
ProtonMail Voluntarily Offers Assistance for Real-Time Surveillance? - sebiw
https://steigerlegal.ch/2019/05/23/protonmail-real-time-surveillance/
======
protonmail
ProtonMail team here.

These allegations are false. Hidden at the bottom of the article, is this:
"Public prosecutor Walder of the Competence Center Cybercrime contacted me,
saying he had been misquoted". In other words, the alleged source (a public
prosecutor) has also supported our denial of these false allegations.

ProtonMail does not voluntarily offer assistance. We only do so when ordered
by a Swiss court or prosecutor, as we are obligated to follow the law in
criminal cases.

Furthermore, end-to-end encryption means we cannot be forced by a court to
provide message contents.

~~~
rolltiide
Okay now explain why I can't make a protonmail account without:

\- disabling javascript

\- verifying with a phone number that is pretty picky

\- getting stuck in captcha hell if I'm on TOR

and if I want to pay with Bitcoin, it already needs to be an existing account

~~~
ravenstine
> Okay now explain why I can't make a protonmail account without:

> \- disabling javascript

ProtonMail encrypts/decrypts messages in the JavaScript client, which is how
messages are encrypted without the server ever having access to the plaintext.
If you must disable JavaScript, then ProtonMail isn't the mail service for
you(unless you use their mobile app).

------
bigdang
While ProtonMail’s marketing has always stood out as over the top self-
congratulatory, the reaction of people saying “oh no, I need to find an
alternative now” represents a fairly naive understanding of the very nature of
communication platforms on the internet, especially email.

There is no alternative here. There is no company that will ever solve the
problem, within the existing email protocol, where one unencrypted sender
(say, marketing emails) can send to a so-called “encrypted receiver” and not
have an intermediary able to temporarily read the emails. This is inherent in
the design of the system. ProtonMail is not end-to-end encrypted in this case,
and no email provider can be on the traditional web.

There are no alternatives. There is no hard, scientific, mathematical solution
to this. The best you’ll get is “soft encryption”—the equivalent of encryption
where the third party offering the service chooses the encryption key.

~~~
groovybits
> There is no alternative here.

Technically, there is: Encrypting our own mail with our own keys.

~~~
donjh
See [https://thehelm.com/](https://thehelm.com/)

~~~
DINKDINK
What are the marginal benefits (and costs) of running a Helm over ProtonMail
service? I can see none.

The justified concerns the security community has with ProtonMail is: Crypto
in the browser is bad (mitigable with Qubes), and How do I know PM isn't
serving me a backdoored JS.

IIRC, Helm has auto updated binaries so backdoor-free code isn't a delta. The
best I can come up with is: server+CPU observation/isolation is stronger on
local hardware relative to PM at the cost of network observation.
Hypothetical: "Ok a Spectre-style attack is out, spam emails and let's do some
timing-correlation traffic analysis"

------
LinuxBender
I think it is worth reiterating that regardless of (insert application)
provider used, one should assume lawful intercept and low friction compliance,
not to mention eventual data leakage from hacks, bugs and competence issues.

If PGP is difficult, people can use a simpler route of 7-zip encrypting text
files with a pre-shared passphrase. Share your passphrase out-of-band when
feasible. i.e. physical notes, sftp, voice chat, private chat server (mumble /
murmur super easy to set up), etc... Use different passphrases for different
circles of friends. Example: [1]

[1] -
[https://tinyvpn.org/e/c/6/ec6ef8690422c94f17da3b2caa60a5c1.7...](https://tinyvpn.org/e/c/6/ec6ef8690422c94f17da3b2caa60a5c1.7z)

Created using:

    
    
        7za a -mhe=on -p ./SECRET.7z ./SECRET.txt
    

pw

    
    
        akduygajygrvads____________lgidufh^-_adliuanj^^^42^^^^^^^onijhoijg__1__

------
wolfgke
One problem with ProtonMail that is also relevant here is that ProtonMail does
not allow to pay anonymously for the service (so that investigators are able
to follow the money trail).

On the other hand (this is not supposed to be an advertisement or testimonial;
I just state the fact), the German email provider Posteo that has some
popularity among people who are concerned about privacy also allows anonymous
payments via banknotes (cash) that is sent via mail (just put the letter into
a postbox in a completely different city).

~~~
lone_haxx0r
On the other hand, germany is a bad place to have your servers.

~~~
amaccuish
Out of interest where would you suggest?

