;m seeing a lot of people here that are surprised by the fact that even a company who has privacy as their main marketing point has to deal with compliance, but really, unless you host your own mail server, you just can&#x27;t guarantee your own privacy.<p>I don&#x27;t generally advise hosting your own mail server due to all the troubles that come with it, but this is really one of the only ways I can think of where you can achieve a decent enough level of control when it comes to exchanging emails.

The crux of the matter is very simple: do not break Swiss law when using ProtonMail.

Someone needs to build &quot;CanaryEmail: Safe, Secure and Informed&quot;, where every time I login I can see an up to day message &quot;We do not have any request from Law Enforcement regarding your data&quot;, &quot;We do not have any request from Law Enforcement regarding your logs&quot;, etc.<p>I would definitely love to switch to something like this.<p>Edit: in addition, every time there is a new javascript library installed, user need to have confirmation if he&#x2F;she wants to proceed. Otherwise it could be email provide on behalf of LE under their enforcement installing middle man.

My problem isn’t that ProtonMail followed the law, it’s that the company’s marketing has gone to extreme lengths to hide what exactly it will log (when compelled by the courts) and when it will fight.<p>It’s also concerning, legal or not, that logging was required in this case, which is not about drugs or the murder or corruption. But climate activism. By very young people. If the Swiss police will demand that data for something so small, that’s a a concern about trusting their laws and authorities to be “better” than the alternative.

Ha ha. For years HN was almost fanatic about ProtonMail. It is funny to see how things change 180 in a day. Same thing happened to Apple with CSAM.<p>Seriously I thought I was the uncool kid for not using ProtonMail and some other HN favorites. In the end, they are all someone&#x27;s server with unknown connections. Do not trust other companies no matter what. Period.

It appears they didn&#x27;t start logging until ordered to.<p>So, this might be in line with their policy of not having logs by default- but I have to wonder if this applies to phone numbers(which the crowd that signs up using VPN&#x2F;TOR reports that they&#x27;re required to provide).<p>If they don&#x27;t keep that info, then Protonmail would be solid as long as you access it via VPN well before a order tells them to start monitoring the IP.<p>I&#x27;m also curious, I see here they do this for spammers - there is no way, a better system can&#x27;t be created to &#x27;verify&#x27; users against spammers ,since I see their logic here that spammers are why they do it <a href="https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;ProtonMail&#x2F;comments&#x2F;phnyd9&#x2F;why_is_proton_so_heavily_recommended&#x2F;hbt8mu8&#x2F;" rel="nofollow">https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;ProtonMail&#x2F;comments&#x2F;phnyd9&#x2F;why_is_p...</a><p>I&#x27;m aware that every other major email provider bans your account if you don&#x27;t provide a phone umber shortly after account creation, such as Outlook for example. (Others require phone numbers up front, and all of them ban VOIP numbers)<p>We&#x27;re nearly at the point that you can&#x27;t email anyone without providing your phone number or other details...I know social media is already like that.<p>One thing i noticed, For things like Discord even, if you make an account, give them a non-major email address and they then force you to give a email, or else you can&#x27;t sign in to that formal account. for now one can still use a permalink to get to a discord server without having to make an account...for now..<p>Protonmail is a standout if they don&#x27;t log any of it, and still the best option left in the world, but this is still a icky situation.<p>I see also they point out Swiss law means this cannot happen to the ProtonVPN service, as email providers are specifically legally in the situation they have to allow active monitoring. Not for Swiss VPN providers...<p>And one needs a &#x27;big&#x27; email provider address, or else it gets rejected by multiple services now that require a email address for sign up or usage.<p>I hope they clarify that payment details &#x2F;phone numbers of TOR&#x2F;VPN users doesn&#x27;t get logged, like IP addresses, by default. Also, more importantly- that they move forward in fully dissuading spammers, and remove the phone requirement of people signing up anonymously

&gt; 5. <i>Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. More information can be found here.</i><p>This is subject to carve-outs of course, but it would be interesting to see how PM seeks to achieve this.

&gt; 6. Under current Swiss law, email and VPN are treated differently, and ProtonVPN cannot be compelled to log user data.<p>So, they could offer the service only over Tor and their own vpn (possibly adding in mullvad&#x2F;Firefox and a few others to the whitelist) - and the email logs would be less useful?<p>Ie: build vpn into the email app?

If law enforcment can order to log IPs, could they tell Microsoft that there is an Windows user with specific e-mail address (which that user uses as windows login) and order them to deploy Microsoft signed update only to that user devices with embedded trojan written by some three letter agency ?

I don&#x27;t think this clarification is sufficient for the weasel words in their advertising&#x2F;marketing.

