These allegations are false. Hidden at the bottom of the article, is this: "Public prosecutor Walder of the Competence Center Cybercrime contacted me, saying he had been misquoted". In other words, the alleged source (a public prosecutor) has also supported our denial of these false allegations.
ProtonMail does not voluntarily offer assistance. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in criminal cases.
Furthermore, end-to-end encryption means we cannot be forced by a court to provide message contents.
'Public prosecutor Walder of the Competence Center Cybercrime contacted me, saying he had been misquoted. He claims that had not divulged at the above-mentioned event that ProtonMail voluntarily releases real-time data. He had merely described ProtonMail as a potential provider of derived communication services (PDCS).
I was live-tweeting the event, including the interesting presentation by public prosecutor Walder. The remark that ProtonMail was a (potential) PDCS would have been too trivial to be live-tweeted. The insight on the other hand that ProtonMail voluntarily offers assistance for real-time surveillance, was spectacular and I therefore live-tweeted the statement. In its transparency report, ProtonMail – as mentioned above – itself refers to at least one case of real-time surveillance.'
Important: The English text is just an unofficial translation.
"I live-tweeted it, so they said it. If they didn't, I wouldn't have live-tweeted it.".
I'm sorry, but that's a pretty weak argument, even when it's a he-said-she-said type conversation.
> ProtonMail even mentions a current case of real-time surveillance:
„In April 2019, at the request of the Swiss judiciary in a case of clear criminal conduct, we enabled IP logging against a specific user account which is engaged in illegal activities which contravene Swiss law. Pursuant to Swiss law, the user in question will also be notified and afforded the opportunity to defend against this in court before the data can be used in criminal proceedings.“
By writing of a „case of clear criminal conduct“ and of „illegal activities which contravene Swiss law“, ProtonMail violates the presumption of innocence against the monitored suspects. Such suspects are of course not informed by ProtonMail about ongoing real-time surveillance measures.
What I'm saying is that the author claims they voluntarily offer real-time logging without the need for judical intervention - per the prosecutor.
The author of the article at hand later added an addendum saying the prosecutor was mis-quoted in their article [[ and that Protonmail does not voluntarily offer real-time logging.]] (Note: The part inbetween [] is misleading - the prosectuor does not say that. I wrote it out rather than quoted it directly, and made an error. I am leaving it in for posterity)
The authors defense regarding the misquote is saying "I live tweeted it, so it happened".
Whether they do or not - I'm just pointing out the weakness of the argument that "I tweeted it, so it happened"
That is completely false. The author said that the prosecutor claimed to have been misquoted, not that he was misquoted. The author clearly stands by his quote, and it is therefore untrue that he says that Protonmail does not voluntarily offer real-time logging.
I don't think it detracts from the substance of my argument, however. This is a he-said-she-said battle where one says "I tweeted it so it happened" and the other says "no, it doesnt".
Neither side is particularily convincing.
That's true of all he said she said arguments. The next step is gathering proof, not begging for more of the same he said, she said.
What 'order'? All their report says is 'request'. If they had meant order, they would have said court order: in all the other cases in the transparency report, they specify if there was a court order.
How does that change the fact that saying "I tweeted it so it's true" is not a strong argument in a he-said-she-said debate?
Which do you trust more, a witness statement taken a minute after the crime, or made a year later?
That someone said something very revealing and immediately backtracked with an excuse "I didn't say what I said" is, on the other hand, deeply unconvincing.
By the way: The author of the post is an attorney at law and member of the Chaos Computer Club (CCC), which makes me believe that he wouldn't falsely accuse ProtonMail.
But, fair enough regarding request vs. order. I am not familiar with Swiss law terminology.
And he might be right! But to claim he is right because "I tweeted it during the conference" is, as I said, not swaying me either way.
// EDIT (moved word categorically) per comment below.
I don't think it detracts from "I tweeted it, so he said it" per:
>The remark that ProtonMail was a (potential) PDCS would have been too trivial to be live-tweeted. The insight on the other hand that ProtonMail voluntarily offers assistance for real-time surveillance, was spectacular and I therefore live-tweeted the statement.