~~~
lone_haxx0r
I'm not sure, but I guess a relatively developed country without a big nosy
state would do (or one that doesn't care about the Internet/speech
censorship/spying on people). Other obvious places where you don't want to
have your servers: Australia, USA, UK, Russia(duh), Turkey.

Case study: Vincent Canfield, of the half-joke email provider cock.li, moved
his servers to Romania after them getting seized by German prosecutors.

[https://arstechnica.com/tech-policy/2016/01/cock-li-
server-s...](https://arstechnica.com/tech-policy/2016/01/cock-li-server-
seized-again-by-german-prosecutor-service-moves-to-iceland/)

------
everdrive
There's a lot of paranoia in this thread. The whole point of end to end
encryption is that it protects against court-mandated searches. (among other
things) It doesn't prevent the search, it renders the search less useful.

End to end encryption in email is somewhat silly, because the vast majority of
the time you will be sending email to a private company, or to a gmail
address, or generally just to another party that will not respect your privacy
at all.

The real benefit to something like ProtonMail is that they're not Gmail.
They're not scanning every message you send you send and using it to build an
advertising profile on you. If you're really worried about government
warrants, email is not the tool for you.

~~~
jasonsync
End-to-end encryption protects against the service provider (employees) from
easily reading your data. This is the biggest benefit.

Of course the service provider can be compelled by law enforcement to hand
over encrypted data. Law enforcement may then either attempt to brute force
the encryption key password, or compel the user to provide the encryption key
password (typically the account password with end-to-end encrypted services):
[https://en.wikipedia.org/wiki/Key_disclosure_law](https://en.wikipedia.org/wiki/Key_disclosure_law)

Does ordering you to hand over your password entail a form of self-
incrimination or a violation of the right to silence? Would granting police
the power to compel passwords cross a line centuries old against forcing a
person to speak to build the case against them?
[https://globalnews.ca/news/5310901/canada-privacy-
passwords-...](https://globalnews.ca/news/5310901/canada-privacy-passwords-
law/)

~~~
LinuxBender
End-to-end using server provided javascript code means that the code can be
changed on the fly per user to enable lawful intercept. Plausible deniability
only works if the client is encrypting the payload entirely independent of the
provider. That would require the end user to be compelled directly and
javascript would not be required.

~~~
jasonsync
So you're running a local encryption library or app (not relying on server
side JS code).

Do you disable auto-update, and risk running a broken version of the
encryption library or software, or do you enable auto-update and risk a remote
backdoor injection via the auto update?

~~~
LinuxBender
I disable auto-update and get my software from a computer not associated with
me. I compare checksums to copies that friends have and checksums on
virustotal.

For linux software, I validate GPG checks of individual packages and of the
rpm repo. Both packages and metadata are signed. I get the public key from a
non mirror site and compare to keys listed by others.

This does not preclude back-doors, but it means that everyone has the same
backdoor as me. I then mitigate dial-home of said programs with firewall rules
and selinux. If there is a hard-coded key, it will also affect all the
companies and governments using the same software.

------
KirinDave
A bunch of folks have been warning that ProtonMail is essentially well-
polished marketing, smoke and mirrors. It isn't just their position on law
enforcement or data collection; they've made a series of very awkward
cryptographic mistakes that sort of give the game away. For example, using
problematic crypto libraries, omitting salient facts from their marketing
copy, and repeatedly failing to deliver on promises to correct the above
issues.

~~~
ziddoap
I'm not saying you're wrong at all, but I'd love to see some source material
for these claims - specifically the "repeatedly failing to deliver on promises
to correct the above issues" in regards to their crypto.

~~~
KirinDave
Not even 2 months ago they misrepresented crypto capabilities and we're forced
to agree they'd fix it. Still waiting on further action.

There are others, you can just search for them. This is one I just happened to
have on hand, on this very website.

