301 comments

[ 3.4 ms ] story [ 258 ms ] thread
Disclaimer: I am a paying customer.

Very classy post. To-the-point. There are limitations with digital services.

If you don't like what happened, you need to change things. They only way to change things is to change the law. This begins with voting.

...from prison, where you were put because your email provider's guarantees eroded over time.
Did you read the article? Because their guarantees didn't "erode over time," this exact attack vector, and how to mitigate it, was disclosed in their public report over five years ago.
What do I do when not a single candidate in any election that I can vote in has even heard of, much less taken my preferred position on, this issue?
- Lobby with the existing candidates (and/or incumbents) to get them to take a stand on this issue.

- Same point as before but indirectly: gather public support by leveraging the (social) media available to you.

- If all else fails: run for office yourself.

> - If all else fails: run for office yourself.

I advise all, especially Americans, to do this first.

And, if all of this fails and your country appears to be corrupted, consider protesting. Revolting might become necessary depending on the condition.
The only issue here, is that Proton said on their homepage that they don't log IP, but they in fact do it when asked by the police. Vote will not impact that.

Anonymity doesn't exists for GAFA or Big governments on internet that's all, if you are not happy with that, you can vote as you want it will not change. But anonymity in society will soon stop existing as well. With all cameras that we have everywhere, we just need the Chinese facial recognition system and that will be the end. That's how it is.

Or, you could change the country of your email provider.
It's very rare to actually change things in a liberal democracy with voting. This is a central contradiction of the system, because there is very little incentive for existing governments to offer the ability to vote for policies which would change the status quo. Probably doubly so with something as subversive as what you are suggesting, states don't like it when non-states are able to keep secrets.

Modern labor rights, environmental policy, and basic equality for marginalized groups (women, POC, LGBT people etc.) under the law, are frequently touted as victories of liberal democratic systems but almost all of these rights exist because of massive civil disobedience, and often violent protests.

In all cases, you need huge support of the voter base for a particular issue before voting for a candidate to represent it is ever an option. Even then, there is simply no way to hold elected officials accountable to implementing their platform, and how could there be? No plurality of elected officials would ever want to pass that law in the first place.

It might largely depend on whether you live somewhere with proportional representation or not. Full-on revolution at the ballot box is rare in liberal democracies, sure, but single-issue candidates get elected pretty commonly and often have outsized influence if they're needed for a coalition government.
Women's rights actually occurred in defiance of popular numbers by a vote. In the US, the same thing happened for integration of schools.

You do, typically, need a majority of the voters to agree with you. In representative democracy that means you need a plurality of representatives.

Candidates can and do lie. That is something you need to evaluate as part of voting for them.

In defiance of popular numbers, but as a result of decades of (mostly illegal) protests.
This is absolutely not the case in Switzerland where ProtonMail is located. The government doesn't have a say in what questions are voted for. Any proposal that gathers 100k signatures is put to a nation-wide referendum. About a dozen proposals are voted for each year. It is absolutely possible to run a public initiative to change the privacy or criminal laws, provided you have support in the population.
As always, the root problem is abuse of citizens and the law perpetrated by the government. Using terror laws to go after a climate activist is peak authoritarian for western democracies so far. Our climate is failing and instead of listening to those speaking up they jail them.
the capitalist class will do anything to protect its interests. if it means sacrificing democracy, so be it. its nothing really surprising
Oh man, if you think the capitalists are bad wait until you hear about the fascists, the communists and the monarchs!
That's a pretty weak response, most likely someone being negative about capitalists are already upset about all the ones you mention.

More transparency and more equality is what many are looking for are your response dies not cover that at all.

> Using terror laws to go after a climate activist is peak authoritarian for western democracies so far.

It wasn't too long ago that Eco-terrorism was a thing that resulted in people's homes being burned down. I have a family member who got injured as a result of somebody digging holes in a fairly remote grass air strip. I'm sure somebody would describe the guy with a post hole digger as a heroic "climate activist". This situation doesn't appear to be that, but that might provide a little good faith context for why law enforcement would be interested in going after the likes of ELF.

This is the exact kind of clarity that was needed for users to have confidence in their understanding of Protonmail. Andy Yen (Proton CEO) is a very thoughtful communicator and is making the world better.

At some point everything on the internet becomes local, because people and businesses eventually must exist at a location in the real world. Proton is always going to be subject to local law enforcement wherever they are based.

It seems like they could've simplified their explanations about only Swiss law applying by simply recommending Swiss users go elsewhere.

It seems like the safest way to use email is to use email operated outside your own country.

I think you're misinterpreting. It doesn't matter where the user is from at all. They are obligated to disclose certain things if they get a request from the Swiss authorities, but it certainly does not only apply to people living in Switzerland.

It simply means that if, lets say the US, govt makes a request, they are not obligated to comply unless they are specifically requested by the Swiss authorities.

I think the French asked the Swiss to aid them in the investigation. Idk the whole story but I think it was to get some squatting climate activists (you know, super serious crimes…).

The linked post by Proton suggests VPN and Tor usage for better anonymity.

I don't believe the person involved was Swiss. My understanding is that a request was made to the Swiss authorities by the French authorities.

So, to avoid this, a user would need to not be accused of a crime in a country that is on speaking terms with Switzerland.

which is basically all of the EU and surrounding countries.

this has been the case for a very long time. (more then 80 years in the benelux for example).

if you think your email provider is immune to search warrants, thats your first mistake... how about dont use email to conduct your illegal business?
Are we now calling climate activism "illegal business"?
Certain behaviors (such as occupy other people's property) do not suddenly become legal/ethical just because you have a climate activism agenda in your head.
Most social change over the years has happened because of activist action which was considered 'illehal' at the time. Civil rights, workers rights, voting emancipation etc etc. Legal and ethical are not necessarily the same thing.
Keep in mind that illegal does not mean unethical, and vice versa. Parent comment is just stating what it was.
Journalists, whistleblowers, and teachers in certain countries are performing "illegal business".
Don't conflate "illegal" with "wrong".

Obviously there is a lot of overlap, but the reality is that civil disobedience is often the only way to force changes in unjust laws, history (even incredibly recently) has proven that time and time again.

(comment deleted)
> Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.

This is false.

Each time you visit protonmail you re-download (cache can be invalidated) their client. It would be trivial for them to serve a specific user a modified client which uploads their encryption keys.

This problem is not specific to protonmail, any service which contends to be secure with respect to some server (the protocol relies on the client to decrypt stuff the server cannot) can be compromised this way because of implicit trust in the client software which can be modified at any time with no notice - making any auditing entirely meaningless in the case of targeted attacks.

This problem should perhaps be addressed by browsers since it seems they are becoming pseudo operating systems.

They say "cannot be compromised by legal orders" and they say they are bound by and only by swiss laws.

Maybe what they mean is that the swiss authorities have no legal basis on which to force them to serve a modified, backdoored, client like the one you're talking about.

$5 wrench is pretty effective
$5 wrench does not fall under "legal orders"
Yes, probably not. The point is that there are other ways to "force them to serve a modified, backdoored, client"
I suppose in that case your threat actor is... The mafia? Is lucky Luciano trying to take your ethereum?
My $5 wrench goes a lot further if I skip the backdoor, and go 'talk' to the target directly. The end of the encryption is always the simplest vulnerability to exploit.
Their marketing copy still says "Anonymous. Opt out of tracking or logging of personally identifiable information".

And "Unlike competing email services, we do not track you."

Nowhere does it say "Unless your government asks the Swiss government then we'll capture, log and report every IP address you use".

Source: https://protonmail.com/security-details

Screenshot: https://imgur.com/a/gfUcYme

And this marketing copy was rewritten after this incident.

Before this incident it didn't say "opt out of tracking". How does one "opt out", by using Tor?

It used to say, in bold print, "No tracking or logging of personally identifiable information".

No weasel words about requiring the user to take some unspecified action to "opt out". No asterisks or caveats or warnings of any kind.