Took me a second to calculate your meaning, this may help others.
In other words, pretty much the definition of fake news.
That is a pretty conclusive statement that the reporting here is false.
> ProtonMail does not voluntarily offer assistance. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in criminal cases.
Yes, if ordered by a court - but not voluntarily, which is the claim of the article, italicized, with exclamation points, repeated several times, etc.
You're asking a loaded question. Of course they have access to some real-time data re users.
'The order may require real-time surveillance to be carried out and the handover of the retained secondary data of telecommunications from past communications (retroactive surveillance).'
The question is not whether ProtonMail has access to user data. (They have, you are absolutely right.) They question is if they perform real-time surveillance, i.e., lawful surveillance (whether voluntarily or not).
No matter what they actually do, they'd be idiots to reply to this, which is why we won't see a reply from them. Doesn't really say anything meaningful.
The diff is simple and clear: ...
+In April 2019, at the request of the Swiss judiciary in a case of clear criminal conduct, we enabled IP logging against a specific user account which is engaged in illegal activities which contravene Swiss law. Pursuant to Swiss law, the user in question will also be notified and afforded the opportunity to defend against this in court before the data can be used in criminal proceedings.
Diff from 2019/04/25 to today: ...
-Updated on 13.03.2019
+Updated on 24.04.2019
Hey ProtonMail, I'd like to see a very clear, no bullshit, Yes or No to that question.
Your creditibility is being lit on fire in real-time. It'd be a good idea to clarify whether any real-time surveillence ever occurs.
1. a law permits compelling a company to produce real-time data (or anything else),
2. a company has that technical capability, and
3. the company in #2 is in a jurisdiction with a law like #1,
you should assume real-time surveillance data will be provided in cases where it is so ordered. You don't need to wait for them to tell you that it is. It can go without saying.
How could it be otherwise? If the guys with the guns show up to demand that data, what else are they gonna do? The Lavabits of the world are incredibly rare, for the exact same reason that Lavabit doesn't exist any more.
Where is ProtonMail’s data stored? Where are its web servers? Who has physical access? Who has login keys/credentials to storage and server machines? Who does security audits, how are they done, when we’re they done last, what were the results, and what steps are you taking to improve your system’s security? And most importantly, what exactly does ProtonMail do when dealing with authorities and other entities that want access to user data?
Security is a process, not a destination - that’s a mantra everyone in the security world learns early on. But trust is also a process, not a destination. As an example of a company that treats both as a process, consider AgileBits, the developer of 1Password. Their white papers are case studies in transparency.
Much of our code is also open source, and has been audited by third parties, with published audit reports available online.
Some items, like precisely who has access to what, we obviously cannot publish for security reasons, as individual employees may be targeted if this is disclosed too clearly.
Sorry, I'm a user, and I largely trust you all, but this doesn't exactly lay to rest the issue you were given. Security and trust are a chain, and if you don't know every link in that chain than the whole thing is largely useless.
As another pointed out, at some point you just have to trust something and I agree with this. But I wanted to point out that your answer is not sufficient for what you were trying to answer.
If anything, they are more apt to plagiarize and steal other people's ideas.
When they leave science to do something else, they frequently morph into ruthless businessmen.
So please don't be disheartened by the undeserved hate here.
Doesn't that mean the courts could compel you to just alter the JS payload to capture keystrokes for these folks? If not, how do you prove that to us?
Swiss law is very clear in stating that this is not permissible, and this can be verified by checking the law itself.
I'm not an expert in Swiss law, so I have no idea. I'll wait for a 3rd party I trust to vet your claim.
That's not secret, or hidden by them.
They're pointedly not denying they do so in every otherwise detailed response they've given on the subject so far.
That wouldn't be ProtonMail'fault. Which email provider could refuse to comply with their own government orders and get away with it?
