In the discussion of their fulfilling the request, the data they provided was described as the IP during account creation. If that was accurate then it is a neat trick that law enforcement knew which accounts would eventually be of interest.
"They therefore sent a requisition (via EUROPOL) to the Swiss company managing the messaging system in order to find out the identity of the creator of the address. ProtonMail responded to this request by providing the IP address and the fingerprint of the browser used by the collective."
It looks like the Swiss police responded to a request that could not be fulfilled (creator's ip) by getting something ~equally good (most recent ip) through asking protonmail to enable IP monitoring and the resulting report shown redacted on TC looks like a normal subpoena response where the data was already available.
This does not really look like the back and forth seen with authorities first trying to request the impossible in a subpoena (i.e. famously from lavabit but also from any cloud provider) but that level of adversarial ~obstruction through precise compliance might not be possible in Swiss law.
Or... they always have, and now they're just being honest about it.
I'd be willing to bet 99% of services that say they don't log your IP, actually log your IP in some form. You're telling me all these companies just discard webserver logs? No chance.
It would be nice if we lived in a world where the Protonmails could not be compelled by law to keep IP logs for when their service is accessed by specific users, but at least they can not reveal the content of those specific users' email.
I dislike all the Protonmail stuff but he's wrong. It's weird to see a popular name get it wrong about something I know a fair bit about. Afaik he's trustworthy so wtf is this.
