What data? Here it is the IP address and only under order by authorities.
Whatever they gather. It says as much in the article; they started recording IPs once a request by the Swiss government came through.
ProtonMail can’t directly share data with foreign governments. In fact, doing so is illegal under Article 271 of the Swiss Criminal code. The police gained access to the IP address because Swiss authorities chose to cooperate with the French government. ProtonMail also points out how Swiss authorities will only approve requests that meet Swiss legal standards.
Under Swiss law, ProtonMail should notify the user if a third party makes a request for their private data and if the data is for a criminal proceeding. However, there’s a big catch/ loophole here. On its law enforcement page, ProtonMail highlights that the notification can be delayed in the following cases:
That’s based on the currently available laws. So if a law gets drafted that says “if we suspect someone to be complicit in criminal activity we want you to gather more data” we should just be fine with that because the authorities say so? Because the authorities are always infallible and incorruptible, right?
The details of this individual case isn’t the problem, it’s the precedent it sets that is. When Mullvad got raided for their logs there was nothing recovered because they don’t store anything. Proton stores things based on if the authorities ask them to, and when they find out that it wasn’t a terrorist or child-trafficker they go “woops we had no idea the account belonged to a climate activist.”
ProtonMail does not log things by default, but they can still be court ordered to do so by swiss authorities - if you want to run any business at all, you have to submit to a jurisdiction, you can only choose which one to run under. And even if your chosen authority is alright by itself, it can still be misled by other jurisdictions like the French did, using the terror-cudgel against climate activists.
I can also recall that in this case Proton said that had their user actually bothered to use any VPN, even Proton’s, there wouldn’t have been anything to give to authorities except for an exit node IP.
Proton said that had their user actually bothered to use any VPN, even Proton’s, there wouldn’t have been anything to give to authorities except for an exit node IP.
“She shouldn’t have dressed that way.”
Proton could do better, and it’s ridiculous that there are people out here okay with them not doing better.
Our legal entity is in Sweden, where the law does not allow for any government to force us to spy on our users.
You’ll agree that Proton doing better would require them to move to a different country, right?
Also Mullvad doesn’t offer email accounts, does it? Seems that they couldn’t have a ‘no user data’ policy if they did since the emails would be exactly that.
You’ll agree that Proton doing better would require them to move to a different country, right?
I’m okay with this. Sweden isn’t exactly known as a bastion of freedom. Our current minister of equality (Liberals) is pushing for a porn ban. The EU proposal colloquially called “Chat Control” was originally put forth by the Swedish EU Commissioner Ylva Johansson who belongs to the Social Democrats.
Also Mullvad doesn’t offer email accounts, does it? Seems that they couldn’t have a ‘no user data’ policy if they did since the emails would be exactly that.
You’ll forgive me if I don’t feel like it’s productive to repeat myself, but if you genuinely care for a response you can view it here: https://pawb.social/comment/18804733
Right, because corporations are widely known for going to prison when they break the law. Where exactly did they imprison Facebook for interfering in elections? Running illegal experiments on people? Pirating books and pornography? Surveilling children and selling their data?
Look at Mullvad. They’ve denied access to their data multiple times, they got raided, and nothing of use was recoverable. That’s what respect for privacy looks like. Proton could set their infrastructure up in this fashion, but instead they’ve chosen to just hand out user data freely.
No, I’m saying that you’re comparing email to a VPN. You’re not stupid, you know it’s a bad comparison, which is why you didn’t compare Mullvad to ProtonVPN, because you know your argument would fall apart immediately.
I’m comparing Mullvad (a company) to Proton (a company) not their products. They both have a no-log policy (that’s a company policy) only one is actually no logs, and the other is “we sometimes log.” I don’t think you’re stupid either, so I don’t get what’s not getting through.
I don’t think you’re stupid either, so I don’t get what’s not getting through.
You’re being dishonest, is what’s not getting through.