It also used to explicitly promise: "we do not record metadata such as the IP addresses used to log into accounts".

Now that part is mysteriously gone.

Pretty shitty to quietly flush this down the memory hole, then pretend nothing's changed, blaming and gaslighting users for not understanding.

Source: https://web.archive.org/web/20210607023937/https://protonmai...

Screenshot: https://imgur.com/a/R1muChN

This point is weird. No reasonable person would understand that sentence to include "and we won't even comply with court orders".
Seems reasonable to understand "no tracking or logging" to mean that in the event of a government demand to produce records, they could honestly reply that no records exist.

Other email providers keep logs that they provide to governments when there's a legal order.

What's the point of bragging about "no tracking or logging" if you're just going to track and log like every other email provider if the government asks for it?

> Seems reasonable to understand "no tracking or logging" to mean that in the event of a government demand to produce records, they could honestly reply that no records exist.

And they would. They don't keep those records. However, when a government agency shows up with a court order that states they have to cooperate and provide those records going forward they must comply.

> What's the point of bragging about "no tracking or logging" if you're just going to track and log like every other email provider if the government asks for it?

Again: a reasonable person would not assume that their email provider is a criminal enterprise that does not comply with the law.

>Seems reasonable to understand "no tracking or logging" to mean that in the event of a government demand to produce records, they could honestly reply that no records exist.

No one with the least understanding of the internet could suppose that Protonmail could not be forced to provide the IP address associated with a user's login, which I assume is what happened here.

They did promise that, though. One lie leads to infinite more.
Appreciate the analysis!

I think PM's approach is more lipstick on a pig. It may be a good looking pig compared to the other pigs (gmail), but it is still a pig. Blue ribbon pigs are still a pig.

Am expecting some real change if PM wants my $.

I would not be surprised if Swiss intelligence agency does have the legal power to hack whomever they want.

The idea that someone can just pay €60 per year and expect to be safe from State prosecution seems so naive.

Good idea for a browser addon to check for that.
There's no design of browser add-on that could check for that. They update it every so often as it is, and they could serve the modified version to everybody, but it only does the modified behaviour for some people.
(comment deleted)
(comment deleted)
The browser add-on that comes closest is Signed Page[0], and in theory it could provide TOFU level security by requiring the user to opt in to new versions. For unclear reasons, though, the devs seem to be against implementing that.[1]

Any system for protecting against backdoors assumes that someone is auditing the code to check for user-specific code paths, so the only extra layer of security to add is some sort of Binary Transparency. A good example of that is Sigstore, which is being experimentally integrated with the Arch Linux package ecosystem.[2]

[0] https://github.com/tasn/webext-signed-pages

[1] https://github.com/tasn/webext-signed-pages/issues/13

[2] https://github.com/kpcyrd/pacman-bintrans

They could just not encrypt future emails. Wouldn't help where they've already discarded the plaintext, but newer emails are usually more useful anyway.
You can use ProtonMail Bridge with your own mail client to remove the dependency on the ever-changing webapp. I'm not sure if it's possible to build Bridge from source instead of blindly trusting the binaries they offer, though.
when you do, be aware that locally encrypting mail and sending it over the bridge will not work.
And that the bridge exposes your IP address if you aren't using Tor.

This isn't a complaint, it should be pretty obvious. Though it'd be neat if they integrated Tor into the Bridge such that they cannot tell where the connection is coming from, that would be cool.

Not that this is really part of my threat model anyway, I don't expect protonmail to be anonymous, merely more private in certain situations.

I posted this as an idea if anyone wants to vote it up, they seem to be pretty responsive to end users compared to other services (at least the paying ones).

https://protonmail.uservoice.com/forums/284483-protonmail/su...

You also can't use your own mailbox keys loaded into bridge - the only mailbox keys that can be used seem to be generated inside their app (which from a security standpoint is the same as generated on their server).
One possible mitigation to this would be to let customers deploy ProtonMail's open-source client [0] themselves to wherever (as one example, this is something that TermPair implements [1]).

[0] https://github.com/ProtonMail/WebClients

[1] https://github.com/cs01/termpair/#static-hosting

Mailvelope is basically Protonmail's OpenPGP javascript client done as a browser plugin.
Mailvelope (https://github.com/mailvelope/mailvelope) is an open source extension for Chrome and Firefox that allows users to use openpgp encryption with any webmail provider. Unfortunately, I have only one contact who has corresponded with me using pgp. But two others (both activists) use ProtonMail (my only reason for having an account on the service) -- but not Tor (their ProtonMail use predates the latest "explainer").

As several others here have written, the vast majority of people don't care about their (or your) privacy: so most of our contacts are just more holes in a very leaky boat.

When it comes to email, I'm going to go out on a limb and say people should _never_ trust it for sensitive communications. Message content itself can be protected by pgp encryption (if people would bother to use it), but there's no watertight way to consistently avoid the kind of relationship mapping that nation states and transnational corporations have been doing for the last two decades. That game is already over, and Big Brother won -- no matter who you use for email.

> Message content itself can be protected by pgp encryption (if people would bother to use it)

The message might be encrypted, but if they get to the other guy and offer him a sweet enough deal, there is no protection. There are two copies of the content out there, if it is that serious, why leave the papertrail.

People like to believe they are subverting the CIA snooping on all their very important 'activism', but in reality the most they are doing is opting out of google using their emails to market them shit they were never going to buy in the first place.

Another possible mitigation is SecureBookmarks[0] which uses SRI integrity hashes and Data URLs to ensure that you always get the same web app.

At worst, this means the security level fits the TOFU model (Trust On First Use), which is better than the default BEEF model, which stands for "Beware Each and Every Fetch".

[0] https://coins.github.io/secure-bookmark/

Thanks for this. I've been toying with this idea myself in the context of Signal's refusal to implement a web client, due to web clients missing TOFU. Glad to see it's not as crazy of an idea as I felt it was.

I wonder why this topic seems so unpopular. Nobody cares that currently it is impossible to make a secure web app?

From your other comments I also found webext-signed-pages, and the issue asking if they could make it secure, and I'm amazed that they dismissed it. In their readme they claim to protect against malicious and compromised servers, but in reality they don't, so what is the point..?

People do care, but it's a hard problem to solve well without the help of browser makers. I don't know why Mozilla aren't trying to move the web forward in this way, but the usual argument is that browsers shouldn't implement features that web developers aren't going to use, which causes a bit of a chicken and egg problem.

The main disadvantages of SecureBookmarks are that the address bar contains the Data URL (rather than a trusted domain, with a padlock) and it is difficult to upgrade a bookmark. Technically, though, it should be possible for the server to keep a record of the latest version the user has opted in to, and that value could be signed by the user's password which the server never sees. That way only the initial web app bootstrapping code is not upgradeable.

I agree that the response from the Signed Pages devs has been disappointing, but for balance I should say that their claim seems to be that protecting against downgrades would necessarily prevent gradual deployments of complex web apps. I'm not convinced about that, but haven't looked deeply into the technological limitations. In any case, the lack of downgrade protection doesn't make the extension useless, since it improves the security of web apps from having to trust an online TLS key to trusting an offline PGP key.

(comment deleted)
> Each time you visit protonmail you re-download (cache can be invalidated) their client

What about their app? They'd have to push a malicious update through the Play Store or Apple's Store to target someone, which is very unlikely.

Not only that, but it's very unfortunately worded. There's a missing "contents of emails, attachments, calendars, files, etc. cannot be compromised by legal orders", since I assume there is vital metadata that still can be compromised.
> Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding.

They’re not explicit with regards to the activist, this would mean the activist was notified upon ProtonMail receiving the request?

I’m not sure there’s much you can do but lawyer up if you receive such a notice, but potentially the activist could have immediately started using Tor (maybe too late though, because to read the notice they might have already leaked their IP).

