This is non-news, like all tech companies, they are bound by law to do this. It happens more than 6000 times per year for Proton. However, this user just had bad opsec. Proton emails are all encrypted and cannot be read unless law enforcement gets your password, which Proton does not have access to. Even if Proton hands over all data.
They are bound Swiss law and should not be retaining any identifying information.
If they are going to give up everything they have on you when the feds come knocking, they shouldn’t keep anything or they shouldn’t market themselves as private and secure .
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
The user specifically requested that Proton retain this PII for account recovery.
Speaking of which, how do they implement recovery emails? Do they save your private keys only if account recovery is enabled?
Recovery email only restores access to the account, so you can get future emails. But all data is lost, emails sent in the past (saved emails) are not recovered.
No, Proton does get a free ride here. The information they provided was the recovery email address, which they were required to do by law.
The only data they don’t encrypt (can see) is that which they absolutely need to store unencrypted. If they encrypt your recovery email address, then… they can’t send you any recovery emails to it since they can’t see it.
This is 100% the fault of the user.
All any service can do is give you the best tools available to maintain your privacy, but they can’t stop you from shooting yourself in the foot.
Firefox is also great for privacy, but if I use it to fill out some info on some phishing sites then that’s not a them problem.
Don’t forget that most of your email arrives at their servers unencrypted, supposedly they immediately encrypt it, but you have to take their word on that. And there’s always the possibility that they are forced or just decide to make a copy of emails as they’re encrypting for your inbox.
They are bound by Swiss Law, so they have to comply with lawful orders. They are very up front about this even within their marketing that pertains to protection from other government authorities. They are also very good at explaining exactly what is protected and what inherently isn’t. A recovery email isn’t. In order for a recovery email to work by its very nature, Proton has to have a record of it. But at the same time they don’t require you to set one. Proton hasn’t done anything that they’ve promised not to. There comes a point where you need to put a little effort into understanding the product you’re using.
They market to activists and people concerned with the business of protest, not Swiss law experts - and are very much are not up front about what could happen if they are contact by LE. Of course They don’t hide it, but you won’t find it on the front page, where they trumpet about Swiss privacy… You and I know the detail, many users may not.
At the end of the day, they attract a lot of activists and protesters to their service, with the offer of “safe and secure email. “ .
They hold a database of all them, in a jurisdiction that requires them to comply with legal requests for information.
They service some 6000 such requests from their database of every year, or around 30 per day.
You can decide for yourself who this efficient and eminently accessible single source of protesters information helps the most.
This information was just as clearly and easily accessible by the guy who was caught, as it is to you, and to me. If you’re going to commit crimes using a cloud service, the onus is really on you to put in a minimal amount of effort to familiarize yourself with what is protected and what isn’t. Proton is extremely up front about this, and give you all the information you need to be safe.
Proton never advertised to a single user that all your data is safe from the Swiss government. On the contrary, their main selling point is that the Swiss government is the primary driver of their secure offering. They encrypt what they can using zero trust encryption, and that is left over is secured by the Swiss Governments laws regarding businesses sharing information with foreign governments.
Proton promised to not comply with direct requests from foreign governments and they haven’t.
Proton promised to encrypt all the data they feasibly can so it was safe from Proton being able to hand it over to even Swiss authorities and they have.
Proton is not responsible for user error, nor the willful ignorance of its users.
I’ve never sought to absolve the user of responsibility, but nor am I ready to label him a criminal, which you seem to be able to do.
At the same time, my words were quite specifically a mild criticism of Proton who are, for reasons I have explain, not entirely the privacy haven it is perceived to be, because of design decisions, where it choose to host its servers and the fact that it has perhaps unknowingly created a highly functional database for law enforcement to query in demand.
I don’t label him anything. He clearly did something that guided his decision to use a more privacy-centric service to avoid the prying eyes of his own government. That could be crimes, civil disobedience, it doesn’t matter.
Proton deserves no criticism here. It has not created any functional database of any group of people to be queried by anybody, much less law enforcement. Thats complete nonsense with no evidence to back it up.
It is exactly the privacy haven it appears to be because to this date there has been no reason to believe otherwise. Proton has and continues to offer the protections it’s promised to, without deviation. You just seem to have some kind of personal bone to pick with Proton and are using this story to distort the truth in order to create some kind of anti-proton narrative. I’m no corporate fanboy, but right now we have very few privacy-focused cloud services and for the duration they remain so, I’m not going to tear them down for no reason.
You’ve been triggered by very mild criticism of Proton and the small but nonetheless important risks associated with using that service.
You have accused the user in question of doing crimes - it’s there in your comment for everyone to see. You are unable to accept that a firm that according to their own data, services 6000 requests for information under the Law, is a useful source of information for Law Enforcement.