Solving this problem is the reason I built this:
if it's open source and you can build it yourself, sure
[UPDATE] Now that I think about it some more, I guess that kind of auditor is analogous to a financial auditor, as you said. I didn't really make that connection before because the nature of the work is very different, but it's a fair analogy.
[UPDATE2] Looking back at your previous comment I see that the word "regulation" is in there. I'm not sure if you edited your comment or if I just missed it before, but my recollection of reading that comment is that it said "financial audit". Either way, I apologize for the misunderstanding and subsequent confusion.
Ah, what a brave new world of clickbait and amateur "journalism" we live in... The "source" was probably asked for a quote five minutes before the article went live and the "publisher" has no incentive to correct it because all they care about is that people visit the site and load the ads so they get a few cents per 1000 views.
Good luck ProtonMail or any other entity caught in these "reporters" and "journalists" antics.
> I was live-tweeting the event, including the interesting presentation by public prosecutor Walder. The remark that ProtonMail was a (potential) PDCS would have been too trivial to be live-tweeted. The insight on the other hand that ProtonMail voluntarily offers assistance for real-time surveillance, was spectacular and I therefore live-tweeted the statement. In its transparency report, ProtonMail – as mentioned above – itself refers to at least one case of real-time surveillance.
Unless there is some massive conspiracy/cover-up involving a Swiss public prosecutor, the most likely explanation (the article is wrong) is probably the correct one.
The statement even matches your own transparency report where you describe a case of IP logging, a typical real-time surveillance measure:
'In April 2019, at the request of the Swiss judiciary in a case of clear criminal conduct, we enabled IP logging against a specific user account which is engaged in illegal activities which contravene Swiss law. Pursuant to Swiss law, the user in question will also be notified and afforded the opportunity to defend against this in court before the data can be used in criminal proceedings.'
(You mention April 2019, the statement by the state prosecutor was made at the beginning of May, i.e., he was probably really happy about your cooperation.)
We are not talking about a public televised event. We are talking about a statement during a presentation. It happens all time time: People talk, sometimes they talk too much.
No, why would it be? As you point out, they've disclosed turning on logging in response to a legal request. Why then deny the event?
- verifying with a phone number that is pretty picky
- getting stuck in captcha hell if I'm on TOR
and if I want to pay with Bitcoin, it already needs to be an existing account
Another commenter put it aptly when he said something to this effect: "It is . If you lobotomize your browser, you might find that a lot of the web doesn't work for you."
If you know a JS-free captcha approach that is of similar quality to Recaptcha, I'm sure the Protonmail folks would love to hear about it.
How do you want to decrypt your data client-side without running a software to do just that?
Unsurprisingly, HTML cannot encrypt your data.
> verifying with a phone number
I never had to do that.
> getting stuck in captcha hell if I'm on TOR
Applies to pretty much all websites that use captcha. The purpose of captcha is to stop spammers; just suck it up or switch browsers.
> and if I want to pay with Bitcoin
Why would you want to do that?
There is no alternative here. There is no company that will ever solve the problem, within the existing email protocol, where one unencrypted sender (say, marketing emails) can send to a so-called “encrypted receiver” and not have an intermediary able to temporarily read the emails. This is inherent in the design of the system. ProtonMail is not end-to-end encrypted in this case, and no email provider can be on the traditional web.
There are no alternatives. There is no hard, scientific, mathematical solution to this. The best you’ll get is “soft encryption”—the equivalent of encryption where the third party offering the service chooses the encryption key.
That said, having observed its history for the last 26 years, I do not think it is an accident that PGP/GnuPG is so difficult to use, poorly developed, generally marginalized, and has not been adopted by any of the big E-mail software authors.
Think of it another way: if Apple decided to really be pro-privacy today and built support for GPG into its Mac and iOS apps, the problem would be largely solved. But for some reason they do not, nor does any other major software maker.
Technically, there is: Encrypting our own mail with our own keys.
If you're using them for an organization that uses Exchange/O365, the admin would need to make sure IMAP/POP protocols are enabled over TLS/STARTTLS, as opposed to using EAS. However, if you're dealing with mail in an organization, you're probably not using your own encryption keys to being with.