Does anyone have information on what the climate activist is accused of? This is the only thing I've found:

> For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying premises rented by Le Petit Cambodge — a restaurant that was targeted by the November 13th, 2015 terrorist attacks in Paris.

I found this page [0] (in French). I don't know how reliable this website (or my French, for that matter) is, but it seems like its a group of activists illegally squatting, damaging the property (at least changing the locks) and causing some public disturbances in the street, and the police were having a difficult time catching them. This email account was linked to the organization's Twitter account, and from there they were able to put together enough information to arrest.

[0] https://paris-luttes.info/recit-policier-de-sainte-marthe-15...

So that activist was the leader and social media coordinator of the group.
In short, a judge ordered the eviction, the BAC (French police's anticrime unit) proceeded and 50-60 people intervened and tried to stop them, at least two officers were injured, one had to take 15 days off.
I'm not quite following:

> ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.

But the arrest was by the French police. So the Swiss government used a warrant to get info from PM and then passed it to France because the charges passed muster under Swiss law ("Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)")?

the difference here being that protonmail gave the data to the swiss government. which in term passed it to the French for its police investigation.

cross border criminal investigation and police cooperation is very common in Europe, and fully within swiss law.

Okay, that's what I was wondering; I wasn't giving an option, just trying to figure out how a Swiss investigation resulted French police arresting someone. So thanks:)
I think it was a request from a French police investigation to provide the data, which makes the Swiss government ordering PM to reveal user details seem very generous IMO. If I were Swiss I would probably want a bit more restriction on potentially arbitrary foreign government requests.
I still do not understand what is point of ProtonMail: they are same as others. Google, MS or Apple will not sent your data to gov without court order. ProtonMail is the same.

And I bet that these big corporations have better security.

Please advise…

ProtonMail messages can be end-to-end encrypted and they aren't scanned for serving ads to you. ProtonMail might be the same with regards to metadata, but they offer an onion site to mitigate that risk to a certain extent.
I'm sure Google and MS have a lot more data to give in an information request than ProtonMail. According to what ProtonMail has posted, they only turned over an IP address. Google and MS would probably have your account name, contents of your emails, login session times, all recorded IP addresses you've logged in from, all recorded devices you've logged in from, etc. I'm not sure about Apple though.
The "data" in this case was the user's IP address and time they logged in.

Other providers might be able to be compelled to provide much more explicit data such as email content or the user's identity.

ProtonMail to ProtonMail emails are e2ee. Emails sent outside of ProtonMail ecosystem can still be secured with a password with a link to the email hosted at ProtonMail. ProtonMail uses zero-access encryption, which means it is technically impossible for them to decrypt user messages. When you sign up with Google you have to give them a phone number and other details which ProtonMail don’t require.

In relation to GMail specifically see[1]

[1] https://protonmail.com/blog/protonmail-vs-gmail-security/

> ProtonMail to ProtonMail emails are e2ee. Emails sent outside of ProtonMail ecosystem can still be secured with a password with a link to the email hosted at ProtonMail.

You can also encrypt emails with PGP with someone's public key from within ProtonMail, in this scenario you don't need to send them a password or a link. They do however have to have you in their address book with public key attached.

Proton to Proton might be E2EE. Proton to any other service is almost certainly not. I'd suggest that their marketing is not exactly transparent. Their 'zero-access encryption' only applies to mailboxes stored in their environment.

It's nice that they offer hosted secure mail, like those on offer from enterprise tools (Proofpoint, Mimecast etc.), but it's not really E2EE email. Signing up to Protonmail may not require a mobile number, but a recovery email (PII) must added and linked the account.

Here is an example of a Protonmail to Gmail message (potential PII removed):

  Delivered-To: xxxxx@gmail.com
  Received: by xxxxx with SMTP id {...};
          Mon, 6 Sep 2021 00:00:00 -0000
  X-Google-Smtp-Source: {...}
  X-Received: by xxxxx with SMTP id {xxx}.50.{xxx};
          Mon, 6 Sep 2021 00:00:00 -0000
  ARC-Seal: i=1; a=rsa-sha256; t={...}; cv=none;
          d=google.com; s=arc-20160816;
          b={...}
  ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-{...};
          h=mime-version:message-id:subject:reply-to:from:to:dkim-signature
           :date;
          {...}
  ARC-Authentication-Results: i=1; mx.google.com;
         dkim=pass header.i=@protonmail.com header.s=protonmail header.b={...};
         spf=pass (google.com: domain of xxxxx@protonmail.com designates {...} as permitted   sender) smtp.mailfrom=xxxxx@protonmail.com;
         dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
  Return-Path: <xxxxx@protonmail.com>
  Received: from mail-{...}.protonmail.ch (mail-{...}.protonmail.ch. [{...}])
          by mx.google.com with ESMTPS id {...}.{...}
          for <xxxxx@gmail.com>
          (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
          Mon, 6 Sep 2021 00:00:00 -0000
  Received-SPF: pass (google.com: domain of xxxxx@protonmail.com designates {...} as   permitted sender) client-ip={...};
  Authentication-Results: mx.google.com;
         dkim=pass header.i=@protonmail.com header.s=protonmail header.b=WRR3qgpc;
         spf=pass (google.com: domain of xxxxx@protonmail.com designates {...} as   permitted sender) smtp.mailfrom=xxxxx@protonmail.com;
         dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
  Date: Mon, 6 Sep 2021 00:00:00 -0000
  DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail;   t={xxx}; bh={...}; h=Date:To:From:Reply-To:Subject:From; b={...}
  To: "xxxxx@gmail.com" <xxxxx@gmail.com>
  From: {...} <xxxxx@protonmail.com>
  Reply-To: {...} <xxxxx@protonmail.com>
  Subject: Testing proton mail "encryption".
  Message-ID: <1234567890@protonmail.com>
  MIME-Version: 1.0
  Content-Type: multipart/alternative; boundary="THE_BOUNDARY"
  X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,   DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE shortcircuit=no   autolearn=disabled version=3.4.4
  X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch
  
  --THE_BOUNDARY
  Content-Type: text/plain; charset=utf-8
  Content-Transfer-Encoding: base64
  
  --THE_BOUNDARY
  Content-Type: text/html; charset=utf-8
  Content-Transfer-Encoding: base64
 
  --THE_BOUNDARY--
Nothing special, certainly no E2EE encryption (to be fair, the welcome email explains this is Protonmail <-> Protonmail only) and STARTTLS, so it may be opportunistic encryption for the transmission. Not sure what benefit the Base64 encrypted body has as it's more bytes that the unencrypted message. Of course, encrypting with PGP and sending over Tor helps with anonymity, but it still relies on the recipient keeping everything secure their end.

Email, no matter what you do to try and make it secure, is an inherently insecure protocol, that has been mangled beyond what it was intended for. I'm not suggesting that we shouldn't try to make it better, but that it...

> Proton to Proton might be E2EE. Proton to any other service is almost certainly not.

There is nothing stopping you from importing a public key into your contact in your address book, when you do that and send an email it will have a green closed lock. It supports fetching the key via WKD as well.

The lock icon indicates if it is encrypted https://protonmail.com/support/knowledge-base/encryption-loc...

That can be done with Thunderbird/Enigmail and with GPGTool in mail.app. If the key is on a public server, then decryption can be done by anyone. The point is that Proton is categorically not E2EE sending to 3rd parties. It can’t be because email doesn’t work like that. PGP is a bandaid. If you want to send email securely, don’t use email!
> The point is that Proton is categorically not E2EE sending to 3rd parties

Who said it was?

The comment must have been deleted.
(comment deleted)
Throwaway.

As the manager of various accounts used by environmental and social activists on Protonmail, this is really bad.

I understand they have to follow Swiss law, but surely there are higher standard and processes than: police forward foreign request. Don't challenge or question, just do task required.

Interpol requests are not as universally recognized as what some people here are alluding to. Countries can file these requests with interpol but it's up each country to determine if they act or recognize the request.

