ProtonMail often touts its Swiss jurisdiction and privacy guarantees, but at the same time, it is complying with a record number of data request orders going through the Swiss legal system. ProtonMail is one of the most popular secure email services in the world, having launched in 2014 via a crowdfunding campaign. It promises a …
What are they supposed to do as an internationally known and used company? Reject legal proceedings and ignore official national laws?
I mean, the answer to that is clearly they should structure their service to store the absolute least possible personal information needed to allow the service to function so that when a legitimate law enforcement agency comes knocking they can honestly say they don’t have much.
Which… appears to be pretty much what they do.
I agree with you. Losing the protection of a right – even one as fundamental as privacy – is by definition not a violation so long as that happens through due process. Now we can certainly talk a lot about what level of process is due, and I’m sure it will be basically unanimous that current standards around the world are FAR too accommodating to law enforcement, but at least in principle a warrant justifies the invasion of privacy. That’s what the warrant is for.
This story kind of makes me want to switch all my stuff to ProtonMail.
Yeah I would agree with you that given the service they provide (email is brutal), they couldn’t really collect any less info or improve security/privacy much more.
they could not log the ips
Change their advertising
And what advertising is that precisely? No data ( emails, passwords, drive files ) were shared with the authorities. So the data is still secure and private.
As far as I can tell they haven’t falsely advertised.
I’d give them bonus points for transparency ( publishing how many court ordered subpoenas they receive on a yearly basis ) compared to other companies that don’t.
Other companies which are prominent in the privacy/secure email scene face similar issues.
E.g.: https://www.internetsociety.org/blog/2021/03/enough-is-enough-what-happens-when-law-enforcement-bends-laws-to-access-data/
I think you’re mixing up anonymity with privacy. It can definitely be more anonymous, but you would need to take steps for that yourself ( Tor, VPN, … ).
How though? They advertsize themselves as the privacy-conscious Google alternative which they very much are. Idk if I’ve just not been exposed to (their) ads, but do they make all kinds of unreasonable claims like being outside of all legal jurisdiction?