The justified concerns the security community has with ProtonMail is: Crypto in the browser is bad (mitigable with Qubes), and How do I know PM isn't serving me a backdoored JS.
IIRC, Helm has auto updated binaries so backdoor-free code isn't a delta. The best I can come up with is: server+CPU observation/isolation is stronger on local hardware relative to PM at the cost of network observation. Hypothetical: "Ok a Spectre-style attack is out, spam emails and let's do some timing-correlation traffic analysis"
They also allow anonymous signups.
If PGP is difficult, people can use a simpler route of 7-zip encrypting text files with a pre-shared passphrase. Share your passphrase out-of-band when feasible. i.e. physical notes, sftp, voice chat, private chat server (mumble / murmur super easy to set up), etc... Use different passphrases for different circles of friends. Example: 
 - https://tinyvpn.org/e/c/6/ec6ef8690422c94f17da3b2caa60a5c1.7...
7za a -mhe=on -p ./SECRET.7z ./SECRET.txt
On the other hand (this is not supposed to be an advertisement or testimonial; I just state the fact), the German email provider Posteo that has some popularity among people who are concerned about privacy also allows anonymous payments via banknotes (cash) that is sent via mail (just put the letter into a postbox in a completely different city).
You need an existing account, which you can't get if you:
- don't verify with a phone number
- get stuck in captcha hell
verify with a phone number is notorious for blocking google voice number blocks and detecting devices that aren't pinging cell towers
Plus, as somebody else already said: having JS enabled seems pretty much mandatory if you want to be able to decrypt your emails client-side.
In the EU countries, it has (by law) become very hard to obtain an anonymous prepaid SIM card.
(both in German).
Case study: Vincent Canfield, of the half-joke email provider cock.li, moved his servers to Romania after them getting seized by German prosecutors.
But it should indeed have this kind of response.
Wanting privacy is not a crime.
End to end encryption in email is somewhat silly, because the vast majority of the time you will be sending email to a private company, or to a gmail address, or generally just to another party that will not respect your privacy at all.
The real benefit to something like ProtonMail is that they're not Gmail. They're not scanning every message you send you send and using it to build an advertising profile on you. If you're really worried about government warrants, email is not the tool for you.
Of course the service provider can be compelled by law enforcement to hand over encrypted data. Law enforcement may then either attempt to brute force the encryption key password, or compel the user to provide the encryption key password (typically the account password with end-to-end encrypted services):
Does ordering you to hand over your password entail a form of self-incrimination or a violation of the right to silence? Would granting police the power to compel passwords cross a line centuries old against forcing a person to speak to build the case against them?
Do you disable auto-update, and risk running a broken version of the encryption library or software, or do you enable auto-update and risk a remote backdoor injection via the auto update?
For linux software, I validate GPG checks of individual packages and of the rpm repo. Both packages and metadata are signed. I get the public key from a non mirror site and compare to keys listed by others.
This does not preclude back-doors, but it means that everyone has the same backdoor as me. I then mitigate dial-home of said programs with firewall rules and selinux. If there is a hard-coded key, it will also affect all the companies and governments using the same software.
Your point about being compelled to hand over your key password (email password) is valid and interesting, but I'm inclined to restate my original point: email is not the tool for you if you believe you're apt to be arrested and your communications subpoenaed.
Technical support / customer service.
Email is not the tool for you if you believe you're apt to be arrested and your communications subpoenaed.
If you do not trust the provider you can still use email securely by utilizing something like PGP
There are others, you can just search for them. This is one I just happened to have on hand, on this very website.
Sure seems like they got caught lying, to me.
You link to your own complaints about cryptosystem choices but you'll have to provide the actual "lies" if you want that assertion that hold.