If the Chinese government files 500 requests via interpol and the swiss police merely pass them on the proton, will proton mail automatically comply and install malware on their client on targeted accounts?

I hope this is not the case but I expect this to be clarified. On th face of it, organizing an occupy protest hardly seems to pas the bar of "serious criminal cases"

Sadly, it is impossible hide your identity from gov and legal enforcement (from US to China) if you use any commercial service. As far as I know, FBI knows identity of all “ransomware” hackers. But they just cannot get them.
Could you explain or substantiate this claim in a bit more detail? How is it absolutely impossible to find anonymity using any commercial service? and where did you hear that all the ransomware hackers are known?
Your concerns are valid but I think you are downplaying this by characterizing it as "swiss police merely pass them to proton". Protonmail recieved a legally binding order from the Swiss Federal Department of Justice.

I'm not saying Swiss laws are infallible but this request was not simply "forwarded": "Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)"

As they mentioned in the blog post, they do challenge many of these requests but it was not legally possible in this case.

Replace "Swiss" with "US" and Protonmail with GMail and the sentence remains equally true. So I guess the question remains, what does Protonmail offer in terms of privacy that is better than GMail or Outlook, given that USA and Swiss are both adhere to democratic standards.
The difference, I guess, is that someone wouldn't start protonmail in the US precisely because of this. If Swiss laws changed for the worse, they might consider changing their country of operations.
Because of what? The US has fairly good privacy protections. Certainly, they are a five-eyes member, but for example it is not required by law that you keep logs. In many places in europe, it is required.
> what does Protonmail offer in terms of privacy that is better than GMail or Outlook, given that USA and Swiss are both adhere to democratic standards.

Well for a start the privacy policy of Gmail allows them to use your data for advertising purposes.

Secondly, emails encrypted at rest, are still encrypted, so at least the body is protected.

Unless you were receiving emails that were encrypted prior to being sent that wouldn't be the case with Gmail.

The threat model for Protonmail is fairly clearly defined under the "ProtonMail recommended use cases". https://protonmail.com/blog/protonmail-threat-model/

The fact still remains email was probably not the right tool for these people as there is a lot of data stored server side.

> Well for a start the privacy policy of Gmail allows them to use your data for advertising purposes.

This is false - google stopped doing this for personal accounts many years ago (and never did for paid corporate).

> emails encrypted at rest

Google also encrypts at rest

Can Google decrypt without your permission?

Honest question, because that's the obvious difference (if you believe ProtonMail claims).

Can you access your e-mail if you lose your phone, forget your password, get a new SIM card, and successfully go through account recovery?

There is your answer.

I know that I cannot access my protonmail email under a wide variety of circumstances that I make efforts to avoid. Two of them involve forgetting complicated passwords, either of which would render my entire (historical) email vault unreadable. But it could absolutely be security theater.

What I have no idea about is Google. Do they even need to do anything targeting you in order to decrypt the data or not? Obviously they can modify your software with a remote update such that they can capture your decryption password, but that's a lot more work than querying a database and using a master key that Google has on hand for this sort of thing.

For Google (and almost every provider that isn't very specifically targeting the highest levels of security at the expense of usability), the answer to the rhetorical question I posed is "yes", which implies that they can read your mail, without having to target you or anything you have.

While (as you correctly pointed out) the fact that you lose access to the data if you lose your passphrase doesn't prove that the data is completely inaccessible without it, the opposite (being able to access the data even if you forget/lose all your secrets/keys) conclusively proves that such access is possible.

> Can you access your e-mail if you lose your phone, forget your password, get a new SIM card, and successfully go through account recovery?

You can't. But this really doesn't answer if there was a special way for law enforcement, which I don't believe there is.

The question was about Google, and there (as with almost any other provider) you can. Most users would be pretty upset (no sarcasm) if something so small (sarcasm) as losing all their means to authenticate actually caused them to lose data.
Yes google can, but if Protonmail can be compelled by a proxy foreign government to start logging an individuals IP, they could easily collect your decryption key with a targeted attack as well.
Alternately, they could just log plaintext emails as they come in, before being encrypted.
Right, of course. I'm talking about decrypting the past messages.

Obviously they can modify their software to capture your decryption password, my question is more out of curiosity than it being a serious advantage against a state actor targeting you specifically.

I am fairly sure that protonmail cannot do this without modifying the software to target me by capturing the decryption password.

Of course they can always capture plaintext messages as they come in, we can only assume they don't keep records of that. If that's true, and we only have their word for that, it would make any requests forward focused, like a wire tap rather than a search of old bank records. They can't necessarily access old emails without explicit effort.

It's not some insurmountable barrier, and I don't mean to suggest it is. It's trivial to think of at least three ways to work around it, assuming you are still logging in. But it is a difference in design.

> This is false - google stopped doing this for personal accounts many years ago.

Does seem to be the case https://www.theguardian.com/technology/2017/jun/26/google-wi...

> (and never did for paid corporate).

We weren't talking about Workspaces.

However that said, people logged into gmail generally use google search so they get to use all the data collected from that and youtube videos you watch so I don't think it really matters too much. https://support.google.com/google-ads/answer/7019460?hl=en

With ProtonMail they can't actually read the contents of your emails, even for law enforcement, whereas Google certainly would be able to hand over entire copies.

But if Protonmail can be compelled by a proxy foreign government to start logging an individuals IP, they could easily collect your decryption key and therefore your emails with a targeted attack as well.
> what does Protonmail offer in terms of privacy that is better than GMail or Outlook

Encryption. That was always the point. Your emails are stored encrypted, and nobody can read their content except you.

Not sure why some people expected ProtonMail to act as a magical VPN, both truly anonymous and not obeying to any court order, to an unencrypted email account like Gmail.

But you can also send encrypted E-mail using GMail with Thunderbird...
Or cut'n'paste ascii armored PGP data in any web mail. It's not very convenient, though.
Comparing the USA to Switzerland is truly naive. The Switzerland doesn’t have a permanent occupation of another sovereign country where Switzerland subjected prisoners to “enhanced interrogation techniques”, not to mention other routine human rights abuse violations. And let’s not forget that proton doesn’t have the same record of customer abuse as google.
Countries override democratic standards for vaguely defined "national interests" all the time. It so happens that US, with its sprawling global empire, has a lot more "national interests" than the generally MYOB Swiss, and so is more prone to such abuse.
Switzerland is a grouping of "Cantons" and each has very distinct autonomy. Some of them are far more conservative than others, and are going to have judges who are going to make decisions accordingly.

As much as we might like to believe it, law is not universally applied in a fair manner. Swiss authorities will approve requests that are total garbage requests. I happen to be on the receiving end of one of those, which was eventually, after significant time, effort and money thrown out for prejudice.

I think we are long past the point where we can trust all governments to use interpol notices only when required, and for the local law enforcement agencies not to take nuclear actions based on something that is clearly contrived, or political in nature.

Now, I don't support squatting, but launching an interpol notice, and attacking privacy under color of law seems like a misuse of the law, and abuse of the Swiss legal system.

We may need to attack this problem differently since it appears the Swiss do not have the vaunted protections they claim.

Also, we need Protonmail to look into offshoring, and obtaining independence of a potentially abusive legal system.

Sealand had at least a few good ideas around immunities from State power.

It's up to the local authorities as you said. If the Chinese government files 500 requests on interpol and the Swiss authority recognizes the requests, ProtonMail will just have to comply.

But usually interpol rejects many requests from the Chinese government (to track uyghurs for example).

The real scandal here is why the French authority is making such request on an activist, why Interpol processed it (as far as I understand there are no crimes in play here?), and why the Swiss authority recognizes the request? Perhaps we don't have the full story, but, with only the information we have, it sounds like an abuse of the protocol on 3 different entities. And double standards from Interpol (not okay to track down chinese activists, but ok for french activists?)

> The real scandal here is why the French authority is making such request on an activist, why Interpol processed it (as far as I understand there are no crimes in play here?), and why the Swiss authority recognizes the request?