There’s no where for this conversation to go from here.
The fight against misinformation is an important one, and the misinformation you’re spreading is a threat to anyone who is interested in being privacy-conscious but doesn’t know enough to dispute what you’re saying. Whether or not the user was committing crimes, or any other non-state sanctioned activity that he recognized could land him in hot water continues to be irrelevant. Nobody is judging his morality, the point is that he knew what he was doing warranted more effort to maintain his privacy. You trying to put an emotional or moral spin on the term “crimes” is just more pedantic nonsense to distract from the issue at hand.
The fact that Proton services 6,000 requests from law enforcement in a year (not all of which uncontested or even granted, a detail you’ve conveniently left out) does not imply that they’ve violated user trust, or that they’re doing anything they didn’t explicitly say they would do.
Whatever your motivation is for this slander campaign against Proton, it isn’t working.
But if you use their service for free, you do not have to provide any identifying info. As far as I am aware there is no check what you enter is legit and there is no requirement to supply a backup address. So the whole solution for a user to stay anonymous as much as they can with Protonmail is simply to not enter any identifying info.
How do you imagine a recovery email to work, if the provider doesn’t store it, and you lost access to your email by definition in the moment you need it?
Recovery email is not needed, you can totally use your account without and proton doesn’t ask for it. It’s a feature where you obviously are disclosing that piece of information and link two accounts. It’s either that or not using that feature.
It would be cool if they stored a hash of the recovery email, then you type it out during the recovery process and they can send if the hash matches what they got.
Sure, but that’s essentially a weaker recovery password (which also is an option in Proton).
Also that poses quite some challenges for email verification (say, you make a typo when you first write your address), let alone the fact that you won’t see what emails you have configured essentially, which is also bad UX.
I think it’s much simpler to have recovery email as it is and -if one doesn’t want to associate proton account with any other account- offer other recovery methods, which are available (phrase and phone number).
I disagree it would be the same as a password. They do use only the hash to validate the entry, that is the same. But then they send recovery to the email instead of proceeding in place. An attacker would have to both know the email and be able to access its inbox. (Or, less likely, generate a hash collision with an address they do control.)
I think they could do verification if they kept the plaintext address just long enough to send something out.
The UX of only being able to show hashes would be pretty unfortunate, sure. Maybe that’s a potential compromise if they kept just a first letter, likex***@example.com? Same number of stars in the interface regardless of the real length of email, to attempt to leak less info.
But the question is “why”?
Email addresses are personal but not secrets, there is no reason to add complexity and worsen the UX for such a feature imo. If anybody is not comfortable with this particular piece of data being associated with their account, they can just use a recovery phrase. It is by no means a necessary feature. What would be the advantage of having a recovery email “obscured”?
The advantage of the functionality as-is is that it’s trivial to see what you have configured, it’s trivial to change address etc.
All of this to add an ineffective amount of privacy. If someone is under investigation, having the hash of the recovery email is in many case sufficient. Asking Apple/Gmail/Microsoft if the hash matches any of their customers covers probably 98% of the population. Billions of emails are also available through breaches, so there is very very high chance that if someone used their personal email, it’s either with one of the big providers, or it has been leaked before. If it’s not, and you used a private provider with no data, then there is no problem even if the address is obtained, as that cannot be further used to de-anonymize you.
You’re incorrect. If they salt the hash and use bcrypt it is computationally infeasible for Microsoft to match it against a customer. Or at least expensive enough that Microsoft would insist on warrants and subpoenas.
Computationally infeasible? It’s as expensive if every user made a single login (if they use bcrypt for passwords).
They don’t need to do it for every user, they need to do it for one only. Salting is fairly irrelevant in this context. And we are talking about resources for Microsoft, or Google, or Apple. And this is also assuming they can’t further segment the customers by other metadata, such as location (in this case for example, Spanish users), which will drastically reduce the number of users to try. If every Spanish person had a user, you need 47kk hashes. Years ago single rigs pumped more than 10k bcrypt/s. That would be 1h of computation give or take? Assuming a fraction of that and not the immense computing power of big tech, it’s still something completely achievable for an investigation.
Proton’s mails are encrypted… between proton accounts. Send an email to a hotmail account and bye-bye encryption. Proton does rely on PGP so you can use that if the recipient supports it.
A Password-protected Email is an email that requires a password to open it. It’s a way you can send a secure, end-to-end encrypted email to anyone who isn’t on Proton Mail.
This is non-news, like all tech companies, they are bound by law to do this. It happens more than 6000 times per year for Proton. However, this user just had bad opsec. Proton emails are all encrypted and cannot be read unless law enforcement gets your password, which Proton does not have access to. Even if Proton hands over all data.