[https://news.ycombinator.com/item?id=19748370](https://news.ycombinator.com/item?id=19748370)

~~~
ziddoap
I will read into it, thanks for providing additional info.

------
sschueller
Yep, Similar issues with Threema. They are currently under the number of
requests [1] but will eventually reach it and then what?

[1]
[https://threema.ch/en/transparencyreport](https://threema.ch/en/transparencyreport)

------
idlewords
If you want to communicate securely, don't use email. Every email provider in
the world is subject to _some_ government authority, and there is not a
government on the planet that will allow a service to operate without some
provision for surveillance (nor should it!).

But before you move everything to the secret decoder ring, think about what
you are actually trying to achieve. Don't want your email to be read by the
FBI? Move it to a server in Switzerland and it will be read by the NSA.

I like ProtonMail and I hope they succeed. I find their marketing (explicit or
implied) that suggest it protects you against _targeted government
surveillance_ annoying and disingenuous.

------
4ntonius8lock
Do Swiss court orders go by another name?

I mean, they specifically use the word 'request'. Request by the definition,
as opposed to an order, is voluntary.

I will add that I find it funny, whenever such topics come up, that people who
love authority and agree with surveillance will literally change the wording
to fit their desired narrative. I see a lot of people in this thread talking
about 'orders' when that word was never used originally and would remove the
ambiguity that allows the argument that proton does real time voluntary
surveillance.

------
spraak
Hmm I was just the other day contemplating moving my domain and email off of
Google/Gsuite nd ProtonMail was one alternative I was considering. Now I'm
hesitant - what other options are there?

~~~
Lowkeyloki
I have almost completely moved my email from Google to ProtonMail. Now this.
It makes me sad. I'm using ProtonVPN as well.

So, what are the alternatives?

~~~
w8vY7ER
In the same boat and now actively considering just self-hosting as these
threads will so often advocate for. What a pain.

~~~
Lowkeyloki
I've heard lots of horror stories about self-hosted mail bouncing as spam. I'd
only consider that a last resort, personally.

~~~
raintrees
I have been self-hosting for over 20 years using self-signed certificates, now
widely described by current browsers as "unsafe and suspicious." My clients
receive my emails without issue, whether they have Microsoft-hosted, Google-
hosted, email servers, etc. or their own private self-hosted servers. As do
any other service I interact with via email.

Being bounced as spam not an issue for me.

------
npx
I'm a happy Protonmail user and I think this (even if it were true) is only an
issue if you are being unrealistic. All companies can be legally compelled to
take action regardless of their jurisdiction. If you have some gratuitously
paranoid threat model, you should be using Tor anyway.

I like their service much more than GMail and I feel much more comfortable
with regard to data privacy when using it.

~~~
portroyal
Happy users of any service aren't nearly as vocal as the unhappy ones.

@protonmail; I'm happy too. Thanks for doing the do.

------
mikece
While the messages themselves might not be able to be read due to end-to-end
encryption, the metadata -- IP addresses, time of access, to/from whom
messages are being routed, possibly more from a mobile app -- would provide a
LOT of information. And unless I'm mistaken, Swiss banks are a members of the
SWIFT agreement... possible connection?

~~~
chmars
Switzerland is a member of SWIFT. There is also a data center in Switzerland
according to Wikipedia:

[https://en.wikipedia.org/wiki/Society_for_Worldwide_Interban...](https://en.wikipedia.org/wiki/Society_for_Worldwide_Interbank_Financial_Telecommunication)

------
C14L
> at the request of the Swiss judiciary

The reason I use Protonmail is that Swizerland can't be easily bullied by the
US or similar countries into abusing their court system to illegally spy on
people (unlike my own country).

If a Swiss judge decides that a specific individual should be surveilled, I am
more inclined to trust that it is for good and _legal_ reasons.

~~~
chmars
I have bad news for you:

Switzerland is a close US ally. It is even a second-tier partner to the NSA as
we know from the Snowden leaks:

[https://www.elmundo.es/espana/2013/10/30/5270985d63fd3d7d778...](https://www.elmundo.es/espana/2013/10/30/5270985d63fd3d7d778b4576.html)

Geneva, the home of ProtonMail, is a major international spy hub thanks to the
UN. Snowden was even working in Geneva for some time.

~~~
techrich
Everyone has to agree with the bully in the play ground. The bully is not
around forever though. A new one comes along.

------
protonmail
We have written up a longer article on the false allegations here:
[https://protonmail.com/blog/martin-steiger-false-
statements/](https://protonmail.com/blog/martin-steiger-false-statements/)

The claims made here are categorically false, and have already been refuted.

------
vinay_ys
Today, mobile phones are super powerful, always-on and almost always
connected. We should be able to run mail completely on the mobile device?
There could be blind relay mailboxes in between to help store/forward the
mails until they are retrieved by mobile phone app.. and of course there's end
to end encryption with no metadata leakage in the relay.

Possible? Already exists - app? relay?