This seems easy to answer - according to French media[1], they were activists illegally occupying[2] buildings to protest rising real estate prices. This is illegal in Switzerland, too. What's the scandal? Authorities using their powers?

[1]: https://www.lesnumeriques.com/vie-du-net/protonmail-a-fourni...

[2]: https://www.lefigaro.fr/societes/a-paris-un-local-du-restaur...

Illegal, okay, but is it a crime? I mean, after WWII interpol asked countries to not fill requests on nazis criminals because they did crimes of political nature and interpol needs to stay politically neutral [0]. But now, for an anti-capitalist activist it's not political?

[0]: https://en.wikipedia.org/wiki/Interpol#cite_ref-14

> Illegal, okay, but is it a crime?

According to Swiss law, yes.

> but surely there are higher standard and processes than: police forward foreign request. Don't challenge or question, just do task required.

There are, which they specifically described.

This also goes for your second described case. The chinese government is only one of the two required.

In your job as an intermediary would it be reasonable to roll your own email servers? If done properly then you wouldn't have to trust anyone and could give instructions to your clients on how to produce and use their own private keys. Commercial mail providers don't offer this option for some (likely legal) reason, but if you're willing to share risk with the activists then I think it would be worthwhile.
> could give instructions to your clients on how to produce and use their own private keys

PGP has been around since 1991, if it was as easy as writing a catchy how to, then some people might use it. Now 30 years in, basically nobody uses it. Got to wonder why ...

> don't offer this option for some (likely legal) reason

Not at all, they dont do it because it is a terrible customer experience. It is confusing, it is hard, if you lose a key, your data is garbage. If you make a copy of your key, you are not secure. Some people are happy to go that path, most are not.

If only it was so simple. Imagine a world where Gmail launched, but if you forgot your password, boom, all your email is gone as is access to your email address. The next company that came along and offered 'password resets' would have wiped them out.

> if you forgot your password, boom, all your email is gone as is access to your email address

Replace "email" with "Bitcoin"

Those are all benefits when your goal is discrete communication: which is exactly what we're discussing.
(comment deleted)
Interpol is simply a way for law enforcement to communicate across borders.

If the Chinese government files a request by means of Interpol, it’s very dishonest to say “an Interpol request.” It’s a Chinese request.

Interpol won't tell you it's a Chinese request though. You can claim it's dishonest by Interpol, but not by the party receiving the request at the end of the line.
IMO the problem is that France use anti-terrorists law against environmental activist. It is not the first time it happens, and I bet that it will happen again.

If I were an environmental activist, I would definitely step up my operational security.

> use anti-terrorists law against environmental activist

I have seen this commented a lot by people, that specifically anti-terrorist laws were used? But from what I have found, they used regular laws. Any chance you can point me in the right direction?

Reminder that France literally bombed and sunk a moored Greenpeace ship (killing one person) not that long ago to prevent further protests against their nuclear weapon tests.
While this is true, I wouldn't call 36 years ago "not that long ago." That is a literal lifetime ago for many users of this site.
they could still charge the bombers now, and everyday, the government more or less choses not to do it. While they still pursue the terrorists of the Red Brigades whose crime are even older.
They were actually charged and went to prison.

Kinda weird actually considering they were operating on their own government's orders.

https://en.wikipedia.org/wiki/Sinking_of_the_Rainbow_Warrior

Can you imagine, the government telling you to do something and then dragging you in front of a court after you do it :S I don't think they should have gone through with it but as they were under orders I don't think the responsibility lies with them.

By the way I really miss the way Greenpeace is no longer a grassroots environmental organisation. Protesting against nuclear testing, whaling etc the way they did was risky but effective.

Nowadays they're just another multinational corporation, just with some environmental goals. It's no wonder they're never really in the news anymore. And the need for this activism is actually much greater than ever now.

> Can you imagine, the government telling you to do something and then dragging you in front of a court after you do it :S

The French agents were arrested by New Zealand, not France, and convicted in New Zealand. France also threw their weight around to avoid having their agents jailed for the term of their sentences, AFAIK.

Beyond that, there's nothing wrong with holding responsible agents of the state who follow illegal orders (whether this was by French law, I can't speak to it). Many liberalized states, and particularly the militaries of those states, operate on the assumption that you must refuse to follow an illegal order. (Intelligence services, which caused the sinking of the Rainbow Warrior, may have different rules, but fundamentally there's supposed to be a carve-out and an escalation process for addressing orders "beyond the rules"." An example from the United States: https://warontherocks.com/2017/07/when-can-a-soldier-disobey...

Ah good point, I didn't see that. And yes, I saw they were released after only 2 years of their ten-year sentence.

I totally agree they should have refused the orders. But the people who gave the orders are more accountable in my opinion.

It is for many of us, but we're more than willing to accept that our lifetimes are not a useful yardstick for what was "long ago" ;)
Why don't you use riseup.net, they have been providing similar services specifically for activists for more than 20 years. While they are based in the US, the idea that Switzerland = privacy is bull. In the US, you are not required to keep logs. If you have them, you can be forced to turn them over, but if you don't they cannot force you to enable them.

I have been a riseup user for years. They have received foreign legal requests, and they do not simply do the task requested. They've also received US-based legal requests, and challenge them, but in the end, they do not have the data that is being requested, so ultimately they can respond saying exactly that.

(throwaway aswell)

>riseup.net

They are based in the US and only provide their services to radical leftist activists.

That combination seriously smells like FBI honeypot.

The great thing about no trust models is that even if they were comprimised it wouldnt matter
Hardly. They get your password on login, and decrypt your mail. They don't (theoretically) even need a code change, just root/kernel level access/tracing to dump the password.

Unless of course you were using PGP - but then you would be about as well off with Gmail?

I mean, they provide a great service, and the stack is open - but I would hesitate to call it "secure" (that goes for ProtonMail too BTW).

https://0xacab.org/liberate/trees

Where is the no trust model there though?

If riseup were a trap, they could do all the logging (in secret), find the activist, then do parallel construction for the actual evidence presented in court.

Why would they voluntarily act as agents of the state to do that? They would need to be compelled legally to do so, and to do that in the US would require a legal order that has not yet succeeded (remember the Apple case around the terrorist in San Bernadino?).

Before you say, "Well, it could be done in secret", please look up the Wiretap + technical assist laws and note the disclosure requirements.

Because if you don't trust them, it's plausible that some or all of the people running the infrastructure aren't actually privacy activists, but moles planted by the state, acting as agents of the state because they are employed by the state, paid by the state, and specifically tasked to pretend to be activists and build a trap.

(There may be some solid evidence making this unlikely in reality, but that ultimately relies on some form of trust.)

I've never understood decrypting with login credentials. My gpg creds are distinct. My client challenges on each mail. Can be set to save for key per session, but don't.
> They are based in the US and only provide their services to radical leftist activists.

They're pretty chill on who to provider their services to. Yes, they host radical leftist activists, but they also host pretty mainstream leftist activists. And they obviously don't care who does what, they don't check your accounts.

I'm far from being a radical leftist (or any leftist!) and I have an account.

Except they've been around for 20 years, and the people running it are part of the left activist movement. I don't think its particularly constructive to post a comment on the internet about how something "smells"
1 I know some staff at a remove of 1 degree. don't believe but can't prove the honeypot conjecture.
Why do the climate activists hiding, I can not understand?

Climate is fashionable and respected today, they would got medals maybe if not hiding?

I can openly say that I am for good climate and ecology. Greta Thunberg is also not hiding.

And about this specific activist, do you know what he is accused of? (It must be something other than activism, right? Difficult to imagine climate activism is illegal in France).

PS: I understand this topic is mostly about Proton failing the privacy expectations, but curious to know what can activist be charged with.

> For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying premises rented by Le Petit Cambodge — a restaurant that was targeted by the November 13th, 2015 terrorist attacks in Paris.

https://techcrunch.com/2021/09/06/protonmail-logged-ip-addre...