Maybe posteo as alternative? But, really, self~host. I know I&#x27;m a perv, but, since rspamd came along, I like doing my own mail. PS. Maintain qmail&#x2F;courier and postfix systems available as hidden services. Have crypto lists with schleuder.

A service must be paid for. And if a payment is done, it is connected to a real person. THE END<p>No matter what PM promises, without addressing this issue it is all bull.<p>Ladar Levison from Lavabit (Snowden email case) tries to square this circle to provide safe services.

&gt; Due to Proton’s strict privacy, we do not know the identity of our users, and at no point were we aware that the targeted users were climate activists<p>I don&#x27;t understand what this is about. Would they had refused to comply, was that the case?

&gt; Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.<p>This is false. Just like LE forced them to turn on IP logging on someones account, same LE can force them - by law - to install some javascript code to AJAX back home the unencrypted content of the email once the client opens their email. How stupid do they think people are??<p>&gt; There was no legal possibility to resist or fight this particular request.<p>WTF? So Switzerland is a fascist or authoritarian state now that you cannot take your own Government (in this case LE) to court and argue in front of a judge? I thought there is a separation of power in Switzerland, no? Then why the heck did Protonmail chose Switzerland to host their mail if they are being so oppressive?

Maybe a bit off topic, but is Mixmaster&#x2F;Mixminion still a viable option? I can still remember playing around with Mixmaster many years ago but mail delivery was not 100% reliable.

Can the Swiss Government still claim neutrality after this?

I&#x27;d like to know who the activist is and what the alleged crime is. The bar is set very high for Switzerland.

&gt; Due to Proton’s strict privacy, we do not know the identity of our users, and<p>That is not something I&#x27;m ready to believe.<p>I remember trying to sign for a protonmail account a while back.<p>At some point in the process, they do ask for a valid cell phone number, which, unless you go to the length of getting a burner (not easy in many European countries except maybe the UK) basically means they know exactly who you are.<p>When I saw this, I walked away.<p>&gt; under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation.<p>There&#x27;s complying with the law like a good little sheep, and there&#x27;s acceptable civil disobedience.<p>In this specific instance, proton should have taken the latter approach.<p>Take the fine, go to court, fight the injunction tooth and nail, make sure that even if they lose, the Swiss govt. knows the kind of fight and waste of time and money they&#x27;re in for each time they come knocking.<p>They just bent and complied like good little boys.<p>Now their business model is compromised, serves them right.

I&#x27;m angry and ready to switch. Who&#x27;s the best alternative?

I imagine protonmail users would like to know exactly what types of data are provided to authorities if they are compelled to provide it.<p>Is it a list of access time, IP tuples? Is that it or more?

Non-expert here.<p>What are the best alternatives to ProtonMail?

From their website, regarding Onion:<p>&quot;...we are one of the only email providers that supports this). &quot;<p>What now?

TL;DR They don’t log IP addresses. But they can be compelled to by Swiss law and they cannot NOT oblige as it’s trivial for them to do at various levels in their stack without even needing to modify their software. So they advise you to use their onion address if you need to anonymity.<p>Don’t know why they can’t plonk a tcpip-&gt;tor-&gt;ProtonMail reverse proxy in front of their infra offering this facility to every connecting client, and transparently. After all, their services (including ProtonVPN) already support tor to some extent.

It seems like they could&#x27;ve simplified their explanations about only Swiss law applying by simply recommending Swiss users go elsewhere.<p>It seems like the safest way to use email is to use email operated outside your own country.

if you think your email provider is immune to search warrants, thats your first mistake... how about dont use email to conduct your illegal business?

I still do not understand what is point of ProtonMail: they are same as others. Google, MS or Apple will not sent your data to gov without court order. ProtonMail is the same.<p>And I bet that these big corporations have better security.<p>Please advise…

As always, the root problem is abuse of citizens and the law perpetrated by the government. Using terror laws to go after a climate activist is peak authoritarian for western democracies so far. Our climate is failing and instead of listening to those speaking up they jail them.

&gt; We are also deeply concerned about this case and deplore that the legal tools for serious crimes are being used in this way.<p>Good PR job! Instead of saying &quot;okay we remove &quot;by default&quot; from our marketing materials because yeah if LE ask us to start logging, we gladly do whatever the case against someone is, i.e. jaywalking&quot;, they simply post a fake outrage in hope to minimize people leaving them. Well, I wasn&#x27;t to, but now after this blog, I am moving away my 8 domains on platinum account. I mean seriously Google Suite is $6 per month, so why the heck should I need this fancy email hosting in the middle of Switzerland mountain BS, if at the end of the day they will comply with everything LE will throw at them, and then some. Seriously at this point it looks like Google legal arm is better at trying to fight subpoenas against you and force LE to show serious crimes, than Proton is.