Mullvad doesn’t log because their product is built from the ground up to not be capable of connecting users to their activity. Email was invented before true anonymity on the internet was even a concept. To date, nobody has developed an email solution that is incapable of logging its users when forced to by the government. Both companies have a no log policy, and both follow that policy, insofar as it isn’t breached by force by a legal order from their government. If Mullvad had a system where that was possible, they would have given up that information when they were raided, because they would have had no fucking choice. But like Proton, their VPN is incapable of logging access.
Comparing email to a VPN is about as dishonest and bad faith as anyone can get. Email was never intended to be anonymous, and VPNs were. You know this, which is why you compared Proton’s email to Mullvad’s VPN. If you had compared the two VPNs from both companies, your argument would have immediately fallen apart because neither are capable of logging users without completely rewriting the entire system from the ground up. Your argument is no different than comparing a hippo to a bird, then complaining because the hippo can’t fly.
But like Proton, their VPN is incapable of logging access.
Mullvad’s VPN is incapable of doing so because their infrastructure is entirely built on volatile memory. This obviously doesn’t work with email because the emails need to persist, but this is isn’t a very big problem as that storage is encrypted.
My problem here is that access logs don’t need to be stored permanently. That could definitely be stored on a volatile medium, and then authorities could come over and confiscate it as much as they want. That sort of software architecture is entirely possible to set up, but Proton has made a decision not to.
“No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”
~Protonmail.com
That is a choice. They could’ve chosen to not comply, they could’ve chosen to let the authorities raid their servers, and had their servers been set up in such a fashion that no data could be obtained, there wouldn’t be a problem.
They’ve chosen instead to log and give up information on a climate activist; not a ring of traffickers, or a terrorist group, but some dude or dudette that thinks that climate change is a bit of a problem and that the people in charge aren’t doing enough about it.
You’re being dishonest, is what’s not getting through.
I guess we’ll have to agree to disagree. Do I realise that this creates legal problems for Proton? Yeah. So what? They’re a corporation, they get to deal with it. What this incident has shown is that their word doesn’t mean a thing. What happens when the fascist American regime starts demanding information on dissenters? Are they just going to fold and serve up whatever they ask on a silver platter, too?
What’s dishonest is saying “we don’t log, except when we do, and only when they’re serious criminals, or climate activists.”
Whatever they gather. It says as much in the article; they started recording IPs once a request by the Swiss government came through.
That’s based on the currently available laws. So if a law gets drafted that says “if we suspect someone to be complicit in criminal activity we want you to gather more data” we should just be fine with that because the authorities say so? Because the authorities are always infallible and incorruptible, right?
The details of this individual case isn’t the problem, it’s the precedent it sets that is. When Mullvad got raided for their logs there was nothing recovered because they don’t store anything. Proton stores things based on if the authorities ask them to, and when they find out that it wasn’t a terrorist or child-trafficker they go “woops we had no idea the account belonged to a climate activist.”
The authorities aren’t infallible. Some years back here in Sweden we had police raid, physically abuse, and kidnap a guy they suspected was a pedophile because he’d sent images of him and his 30 year old boyfriend having sex via Yahoo Mail. There’s no reality where this man should’ve been fucking beaten up and traumatised the way he was, but it happened, and there was no recourse for him. Nowhere down the chain of responsibility did anyone get reprimanded or investigated for misconduct.
Complying with the law is such a bullshit fucking excuse.
ProtonMail does not log things by default, but they can still be court ordered to do so by swiss authorities - if you want to run any business at all, you have to submit to a jurisdiction, you can only choose which one to run under. And even if your chosen authority is alright by itself, it can still be misled by other jurisdictions like the French did, using the terror-cudgel against climate activists.
I can also recall that in this case Proton said that had their user actually bothered to use any VPN, even Proton’s, there wouldn’t have been anything to give to authorities except for an exit node IP.
“She shouldn’t have dressed that way.”
Proton could do better, and it’s ridiculous that there are people out here okay with them not doing better.
You’ll agree that Proton doing better would require them to move to a different country, right?
Also Mullvad doesn’t offer email accounts, does it? Seems that they couldn’t have a ‘no user data’ policy if they did since the emails would be exactly that.
