News

ProtonMail reveals activist’s IP address to law enforcement

Last weekend, a scandal erupted around the secure email service ProtonMail – the service’s management announced that it was recently forced to disclose the IP address of one of its customers, as ProtonMail received an order from the Swiss authorities that could not be appealed or rejected.

It doesn’t matter which service you use, if it’s not 15 miles offshore in international waters, the company will be required to comply with the law.Andy Yen, head of ProtonMail, wrote in a blog post.
Andy-Yen
The incident is related to a series of protests against gentrification that took place in Paris in the summer and fall of 2020. Then a group of activists Youth for Climate took over a number of squares and buildings in Paris, in protest against companies buying real estate and raising rents for local residents fourfold.

Then activists used the inbox on ProtonMail to organize protests (jmm [***] @ protonmail.com), and this attracted both the attention of real estate companies and the French police.

Last week, Paris Luttes (Paris Struggles) reported that the French police and Europol contacted the Swiss government and asked for help, seeking details about the identity of the mailbox owner.

Proton received a legally binding order from the Federal Department of Justice and Police that we were required to comply with. According to Swiss law, the suspect must be notified that his information has been requested, which is not the case in most countries.explains ProtonMail.

However, Andy Yen said that a separate nondisclosure order did not allow the company to notify the user in time about what was happening. That is, the service was forced to save the IP address that the French activist used to log into his mailbox on ProtonMail and hand it over to the authorities.

Proton may be required to collect information about accounts belonging to users that are under criminal investigation in Switzerland. Obviously, this is not done by default, but only if Proton receives a legal order for a specific account. The Internet is mostly not anonymous, and if you are breaking Swiss law, a law-abiding company like ProtonMail may be legally obligated to keep your IP address.

In doing so, Ian tried to defend the Swiss legal system as a whole:

The Swiss legal system is not perfect, but it has a number of checks and balances, and it is worth noting that even in this case, the approval of three governing bodies from two countries was required, which is a fairly high bar that prevents most (but not all) abuse of the system. […] Finally, Switzerland is generally not conducive to prosecutions that come from countries where there is no fair justice system.

However, ProtonMail users, of course, did not like what happened. Many remembered that the ProtonMail service has been used by ransomware operators, blackmailers and other criminals for many years, but the company’s management eventually helped the investigation, which targeted the activist, and not the capture of another extortionist group.

ProtonMail has also been heavily criticized for its marketing, as the company has been promising users “anonymous email” for years, although the latest transparency report shows the number of claims the company receives from authorities is growing exponentially, from 13 requests in 2017 to 3,572 last year (195 of them were foreign).

As a result, the company made changes to its privacy policy, which until recently read: “By default, we do not keep a log of IP addresses that may be associated with your anonymous email account.” Now the phrase “we don’t log IP addresses” has been removed, replacing it with the following sentence: “ProtonMail is an email that respects privacy and puts people (not advertisers) first.”

Let me remind you that we also wrote that ProtonMail developers say Apple is holding us all as hostages.

User Review
5 (1 vote)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

1 day ago