Still strange, how could they anonymously occupy the places, if they were physically present there.

In yesterday thread there were comment if I remember right that included more details. The squatters in question has already been sentenced and given suspended sentences. The request to ProtonMail was about other members of the same group that is suspected of home invasion and theft.

If that qualify as serious crime is still up to debate and it could just be a excuse to go after the organizers. I do however find the case a bit more nuanced after reading those details.

Can the Swiss Government still claim neutrality after this?
You mean by executing a warrant they somehow entered into a military bloc? Must be strange membership rules.
ha, was tounge in cheek, however, the post by PM CEO said the following on Twitter [0]: "In this particular case, the suspect unfortunately did break Swiss law, and there was simply no possibility to fight the decision made by the Swiss Federal Department of Justice."

How does squating in France break swiss law?

[0] - https://twitter.com/andyyen/status/1434665940696846340

"would the same thing be against the law if it happened here" is a somewhat common benchmark in treaties and laws about respecting and acting on foreign law enforcement requests, presumably that's what's meant. (When it comes to extraditions it's often called the "dual criminality" requirement, and can involve quite a bit of transfer to make things comparable. E.g. since Assange is charged with conspiring with Manning to steal US military data, the UK extradition ruling was considering if it would have been a crime in the UK if he had conspired with a UK service member to steal UK data)
So in other words, protonmail is only safe if you use it for tax evasion, as there the swiss authorities won't help foreign governments.
It's not a huge leap from a tax evasion charge to something the Swiss would help with. Money laundering maybe.
They've been doing data sharing for a few years already, banking secrecy is only for swiss residents now.
Disclaimer: Paying Protonmail customer

This is a weak response. "What we're changing" isn't specific. It's a "our shit doesn't stink" kind of reply.

"What we're changing" should be far more specific. Start educating users about Tor on your homepage.

Start blogging about Tor more than once in 2017. Have a score for how many users log in through Tor. Have a score for how many times your privacy policy is loaded.

Stop claiming to be the best simply because you have a Tor site with an old version of your app. That's not good enough.

I'm looking for leadership. Protonmail is clearly an "explainer" more than a leader. I'll keep my eyes peeled for whoever comes along to replace them.

The crux of the matter is very simple: do not break Swiss law when using ProtonMail.
Or protonmail doesn't protect suspected terrorists?
When the definition of "suspected" is "a foreign government claimed", no one is safe.

(I know that's not a fair representation of the facts of this case, but neither is calling the suspect a "terrorist").

TL;DR They don’t log IP addresses. But they can be compelled to by Swiss law and they cannot NOT oblige as it’s trivial for them to do at various levels in their stack without even needing to modify their software. So they advise you to use their onion address if you need to anonymity.

Don’t know why they can’t plonk a tcpip->tor->ProtonMail reverse proxy in front of their infra offering this facility to every connecting client, and transparently. After all, their services (including ProtonVPN) already support tor to some extent.

They claim to have exceptionally good Tor support, when in reality people have (rightly) been screaming at them for years now to fix their permabroken Tor signup flow.

1. It's impossible to create a paid account with cryptocurrency: You can only use it to pay for an existing account

2. It's impossible to anonymously create any account over Tor: You have to at least pass SMS / secondary email verification, and it better not be an easy to get address ("Email verification temporarily disabled for this email domain" etc.)

Lots of marketing and boxticking (.onion: check), but it looks curiously hostile to anonymity if you actually try to use it.

They are an email provider. Providing true anonymity leads to spam abuse. Spam abuse leads to blacklisting. And blacklisting leads to bankruptcy. Not sure what people expect.
Figure out how to solve it. People need to be able to create accounts through Tor.

Otherwise I'll just use Gmail it's free.

> I'll just use Gmail it's free.

So that is your alternative... Not sure what your threat model was.

My threat model is an un-educated population of people who don't value privacy or care about surveillance. I'll put up with shitty tools in the mean time but can only support those who are building a better future.

I would switch to Gmail and donate my $50/year to EFF.

How does using Gmail help to address the threat of people who don't value privacy? It seems to be joining them.
Thought I was pretty clear here. My $$ going to EFF is meant to get me more bang for my buck than using Protonmail.
Thought I was pretty clear here. My $$ going to EFF (Electronic Frontier Foundation) is meant to get me more bang for my buck than using Protonmail.
$48/year per address is an expensive way to spam.
Yes it's time Protonmail got rid of free accounts. Or disable free accounts so they can't send more than 10 emails a day.

This isn't rocket science, Protonmail. You make it look hard. I'll take my money elsewhere (open to suggestions here).

> I'll take my money elsewhere.

Feel free to report where. Something tells me it ain't that easy to find a decent alternative.

Edited to say I'm open to suggestions here. Given that Protonmail dropped the ball for $60/year, apparently that's not enough to keep them focused. I'm prepared to pay $100/year for email now.
Any service that won't comply with local authorities risks getting shut down at any moment.

That said, I do have a country perfect for this - lax law enforcement, outside EU but bordering it, no US, Chinese or Russian affiliation, either, very reliable high speed Internet and cheap electricity.

Something tells me as soon as most people see the name, they will refuse to sign up.

What about what I said suggests anything about not complying with the law? All my suggestions to Protonmail were around transparency and user education. They can host it in China if that's the case for all I care. In the modern age, every state is an adversary.
> Something tells me as soon as most people see the name, they will refuse to sign up.

Wouldn't even need to see the name to refuse to sign up. Assuming it's not Switzerland, all the other options seem bad.

> Not sure what people expect.

Transparency as the bare minimum? We are talking about a service that you expect to handle some sensitive information, you expect them to be transparent on what they do. If they block account creation over TOR because of spam issues, then that's should be said clearly on their platform.

OP is not only complaining about free account, they are also mentioning paid account, which has a 1k message per day limit. No spammer is going to pay 5 euros to send 30k message in a month, that just not worth it. So there's no reason to block paid account too.

I don't understand why spammers can't be fully stopped via built-in methods that prevent say, mass emails to more than a certain number of independent contacts upon account creation, for the first month maybe of service.

Why give up on this point? There's nothing that says true anonymity has to lead to spam. Spammers have the limit that they have to spam to , presumably make money, since they go via the 1000 tries and only needing one hit to win. They have a weakness. users and activists dont have this weakness really.

> for the first month maybe of service.

They probably have that, but spammers can wait. They have the time and money(!) to figure these limits out.

> There's nothing that says true anonymity has to lead to spam.

Lack of burdens against abuse does say that it leads to abuse.

Disclaimer: Paying Protonmail customer

Proton's first and last blog post about Tor was in 2017. [1]

The CEO today claimed to be a leader with Tor simply because they have a Tor site up.

This is 2021, not 2017. I expect better.

[1] https://protonmail.com/blog/tor-encrypted-email/

and, the onion address is for their old service. They haven't redirected it to their new updated service, or published another onion address for their new service.

Link back to thread about this in the earlier protonmail story: https://news.ycombinator.com/item?id=28429582

I imagine protonmail users would like to know exactly what types of data are provided to authorities if they are compelled to provide it.

Is it a list of access time, IP tuples? Is that it or more?

> Due to Proton’s strict privacy, we do not know the identity of our users, and at no point were we aware that the targeted users were climate activists

I don't understand what this is about. Would they had refused to comply, was that the case?

that they didn't/can't read their email because it was encrypted
Non-expert here.

What are the best alternatives to ProtonMail?

I guess it depends what you mean by best? Best at sending emails - gmail.com is good at that. Something that claims great security - you could try https://mailfence.com/
Thanks, and yes, I could have been more precise. I'll take a look at the latter.
I understand the points about having to comply with laws. But what is is unjustifiable is my view is that their marketing does not match the reality. They probably did some A/B testing and saw that keeping vague promises about not tracking users increases conversion rate. You, as an HN reader, being in the top 0.1% of the population in terms of tech-savviness, may be able to read through the nonsense and understand how little it means when they say "by default, we do not keep any IP logs". But the other 99.9% of the population won't understand it, and that's why their marketing strategy works: they are selling a level of privacy that does not exist to customers who do not know better without technically lying.