Proton doesn’t get a free ride here.
They are bound Swiss law and should not be retaining any identifying information.
If they are going to give up everything they have on you when the feds come knocking, they shouldn’t keep anything or they shouldn’t market themselves as private and secure .
The user specifically requested that Proton retain this PII for account recovery.
Speaking of which, how do they implement recovery emails? Do they save your private keys only if account recovery is enabled?
Recovery email only restores access to the account, so you can get future emails. But all data is lost, emails sent in the past (saved emails) are not recovered.
https://proton.me/support/set-account-recovery-methods
No, Proton does get a free ride here. The information they provided was the recovery email address, which they were required to do by law.
The only data they don’t encrypt (can see) is that which they absolutely need to store unencrypted. If they encrypt your recovery email address, then… they can’t send you any recovery emails to it since they can’t see it.
This is 100% the fault of the user.
All any service can do is give you the best tools available to maintain your privacy, but they can’t stop you from shooting yourself in the foot.
Firefox is also great for privacy, but if I use it to fill out some info on some phishing sites then that’s not a them problem.
Don’t forget that most of your email arrives at their servers unencrypted, supposedly they immediately encrypt it, but you have to take their word on that. And there’s always the possibility that they are forced or just decide to make a copy of emails as they’re encrypting for your inbox.
They are bound by Swiss Law, so they have to comply with lawful orders. They are very up front about this even within their marketing that pertains to protection from other government authorities. They are also very good at explaining exactly what is protected and what inherently isn’t. A recovery email isn’t. In order for a recovery email to work by its very nature, Proton has to have a record of it. But at the same time they don’t require you to set one. Proton hasn’t done anything that they’ve promised not to. There comes a point where you need to put a little effort into understanding the product you’re using.
Don’t tell me, tell the guy they gave up . ?
They market to activists and people concerned with the business of protest, not Swiss law experts - and are very much are not up front about what could happen if they are contact by LE. Of course They don’t hide it, but you won’t find it on the front page, where they trumpet about Swiss privacy… You and I know the detail, many users may not.
At the end of the day, they attract a lot of activists and protesters to their service, with the offer of “safe and secure email. “ .
They hold a database of all them, in a jurisdiction that requires them to comply with legal requests for information.
They service some 6000 such requests from their database of every year, or around 30 per day.
You can decide for yourself who this efficient and eminently accessible single source of protesters information helps the most.
This information was just as clearly and easily accessible by the guy who was caught, as it is to you, and to me. If you’re going to commit crimes using a cloud service, the onus is really on you to put in a minimal amount of effort to familiarize yourself with what is protected and what isn’t. Proton is extremely up front about this, and give you all the information you need to be safe.
Proton never advertised to a single user that all your data is safe from the Swiss government. On the contrary, their main selling point is that the Swiss government is the primary driver of their secure offering. They encrypt what they can using zero trust encryption, and that is left over is secured by the Swiss Governments laws regarding businesses sharing information with foreign governments.
Proton promised to not comply with direct requests from foreign governments and they haven’t.
Proton promised to encrypt all the data they feasibly can so it was safe from Proton being able to hand it over to even Swiss authorities and they have.
Proton is not responsible for user error, nor the willful ignorance of its users.
I’ve never sought to absolve the user of responsibility, but nor am I ready to label him a criminal, which you seem to be able to do.
At the same time, my words were quite specifically a mild criticism of Proton who are, for reasons I have explain, not entirely the privacy haven it is perceived to be, because of design decisions, where it choose to host its servers and the fact that it has perhaps unknowingly created a highly functional database for law enforcement to query in demand.
I don’t label him anything. He clearly did something that guided his decision to use a more privacy-centric service to avoid the prying eyes of his own government. That could be crimes, civil disobedience, it doesn’t matter.
Proton deserves no criticism here. It has not created any functional database of any group of people to be queried by anybody, much less law enforcement. Thats complete nonsense with no evidence to back it up.
It is exactly the privacy haven it appears to be because to this date there has been no reason to believe otherwise. Proton has and continues to offer the protections it’s promised to, without deviation. You just seem to have some kind of personal bone to pick with Proton and are using this story to distort the truth in order to create some kind of anti-proton narrative. I’m no corporate fanboy, but right now we have very few privacy-focused cloud services and for the duration they remain so, I’m not going to tear them down for no reason.
Quite the opposite.
You’ve been triggered by very mild criticism of Proton and the small but nonetheless important risks associated with using that service.