And some mistakes, like their incorrect directions for ProtonVPN that gave them power in perpetuity to SSL man in the middle every single Mac user? I find those to be unacceptable failures of basic competency. Especially since they have NOT to my knowledge emailed every ProtonVPN Mac user warning them to downgrade the trust of that installed cert. I used ProtonVPN on a Mac and certainly never got such an email.
How many times does a company handling your sensitive information or material get to say, "Whoops, how clumsy of us" before your trust is damaged? How many bad customer experiences do you have? How many far-fetched and misleading claims do they have to make before you worry their marketing and custrel folks are out of touch with the tech?
You tell me your threshold, okay?
But before you move everything to the secret decoder ring, think about what you are actually trying to achieve. Don't want your email to be read by the FBI? Move it to a server in Switzerland and it will be read by the NSA.
I like ProtonMail and I hope they succeed. I find their marketing (explicit or implied) that suggest it protects you against targeted government surveillance annoying and disingenuous.
I mean, they specifically use the word 'request'. Request by the definition, as opposed to an order, is voluntary.
I will add that I find it funny, whenever such topics come up, that people who love authority and agree with surveillance will literally change the wording to fit their desired narrative. I see a lot of people in this thread talking about 'orders' when that word was never used originally and would remove the ambiguity that allows the argument that proton does real time voluntary surveillance.
If you are concerned about privacy, you shouldn't be on Google at all. Move to almost any other provider and you are already a step ahead in terms of privacy.
You aren't going to get absolute privacy in a single step, if ever. You do the best you can, iterate, and do better. Moving away from Google is step 1. Step 2 is to continue research, and potentially move again if it fits your threat model.
The issue that you have with Protonmail seems to be that they enabled IP logging in response to a lawful government request. Google logs IP by default, scans your messages, etc. It baffles me that there is less outrage at that than this single case.
I agree, it's non-trivial and perhaps my comment came across in a negative light. But, I think people are overstating the implication of the issue at hand - especially when you compare Protonmail (and others) to the big providers such as Google and Microsoft.
So in case the government is out to get you, both options will lead to the same outcome: your IP address is revealed.
You could literally change to Fastmail and cancel your Gmail account before tomorrow.
There are hundreds of excuses for not switching from Google or for staying on Facebook etc. But only one outcome: action.
To start with, I forwarded all my Gmail to Outlook.com. As email came in and I read it, I would log into the site that sent it and change my email in there. As time went on, things slowly migrated out of Gmail. I told friends and family I was switching my email address but fortunately for me basically no human ever emails me. The few that do, I can receive the email at Gmail and send a response from Outlook so they get the update.
Now I'm about 99% migrated over, and the few stragglers that still send to Gmail make it to my new inbox anyway so I'm never missing anything.
So, what are the alternatives?
Being bounced as spam not an issue for me.
YMMV depending on who had your IP address previously. If you get a bad (previously blacklisted) IP, then you can always spin up a new VM.
Some of the really low-end VPS providers are so relaxed they get their AS number blacklisted in uceprotect.
It is your call how long you save/enable logs and if you save them to tmpfs and encrypt your swap. You can also encourage your users to 7-zip encrypt sensitive contents. You can also add specific MX routes in transport maps to use VPN connections to make connection logging less useful. Tinc (open source VPN) is great for this, as traffic routes in user-space through your mesh and therefor traffic can end up at its destination without a direct connection.
But even beyond that, can they be compelled by a court order to install software on the VPS (and securing against someone with unlimited access to the VM host is… about as practical as securing against someone with physical access)? I'd assume so?
The main benefit to me for runnign my own email is owning my own data/domain, and not having to allow third parties (aka google) full access to all my emails.
It took about 1 day to set it all up, where most of the time was spent waiting for DNS changes and for Microsoft to de-list my IP from their blacklist (I probably got a bad IP from DigitalOcean).
After that I have logged in to the instance every two weeks to update the machine, haven't had any problems as of yet.
The uptime shouldn't be any problem, as the other mail providers should retry sending their mail, it's even mentioned in the RFC:
Hopefully I haven't missed any mail when updating mailcow-dockerized, I'll never know, hehe.