~~~
silversconfused
This is how email was intended to work, but anti spam measures now prevent
"any normal user's device" from originating a message. To deliver a message
you would need to find a trusted relay to add legitimacy flags to the message,
or you need a trusting recipient with a friendly network path between you so a
plain message would not be blocked.

~~~
vinay_ys
I know how email works. Have run very large deployments. I'm asking if such a
1-person completely decentralized convenient deployment solution exists? If
not, why not?

~~~
silversconfused
Barrier to entry was raised significantly. You have to partner with someone to
make it work, as an individual. Helm looks expensive but interesting.

------
NutritionFacts
I recall e-mailing ProtonMail years ago and asking why they chose GoDaddy as a
registrar considering their entire existence is based on enhancing
security/best practices.

The response I received back was very disappointing and even concerning. I
don't think they understand the concept of threat modeling.

------
CptHannibal
ProtonMail's response to the allegations [https://protonmail.com/blog/martin-
steiger-false-statements/](https://protonmail.com/blog/martin-steiger-false-
statements/)

------
akskos
archive link for anyone else who is unable to access the page:
[https://web.archive.org/web/20190529151510/https://steigerle...](https://web.archive.org/web/20190529151510/https://steigerlegal.ch/2019/05/23/protonmail-
real-time-surveillance/)

------
781
Advertisement [1]:

> _Unlike competing services, we do not save any tracking information. By
> default, we do not record metadata such as the IP addresses used to log into
> accounts._

Notice the sneaky "by default" :)

Reality [2]:

> _In April 2019, at the request of the Swiss judiciary in a case of clear
> criminal conduct, we enabled IP logging against a specific user account
> which is engaged in illegal activities which contravene Swiss law._

Can the Swiss judiciary ask ProtonMail to serve a different version of the
website to a specific user account, which sends the cleartext to a remote
server?

[1] [https://protonmail.com/security-details](https://protonmail.com/security-
details)

[2] [https://protonmail.com/blog/transparency-
report/](https://protonmail.com/blog/transparency-report/)

~~~
ckastner
What exactly should ProtonMail have done in this case? Refuse to comply with
the court order?

Not defending ProtonMail's actions mentioned in the topic, only puzzled why
you seem so surprised in your comment.

~~~
781
When you sell such a sensitive product, which could be used for example by
swiss account tax evasion whistle blowers, maybe you should disclose on the
front page that you can be compelled to log IP addresses and advice users to
plan around that.

~~~
ziddoap
From Protonmails website:

> In addition to the items listed in our privacy policy, in extreme criminal
> cases, ProtonMail may also be obligated to monitor the IP addresses which
> are being used to access the ProtonMail accounts which are engaged in
> criminal activities. Under no circumstances will ProtonMail be able to
> provide the contents of end-to-end encrypted messages sent on ProtonMail.

To be fair, I don't know if this provision was added after they had reported
the instance in their transparency report.

However, I think at some point the customer should use a bit of common sense.
Anyone who believes that a government may compel a company to start IP-logging
their mail should be considering that in their threat model when they are
looking for an e-mail provider. I don't think it needs to be plastered on the
front page - especially not with advice on how to circumvent government
authorities lawful requests.

------
oyebenny
Does ProtonMail perform real-time surveillance of users? Yes or No?

~~~
cblades
What does real-time surveillance mean in your question?

~~~
chmars
My own definition does not matter. Swiss law matters:

'The order may require real-time surveillance to be carried out and the
handover of the retained secondary data of telecommunications from past
communications (retroactive surveillance).'

[https://www.admin.ch/opc/en/classified-
compilation/20122728/...](https://www.admin.ch/opc/en/classified-
compilation/20122728/index.html#a26)

------
maverickmax90
You guys should try migadu.com

~~~
spraak
Can you share why?

------
java-man
The question is: is ProtonMail run by a bunch of naive physicists or a
carefully created honeytrap?

~~~
781
There is precedent for that, a Swiss crypto company which sold NSA backdoored
crypto systems to the Iranians:

[https://en.wikipedia.org/wiki/Crypto_AG](https://en.wikipedia.org/wiki/Crypto_AG)

~~~
ravenstine
There's precedent because they are Swiss?