Their threat model and all threat scenarios should be front and centre on their front page and sign up page. That is if they care about user privacy not just the bottom line. They have a choice between better-informed customers or more money, and so far, they have chosen the latter.

What this and the new Apple debacle have proven to me is that privacy is not a product that can be purchased. If you want real privacy, you have spend a lot of time learning how to preserve your privacy. No matter what Apple and ProtonMail and similar companies tell you, you cannot buy privacy off-the-shelf.

I wonder if the future of a company like Protonmail is that it has to be open source. Almost like simply an API, no privacy statement, no marketing, just a smart contract. More like UniSwap.
How do you do emails on a blockchain? Is that another of those scenarios where "it will work when everybody will switch to the chain" ?
The naive way would just be to send a transaction to the recipient’s wallet address (or more practically, their ENS name) where the transaction payload is an encrypted text message.

As you point out, that requires both parties be on the blockchain. If you want to send/receive off-chain, you would probably just set up a trusted relay. e.g. send an ethereum tx to emailrelay.eth and it would forward it over the SMTP system. Send an email from a SMTP client to recipientaddr.eth@emailrelay.eth.link and it’ll do the reverse. This implementation would have the relay see all your plaintext messages. Not much different from how centralized email services like gmail operate, in practice.

There’s nothing that makes any of this technically infeasible to a knowledgeable dev today — maybe it even already exists (ethmail.cc shows there’s at least interest in it). Transaction fees kill this from a practicality point of view. Probably you want to roll this out on a layer 2 network, and those are still pretty new things.

Oh neat wasn't aware of ethmail.cc will check it out
> Transaction fees kill this from a practicality point

That depends on the amount. If it's small it could be a feature.

Submit encrypted message to sufficiently large and stable data processor (bitcoin blockchain, hackernews, reddit, ...).

Provide pointer to message via side channel to recipient.

Done.

Now, that has OTHEHR problems. So, as anything but a napkin sketch, don't take it too seriously.

Who pays the servers then?
The users. Who else?
An intelligence agency such as the CIA
Okay so whom are they paying?
In the decentralized scenario, the users are paying the underlying system as well as the particular itself. Check out Uniswap as an example. Users pay ether to run a process, and pay Uniswap a fee for the protocol.
(comment deleted)
You may not have given it much thought before, but the idea (in your head, let's say) that Protonmail keeps no logs and thus completely protects you from ip-address discovery by law enforcement would imply that one could freely solicit and exchange unencrypted child pornography with strangers with no fear of detection.

I'm not saying "think of the children", I'm saying "think of law enforcement and the judicial system"

thinking about it now in retrospect, do you think that really could have been a possibility? I don't.

As far as I can tell, that actually is possible between Protonmail users
PM addresses to PM addresses are encrypted. All it takes is a mistakenly made carbon-copy / blind-carbon-copy to a Gmail account and all that encryption goes out the window
This seems like a scapegoat argument
I don't read it that way. More like, "keep this extreme example in mind, and see if you still expect the guarantees to hold up".

If you don't, then they won't either for whatever activities you're doing, that aren't as reprehensible as CSAM, but some government may think otherwise.

It's kind of depressing reasoning maybe. But if a privacy-preserving system is actually that, then even the most technically-savvy terrorists and child abusers should have no qualms about using it as well.

on the wall at your dry cleaner is a sign, "we are not responsible if your clothing gets ruined" and there's a sign at the parking garage, "we are not responsible if your car gets damaged".

But, you have the right to expect that the dry cleaner and parking garage will take reasonable care with your belongings and will not act in ways that are negligent, the signs they put up notwithstanding.

There's no scapegoating, it's a question of what should a reasonable person expect from a transaction. Protonmail said they don't keep logs by default and that they also need to respect court orders.

Would be curious to see a diff of Proton's privacy policy over the next few weeks.
> thinking about it now in retrospect, do you think that really could have been a possibility?

The only thing I am saying is that if real privacy is not a possibility (and it may very well not be), they shouldn't pretend they are selling real privacy. I am not saying they should find a way to do the impossible and legally avoid laws. I am saying they should not pretend their service is any more private than it actually is.

Think of it this way: imagine someone starts advertising a magic potion that stops aging. People buy it, but they predictably continue to age and die. If someone starts protesting, we shouldn't say "what are you complaining about? what do you want the seller to do? break the laws of nature? that's ridiculous." We should say, "we really should stop that guy from making baseless promises about his potions".

if they are making a good faith effort to give all the real privacy you can expect, I don't think they have a particular duty to water down their marketing messages by going into distracting detail that criminals shouldn't have the same expectations. They did disclose within their terms that they don't by default keep logs, and they do need to comply with court orders.
Assuming people who really use their services are criminals is like assuming someone who cares about a car's details is an illegal street racer.

I use Protonmail to provide tools for journalists, teachers, and whistleblowers, and people who are in danger from folks who mark them "criminals".

You need to think bigger. How could Protonmail make the world a better place in this regard? Promote Tor to users through its blog? Report on Tor usage stats? Enable account creation through Tor without requiring a cell phone?

All of the above and more.

While you're probably right that this would not be allowed, I fail to understand why so many people thinktthis is normal. The postal system can't open your letters to check if there's CP in them, so it used to be that you could send CP over the mail between PO boxes and feel safe. Yet having untraceable communication over the internet is considered unthibkable for some reason.
> The postal system can't open your letters to check if there's CP in them, so it used to be that you could send CP over the mail between PO boxes and feel safe.

Wat? You better stop sending anything incriminating via the mail, they totally can and will open your letters if there's a court order.

If there's a court order. With digital data, companies are forced to scan my data in their storage to see if it's copyright infringing or CP or others.

And to be clear, I don't think people have any kind of right to create, disseminate, or even view CP. But that doesn't mean that any guarantees to data privacy should be thrown away.

> With digital data, companies are forced to scan my data in their storage to see if it's copyright infringing or CP or others.

I don't think they are. What Apple & friends are doing is voluntarily. There's no requirement for e.g. your webhoster do scan your data, or your email provider to scan your emails. Case in point: ProtonMail doesn't, and they're not violating the law by not doing so.

In this case law enforcement know who they were after, in that situation they would also have been able to intercept physical mail.
True, I was thinking more of the requirement on cloud providers to scan data proactively.
Many countries actually have laws that say you HAVE to log.
You may not have given it much thought before, but the idea (in your head, let's say) that Protonmail keeps no logs and thus completely protects you from ip-address discovery by law enforcement would imply that one could freely solicit and exchange infornation about climate activism with strangers with no fear of detection.

I'm not saying "think of the climate", I'm saying "think of law enforcement and the judicial system"

thhinking about it now in retrospect, do you think that really could have been a possibility? I don't.

You can't buy immunity from the legal and law enforcement system, full stop. That's simply an unreasonable expectation.

What you can buy is various degrees and quality of sensible defaults and behaviours that serve your general interest in privacy and security. Privacy from casual snooping or commercial tracking, security from unsophisticated attacks or even sophisticated attacks if you're wiling to also sacrifice some convenience.

These are all worth having, and your choices of product and service provider can have a significant impact on them. I know little to nothing about ProtonMail but maybe they're a better bet than many other similar services, even if they're not perfect.

Right but they could have said "we can be compelled to log IPs, you should use Tor if that's something you care about".
(comment deleted)
in TFA they claim they did in 2014 and hint that it's a reason they provide an onion site
Yes, but expecting a prospective user to read all your blog posts back to 2014 to discover a line saying you can be compelled to identify them is hardly transparent.
It’s linked from their main site Security page, and it’s in their Knowledge Base.
I can't tell if you're trying to make the above poster's point or argue against it.