You have accused the user in question of doing crimes - it’s there in your comment for everyone to see. You are unable to accept that a firm that according to their own data, services 6000 requests for information under the Law, is a useful source of information for Law Enforcement.
There’s no where for this conversation to go from here.
The fight against misinformation is an important one, and the misinformation you’re spreading is a threat to anyone who is interested in being privacy-conscious but doesn’t know enough to dispute what you’re saying. Whether or not the user was committing crimes, or any other non-state sanctioned activity that he recognized could land him in hot water continues to be irrelevant. Nobody is judging his morality, the point is that he knew what he was doing warranted more effort to maintain his privacy. You trying to put an emotional or moral spin on the term “crimes” is just more pedantic nonsense to distract from the issue at hand.
The fact that Proton services 6,000 requests from law enforcement in a year (not all of which uncontested or even granted, a detail you’ve conveniently left out) does not imply that they’ve violated user trust, or that they’re doing anything they didn’t explicitly say they would do.
Whatever your motivation is for this slander campaign against Proton, it isn’t working.
But if you use their service for free, you do not have to provide any identifying info. As far as I am aware there is no check what you enter is legit and there is no requirement to supply a backup address. So the whole solution for a user to stay anonymous as much as they can with Protonmail is simply to not enter any identifying info.
How do you imagine a recovery email to work, if the provider doesn’t store it, and you lost access to your email by definition in the moment you need it? Recovery email is not needed, you can totally use your account without and proton doesn’t ask for it. It’s a feature where you obviously are disclosing that piece of information and link two accounts. It’s either that or not using that feature.
It would be cool if they stored a hash of the recovery email, then you type it out during the recovery process and they can send if the hash matches what they got.
Sure, but that’s essentially a weaker recovery password (which also is an option in Proton).
Also that poses quite some challenges for email verification (say, you make a typo when you first write your address), let alone the fact that you won’t see what emails you have configured essentially, which is also bad UX.
I think it’s much simpler to have recovery email as it is and -if one doesn’t want to associate proton account with any other account- offer other recovery methods, which are available (phrase and phone number).
I disagree it would be the same as a password. They do use only the hash to validate the entry, that is the same. But then they send recovery to the email instead of proceeding in place. An attacker would have to both know the email and be able to access its inbox. (Or, less likely, generate a hash collision with an address they do control.)
I think they could do verification if they kept the plaintext address just long enough to send something out.
The UX of only being able to show hashes would be pretty unfortunate, sure. Maybe that’s a potential compromise if they kept just a first letter, like
x***@example.com? Same number of stars in the interface regardless of the real length of email, to attempt to leak less info.But the question is “why”? Email addresses are personal but not secrets, there is no reason to add complexity and worsen the UX for such a feature imo. If anybody is not comfortable with this particular piece of data being associated with their account, they can just use a recovery phrase. It is by no means a necessary feature. What would be the advantage of having a recovery email “obscured”? The advantage of the functionality as-is is that it’s trivial to see what you have configured, it’s trivial to change address etc.
All of this to add an ineffective amount of privacy. If someone is under investigation, having the hash of the recovery email is in many case sufficient. Asking Apple/Gmail/Microsoft if the hash matches any of their customers covers probably 98% of the population. Billions of emails are also available through breaches, so there is very very high chance that if someone used their personal email, it’s either with one of the big providers, or it has been leaked before. If it’s not, and you used a private provider with no data, then there is no problem even if the address is obtained, as that cannot be further used to de-anonymize you.
You’re incorrect. If they salt the hash and use bcrypt it is computationally infeasible for Microsoft to match it against a customer. Or at least expensive enough that Microsoft would insist on warrants and subpoenas.
Computationally infeasible? It’s as expensive if every user made a single login (if they use bcrypt for passwords).
They don’t need to do it for every user, they need to do it for one only. Salting is fairly irrelevant in this context. And we are talking about resources for Microsoft, or Google, or Apple. And this is also assuming they can’t further segment the customers by other metadata, such as location (in this case for example, Spanish users), which will drastically reduce the number of users to try. If every Spanish person had a user, you need 47kk hashes. Years ago single rigs pumped more than 10k bcrypt/s. That would be 1h of computation give or take? Assuming a fraction of that and not the immense computing power of big tech, it’s still something completely achievable for an investigation.
Proton’s mails are encrypted… between proton accounts. Send an email to a hotmail account and bye-bye encryption. Proton does rely on PGP so you can use that if the recipient supports it.
They mean encrypted at rest. As in, Proton cannot hand over a copy of all your emails to a law enforcement agency, they don’t have access.
This means law enforcement would have to capture an unencrypted email in transit, or obtains your emails from either recipient individually.
Mail stored in proton is encrypted
https://proton.me/support/password-protected-emails