ProtonMail filters this into its junk folder: New claim it goes out of its way to help cops spy

[steven36]

Secure comms biz says it simply follows the law – plus, there's always Tor

 

 

 

Updated ProtonMail, a provider of encrypted email, has denied claims that it voluntarily provides real-time surveillance to authorities.

 

Earlier this month, Martin Steiger, a lawyer based in Zurich, Switzerland, attended a presentation in which public prosecutor Stephan Walder, who heads the Cybercrime Competence Center in Zurich, mentioned the company. In a live-tweeted account of the event, subsequently written up on German and recently translated into English, Steiger said he learned that ProtonMail "voluntarily offers assistance for real-time surveillance."

 

But Walder, the source of the revelation, subsequently contacted Steiger to clarify that he had been misquoted and had only described ProtonMail as a potential provider of assistance.

 

Steiger maintains that he accurately reported what he heard and points to ProtonMail's own Transparency Report, which describes enabling IP logging in April in a case of clear criminal misconduct under Swiss law.

 

The key word here is "voluntary." ProtonMail says that it is obligated to assist authorities, like every other company in Switzerland and elsewhere. "All Swiss service providers are obligated by law to assist law enforcement in criminal cases, and the law requires us to enable IP logging in criminal cases," the company said via Twitter.

 

In an email to The Register, a company spokesperson dismissed Steiger's claims.

 

"ProtonMail does not voluntarily offer assistance," the company spokesperson said. "We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in all criminal cases. Furthermore, end-to-end encryption means we cannot be forced by a court to provide message contents."

 

Steiger's skepticism about ProtonMail security appears to follow from marketing non sequiturs – "ProtonMail is hosted in a former military command center deep inside the Swiss alps" – that fall short of testable technical guarantees.

 

He is argument focuses on the fact that message metadata can be as revealing as message contents, and there's some truth to that. It's extraordinarily difficult to communicate securely and anonymously over the internet, particularly if law enforcement authorities have access to relevant service providers. But that problem is not specific to ProtonMail.

 

The Register asked Steiger to comment but he didn't immediately respond.

 

Updated to add

Protonmail, clearly concerned that its privacy-focused customers might be freaking out a little, has explained its position in a blog post.

 

PS: ProtonMail has a Tor-based .onion service if you don't want your real public IP address tracked.

 

Source

[DKT27]

I wonder if it's alternative is any good at it.

[steven36]

4 hours ago, DKT27 said:

I wonder if it's alternative as any good at it.

It's the one i use the most  , I only use ProtonMail  for some sites  that  want take  Tutanota. But for talking to my friends  i use Tutanota. I never do anything to worry about the cops  besides  i always use vpn and made  all my emails in the last  8 years witch are the only ones i use now with a vpn .  Also  they in  Switzerland   so i'm not worried about them and like i say i hardly use  ProtonMail only i mostly use it for sites  that want accept  disposable  email  .  I have and app that work for both  ProtonMail and Tutanota E2EE email providers  on Linux  . Also   I have a Google Account  i made with a vpn  but never used it for email. For someone that don't live  in Switzerland  ProtonMail  is still a better choice than Gmail because of the EU data protection laws  . 

 

Privacy  is not as cut and dry as you can use any free service and really be safe you need to use layers of protection  . Switzerland  laws say they must collect ips  they cant read encrypted  emails  no way . If you  don't want them to log your real  ip when you sign in  don't use your real ip  and it's simple as that , Unlike Google  they a vpn /tor friendly email provider . Only reason i can use my Google Account with my vpn is i made it with it  and it  locked to the ip range i sign up with  if i use other ips they want a phone number to let me in  . That the same reason i stop using USA based emails  in 2011 and not used them since none are really vpn friendly and if you made and account with your real ip they have logs of were your at.