A blog post from May 2014 isn't sufficient, no matter where it's linked from.

> Right but they could have said "we can be compelled to log IPs, you should use Tor if that's something you care about".

ding ding ding. pin this comment.

The do tell you this, up front, if you read.
Can you define what "up front" means to you in this example? Homepage, privacy policy, user agreement, tweets?
As posted elsewhere in another comment, https://protonmail.com/blog/protonmail-threat-model/

Not recommended

If you are attempting to leak state secrets (as was the case of Edward Snowden) or going up against a powerful state adversary, email may not be the most secure medium for communications. The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as ProtonMail can be legally compelled to log your IP address. A powerful state adversary will also be better positioned to launch one of the attacks described above against you, which may negate the privacy protection provided by ProtonMail. While we can offer more protection and security, we cannot guarantee your safety against a powerful adversary.

Buried in a blog post from May 19th, 2014 doesn't meet my definition of "up front".
https://protonmail.com/blog/protonmail-threat-model/

> The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as ProtonMail can be legally compelled to log your IP address.

The "Threat Model" blog post is linked from their main site.

Protonmail increasingly seems like one of those Tim Ferris type scams. The one where you build a nice solution and write a bunch of blog posts...

And then you just let it run for 10 years without doing any more work and it just rots away.

I fail to see why it is their duty, or in their interest, to explain the nuances of Swiss court orders and extent of their powers in their marketing material.

If its something you care about, you should not be making your choices on the basis of marketing splashes and you should certainly not need your email provider to explain Tor to you.

This seems like a logical fallacy many Linux users seem to make.

I want the benefits without being a mechanic. And I'm willing to pay money for it. Lots of money.

Protonmail cannot, cannot protect you on their own from all privacy concerns, nor can they educate you in a frontpage splash.

Proper Opsec for dissidents requires multiple layers and technologies and simply cannot rely on a single vendor. Any proper company accepting credit card payments is going to be subject to court orders and there are limits to their ability to resist them.

Protonmail has taken extraordinary measures to limit their exposure to those risks but anyone who is assuming they can e.g. be an enviro-terrorist or CCP dissident and be safe solely because they use Protonmail is terribly naive and ignorant..

Hasnt the popularity of Signal been the result of their system literally not able to record IPs?
How do you think the Signal servers send data to your app if they don’t know, at least temporarily, the IP address of your device?

Whisper Systems say they don’t record/log that. But they are no more able to defy legal demands in their jurisdiction to do so than Proton Mail were.

Oh, but on the contrary. Money buys better lawyers, more time and more research capabilities so in essence you can reliably say, at least in the good ol' USA, that money can buy immunity. The same can be said in many other countries where the corruption of buying justice is more direct.
you should read about standard intelligence operations and how underground resistance organizations have historically operated ie. French resistance in Nazi-Occupied France, etc. for a case study in covert comms.

the key you pointed to tho was regarding convenience. simple fact is that most of the usability desired in consumer email is not compatible with the practical design principles of covert communications.

(comment deleted)
By default they don’t have logging on. Does not mean they can’t turn it on if asked.

You can’t have privacy; you need to be actively participating in our society or you’re dead. As soon as you try to build it you’ll realize it’s a full time job and you won’t be able to afford to eat on what it pays.

Only 5% of people in the US still hunt. We are coupled to the modern systems we have (unless MIT is right and it falls apart soon).

You want privacy, go off grid. Those of us living on grid will be sure to leave you be and keep everything we build for ourselves.

None of us explicitly cheered on the end of privacy but we did cheer on the engineering effort that made it happen. Despite numerous voices warning us.

Ciao.

Yeah, this debacle will probably help them find a better wording of their guarantees.

They do explain the threat model quite well but the information is scattered around (e.g. https://protonmail.com/blog/protonmail-threat-model/) and this matters in an era where the attention span of people is very short.

That threat model post is really good. I have a pet saw that is: for security companies, the threat model is the product. There might be a few things I would add to that post, but really, it's a very sound approach.
"No matter what Apple and ProtoMail and similar companies tell you, you cannot buy privacy off-the-shelf."

The cost is personal time and effort, not money. The software needed is generally free of charge. The goal being not a physical product or a service, but a level of knowledge and proficiency. To put it another way, "tech-savviness" cannot be purchased, it has to be achieved.

The cultural problem we face is that the so-called "0.1%" are leveraging their "tech-savviness" against the rest of the population, working for so-called "tech" companies, websites that make money by exploiting the privacy of the "99.9%" in the service of online advertising.

If we take HN comments as true, in some cases, these employees do not even believe in the bottom line they are working to support.1 They are not adopting the behaviour of the "99.9%", i.e., the "expected" behaviour required to sustain their employer's bottom line. Not sure about you, but that would not give me much confidence they are going to work very hard to protect other users' privacy.

The term "dogfooding" is sometimes used amongst tech companies to describe the situation where employees themselves partake in what they offer to non-employees, i.e., "users".2 To persons outside the tech bubble this can be quite amusing. Does this suggest they view their relationship to users as more like "human-to-dog" than "human-to-human". There is nothing inherently wrong with someone peddling something she does not believe in, however we might consider what is/are the reason(s) for her lack of faith.

To be clear, I am not suggesting the cultural problem can be solved. I am attempting to provide further reasons that digital privacy is, like the parent suggested, generally not something you can "buy".

1 Evidence appears periodically in HN comments. For example, yesterday: "Disclaimer: I work at Google. In cloud, not on Android. I am privacy conscious so I though I would give a try at Graphene OS, it was brutal."

2 The term is alleged to have first appeared one the joelonsoftware.com website and to have originated at Microsoft.

"Dogfooding" is the tech industry variant of a much older principle. The original expression "Eating your own dogfood" goes back further having been adopted, and shortened into "dogfooding". While its easy to see it implying a second class "dogfood" that the end users have to put up with, it actually stems from the opposite, that the product is good enough they feed it to their own dogs, or in one telling, willingly eat it themselves as a human. https://en.wikipedia.org/wiki/Eating_your_own_dog_food
(comment deleted)
> No matter what Apple and ProtonMail and similar companies tell you, you cannot buy privacy off-the-shelf.

You can. It's just not that cheap, and not quite as convenient.

https://thehelm.com/

Oh neat, I haven't seen this before. Can you explain more for the rest of us? I saw it can be a personal email server - but then it started talking about storing everything for me and I lost a bit of interest as that sounds like it's trying to do everything.

edit: for those curious, discussion on HN 3 years ago https://news.ycombinator.com/item?id=18238581

> Due to Proton’s strict privacy, we do not know the identity of our users, and

That is not something I'm ready to believe.

I remember trying to sign for a protonmail account a while back.

At some point in the process, they do ask for a valid cell phone number, which, unless you go to the length of getting a burner (not easy in many European countries except maybe the UK) basically means they know exactly who you are.

When I saw this, I walked away.

> under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation.

There's complying with the law like a good little sheep, and there's acceptable civil disobedience.

In this specific instance, proton should have taken the latter approach.

Take the fine, go to court, fight the injunction tooth and nail, make sure that even if they lose, the Swiss govt. knows the kind of fight and waste of time and money they're in for each time they come knocking.

They just bent and complied like good little boys.

Now their business model is compromised, serves them right.

(comment deleted)
What does the word "activist" mean in this case? What form did the activism take, that a criminal case was opened?
That's the small story in the bigger one. In the end, Proton is failing to deliver service that claimed to not record PII therefore failing protect their users.

One could argue they only protect good users - as defined by Swiss law. Then what's the point of Proton?

Next time, a whistleblower from a Swiss bank or agency?

I understand that Proton failing the privacy expectations.

But curious about the other part of the story. The word "activist" is abused very often. I can not find the details, what exactly they are trying to dress up as "activism" is this case.

Also, "activist arrested" makes impression he was arrested for activism. But strictly speaking, the charge may be totally unrelated.