Really easy and a great experience, compared to doing it from scratch.
But you're asking the wrong questions. Email itself has retries built in, it doesn't need perfect uptime. What you should be asking is how badly Gmail deciding you might be a spammer and not caring about fixing that for one person is going to torpedo your deliverability rate.
By default, they both apply strict security practices so you won't have an open relay, worried about domain masking etc.
Either are about a day to set up and its mostly DNS.
I think you'll have a very hard time finding an email provider that behaves any differently from ProtonMail on this count.
I like their service much more than GMail and I feel much more comfortable with regard to data privacy when using it.
@protonmail; I'm happy too. Thanks for doing the do.
The reason I use Protonmail is that Swizerland can't be easily bullied by the US or similar countries into abusing their court system to illegally spy on people (unlike my own country).
If a Swiss judge decides that a specific individual should be surveilled, I am more inclined to trust that it is for good and legal reasons.
Switzerland is a close US ally. It is even a second-tier partner to the NSA as we know from the Snowden leaks:
Geneva, the home of ProtonMail, is a major international spy hub thanks to the UN. Snowden was even working in Geneva for some time.
The claims made here are categorically false, and have already been refuted.
Possible? Already exists - app? relay?
The response I received back was very disappointing and even concerning. I don't think they understand the concept of threat modeling.
> Unlike competing services, we do not save any tracking information. By default, we do not record metadata such as the IP addresses used to log into accounts.
Notice the sneaky "by default" :)
> In April 2019, at the request of the Swiss judiciary in a case of clear criminal conduct, we enabled IP logging against a specific user account which is engaged in illegal activities which contravene Swiss law.
Can the Swiss judiciary ask ProtonMail to serve a different version of the website to a specific user account, which sends the cleartext to a remote server?
Not defending ProtonMail's actions mentioned in the topic, only puzzled why you seem so surprised in your comment.
This is in fact what ProtonMail has done on multiple occasions when we believe an order to be in error.
I wonder if they could do something like the canaries we see in other legal respects (not a lawyer); log in and get an account-specific banner in your inbox telling you they've never enabled IP logging for your account.
Can a canary work with that much specificity?
I might be very wrong here but I thought canaries were legal because they were generalized. A specific person couldn't be alerted that they were a target, they'd just know someone using the service was a target.
The theoretical legal basis is typically that the government can't compel you to speak against your wishes, or at least can't compel you to lie.
That said, this is untested and controversial, and many lawyers believe that the discontinuation of a warrant canary could be interpreted as a violation of the gag order. Courts often frown upon technical workarounds, and interpret around them.
it might be an interesting idea to build a system that decrypts a small email server per user using their login credentials they interact with that system only and forward mail to the provider MTA for sending. there are still leaks here, and the provider could be compelled to reveal the user key to law enforcement, but the data would only be visible until after the user is authenticated.
Was there a court order? I was under the impression there was not.
To be fair, I don't know if this provision was added after they had reported the instance in their transparency report.
However, I think at some point the customer should use a bit of common sense. Anyone who believes that a government may compel a company to start IP-logging their mail should be considering that in their threat model when they are looking for an e-mail provider. I don't think it needs to be plastered on the front page - especially not with advice on how to circumvent government authorities lawful requests.
No, this is not permitted by Swiss law.
"Notice the sneaky "by default" :)"
There is nothing sneaky about this. There is a feature to enable logging that users can turn on: https://protonmail.com/support/knowledge-base/authentication...
However, this feature is off by default.
'By default' is of course legalese. If a user can turn on the IP logging feature, you can too. And you did in at least one case according to your own transparency report:
indeed. however, a naive physicist facing a reality (in the form of evidence that contradict their public stance) will adjust the stance, issue an apology, correct the message, etc.
so the answer is clear.
The privacy debate is not black and white, especially concerning the obligation of service-providers to go to bat for every customer that a lawfully designated entity has the legal authority to investigate.
In the black and white world you're living in, there is no privacy, as no one can live up to your standards.