I no longer trust ProtonMail

unless the post was edited it appears to be asking how vivaldi solved the problem.


Which post are you talking about? The one that was deleted?

no the one that was flagged and has to be clicked on to see the content.

Oh, that post could be interpreted in multiple different ways.

I wonder how many “community” flags it take to get a post silenced like that.

I don’t know, but I believe it depends on your trust level.

If it were me, I’d be looking deeper into what happened at ProtonMail, and what they’re going to being doing going forward - then making my decision based on that knowledge.

If the mail itself is still E2E encrypted, most everything ProtonMail logged in this case would still be available from outside sources IF sufficient warrants were involved. In other words, it’s all in logs somewhere - even if not at ProtonMail.

Given that everything else is essentially public knowledge, the security of the email bodies themselves would be the concern that I’d have.

I’m a mail server admin on a small server, and I can tell you pretty confidently that on almost every mail server - unless they explicitly tell you the data is E2E encrypted, or “encrypted at rest” using a key that only you have - somebody who hacks the server itself can download everything in your email account.

And at that point they have everything, regardless of the site’s privacy policy.

As pointed out above:

In the end a legal company cannot protect you from a legal request if they want to remain legal. End of story. If your threat model involves evading a legal system, a for-profit company is not going to help you.

The fact that it took a court order to compel ProtonMail to comply, in my book, is actually a net “plus”.

But if you want to move on, I’d be looking for another provider that offers E2E and “at rest” encryption, using a key that only you control.

1 Like

That’s absolutley not what the article (and original court ruling) states: The company has been forced to START logging some details for a specific account, not all accounts, because a crime was being committed.

To my knowledge nowhere on this planet there is an option to not comply with this.

So they are not doing “other governments work” but enforcing a Swiss law.

I don’t like it, but don’t think it’s an OMG THE WORLD IS ON FIRE problem.

The email is still e2e encrypted, no-one is able to get in there.

As a proton user myself (email hosted there) I still have no reason not to trust Protonmail. And will happily stay a customer until they break true e2e encryption.


This. 100%.

For those who are a bit security-conscious, it’s worth noting what’s typically encrypted with stuff like PGP and what’s not.

The headers are typically cleartext. That includes things like the to/from email addresses, CC recipients, and the subject line. These are required for SMTP to work properly.

So if you were hypothetically sending something to Frank Jones about a private / illegal activity, and your headers were:

To: Frank Jones <illegalactivityguy[at]provider[dot]com>
From: Your Name <illegalactivityplanner[at]provider[dot]com>
Subject: That really illegal thing we’re planning at [location] on [date] with [list of people]

that info is all likely in the headers somewhere. This means “they” know the other person is named “Frank Jones”, and they have your name - right in the message header. Much better to send the message without the friendly “To” name, and with a more less-specific subject:

To: <illegalactivityguy[at]provider[dot]com>
From: <illegalactivityplanner[at]provider[dot]com>
Subject: That thing

And of course with standard SMTP the IP address of every server the message passes through - including the origin mail client - is in those headers too. If the message bounces, depending on the config, copies of it also frequently get sent to various mail server admins so that they can troubleshoot the problem.

These are good reasons for E2E and at-rest encryption, if you’re concerned about that sort of thing. And if your provider doesn’t explicitly offer it, you can assume you don’t have it. :slight_smile:


as he said :slight_smile: … (20 char and so on)

1 Like

It’s my understanding that the Swiss authorities wanted the sender’s IP address. With that in hand it’s not very difficult to track down the person sending the emails.

That’s my understanding too.

With webmail I usually don’t see the end-user IP included in the headers - but, quite literally, any webmail provider that hasn’t explicitly promised otherwise absolutely has that information logged somewhere.

And as in this case, said provider can nearly always be compelled to log that information by authorities. Most of the time, the authorities can also compel the provider to not disclose that they’re doing so.

So are you saying that it is actually impossible to send someone a completely encrypted message? I imagine that Signal, WhatsApp and just about any service logs meta data.

Thinking about the logic it’s obvious that to send anything to anyone it needs to know where the message needs to go and the logs plot the course. So one would assume the only thing you can really encrypt is the body of the message?

Perhaps a phone call is better or a physical letter!!

Phone calls can be traced and tapped too.
Meet in Person and then talk with no electronics around.

Exactly. Any communication that goes through a third-party provider, by definition, would require that provider to - at a minimum - have some sort of “from” and “to” as the message is being transmitted.

If the message isn’t encrypted, they’d also have the entire message contents available to them. if the service is E2E encrypted and highly anonymous it’s entirely possible the provider would only really know something like “account 1235234957 at IP sent a message to account 1234807223 at IP at 3:17 PM on 5/8/2021”.

The provider would know that, but they’d be free to not log it. Or they could scrub the data after the fact. But a government demand could compel them to log it or produce it, which seems like exactly what happened with ProtonMail.

Of course the parties doing the communicating could theoretically use Tor / VPN / other methods to mask their IP addresses, which would make following their digital trail more difficult.

Keep in mind that phone calls are traceable as well. Given that the modern post office does OCR scanning on mail to determine where it goes, it also wouldn’t shock me if they had records of some sort - but I can’t confirm that.

We could bring back carrier pigeons, perhaps? :smiley:

1 Like

To wit;

Because I was curious, I did some Googling….

1 Like

I assume this means the Postal Service photographs the envelopes and the package containers, not the contents (although I suppose they could be compelled to open certain correspondence).

In a sense this is just like an ISP logging email metadata.

1 Like

They do, the name of the program is called “Informed Delivery”. I just might know someone working on the project. All about images, processing, and going from using a bunch of humans to AI use cases. The Postal Service is going to save a lot of money. Actually quite remarkable…

1 Like

Does anyone remember when the US intelligence community came out and said they don’t “need” to listen to calls post 9/11? Don’t know if that was entirely true, but part of the justification for that was because the metadata is actually just as, if not more valuable than the data itself. I’ve seen plenty of use cases where there have been requirements to capture traffic on the wire and we’ve gotten around it by doing metadata analysis.

Think about it like this, companies are doing analysis on encrypted traffic to look for malware without “break and inspect”; and it’s not new tech. You analyze what you do know, make fingerprints, and you can infer that the traffic is bad with a surprisingly high degree of accuracy. I’m no data scientist but I’ve worked on these types of solutions for years.

1 Like