I’m okay with this. Sweden isn’t exactly known as a bastion of freedom. Our current minister of equality (Liberals) is pushing for a porn ban. The EU proposal colloquially called “Chat Control” was originally put forth by the Swedish EU Commissioner Ylva Johansson who belongs to the Social Democrats.
You’ll forgive me if I don’t feel like it’s productive to repeat myself, but if you genuinely care for a response you can view it here: https://pawb.social/comment/18804733
Have a good one.
Yeah, they should just go to prison for someone they don’t know and had nothing to do with, that’s the only answer we should be ok with!
Do you hear how stupid that sounds?
Right, because corporations are widely known for going to prison when they break the law. Where exactly did they imprison Facebook for interfering in elections? Running illegal experiments on people? Pirating books and pornography? Surveilling children and selling their data?
Look at Mullvad. They’ve denied access to their data multiple times, they got raided, and nothing of use was recoverable. That’s what respect for privacy looks like. Proton could set their infrastructure up in this fashion, but instead they’ve chosen to just hand out user data freely.
Now you’re comparing apples to oranges? Is that what you do when your position is untenable?
So Proton’s no-log policy is an apple and Mullvad’s no-log policy is an orange, is what you’re saying?
No, I’m saying that you’re comparing email to a VPN. You’re not stupid, you know it’s a bad comparison, which is why you didn’t compare Mullvad to ProtonVPN, because you know your argument would fall apart immediately.
I’m comparing Mullvad (a company) to Proton (a company) not their products. They both have a no-log policy (that’s a company policy) only one is actually no logs, and the other is “we sometimes log.” I don’t think you’re stupid either, so I don’t get what’s not getting through.
You’re being dishonest, is what’s not getting through.
Mullvad doesn’t log because their product is built from the ground up to not be capable of connecting users to their activity. Email was invented before true anonymity on the internet was even a concept. To date, nobody has developed an email solution that is incapable of logging its users when forced to by the government. Both companies have a no log policy, and both follow that policy, insofar as it isn’t breached by force by a legal order from their government. If Mullvad had a system where that was possible, they would have given up that information when they were raided, because they would have had no fucking choice. But like Proton, their VPN is incapable of logging access.
Comparing email to a VPN is about as dishonest and bad faith as anyone can get. Email was never intended to be anonymous, and VPNs were. You know this, which is why you compared Proton’s email to Mullvad’s VPN. If you had compared the two VPNs from both companies, your argument would have immediately fallen apart because neither are capable of logging users without completely rewriting the entire system from the ground up. Your argument is no different than comparing a hippo to a bird, then complaining because the hippo can’t fly.
Mullvad’s VPN is incapable of doing so because their infrastructure is entirely built on volatile memory. This obviously doesn’t work with email because the emails need to persist, but this is isn’t a very big problem as that storage is encrypted.
My problem here is that access logs don’t need to be stored permanently. That could definitely be stored on a volatile medium, and then authorities could come over and confiscate it as much as they want. That sort of software architecture is entirely possible to set up, but Proton has made a decision not to.
That is a choice. They could’ve chosen to not comply, they could’ve chosen to let the authorities raid their servers, and had their servers been set up in such a fashion that no data could be obtained, there wouldn’t be a problem.
They’ve chosen instead to log and give up information on a climate activist; not a ring of traffickers, or a terrorist group, but some dude or dudette that thinks that climate change is a bit of a problem and that the people in charge aren’t doing enough about it.
I guess we’ll have to agree to disagree. Do I realise that this creates legal problems for Proton? Yeah. So what? They’re a corporation, they get to deal with it. What this incident has shown is that their word doesn’t mean a thing. What happens when the fascist American regime starts demanding information on dissenters? Are they just going to fold and serve up whatever they ask on a silver platter, too?
What’s dishonest is saying “we don’t log, except when we do, and only when they’re serious criminals, or climate activists.”
Mullvad is not a mail provider…?
They both have no-log policies. One is “we never log” and the other is “we log sometimes” do you see the difference?
The difference is that they’re different products with different technical requirement.