Is Protonmail logging my email content?
evidences:
1. https://s3.laisky.com/uploads/2021/12/proton-1.jpg
2. https://s3.laisky.com/uploads/2021/12/proton-2.jpg
3. https://s3.laisky.com/uploads/2021/12/proton-3.jpg
1. https://s3.laisky.com/uploads/2021/12/proton-1.jpg
2. https://s3.laisky.com/uploads/2021/12/proton-2.jpg
3. https://s3.laisky.com/uploads/2021/12/proton-3.jpg
52 comments
[ 3.3 ms ] story [ 120 ms ] threadUnrelated: what's the name of the tool you use to "listen" to DNS calls?
Just found that out myself. It's http://dnslog.cn/ .
https://techcrunch.com/2021/09/06/protonmail-logged-ip-addre...
https://protonmail.com/blog/transparency-report/
——
In case you trust Swiss companies blindly:
https://en.wikipedia.org/wiki/Crypto_AG
https://www.thebureauinvestigates.com/stories/2021-12-06/swi...
In case you trust any company blindly: any company that wants to keep playing the money game will follow the laws forced upon them by the government they are beholden to.
did you see that somewhere?
Seasteaders: "My Libertarian non-aggression principle trumps your cruise missiles!"
Navy: "No."
One is technical: e2ee, implementation transparency, and similar.
The other is social: have fewer institutions.
I have never understood people who think the latter is a good approach. Like, "I don't trust these people who use their real names and are registered in a jurisdiction that has strong privacy obligations, so I'm gonna trust some randos on an abandoned oil rig instead."
The problem capitalist consumers have is conflating product marketing features and corporate objective statements with their own prerogatives.
No corporation will ever at the users behest break a law that could impact a quarterly earnings statement.
If you need more security its time to succor the haggard burro we call PGP, and enchant it with holy Bernstein's ED25519. It is hard so you will not like it. Because it is hard HN will lambasted it, turn away from its glory and call it false, but verily it is the way. because it is hard it cannot be broken easily, even by state actors, even by the gods of the market itself.
It's rare to see it, but there's a third option: shut it all down. Lavabit did this.
https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_ord...
I'm not sure what PGP or ED25519 would do for those? The emails themselves are already encrypted.
I'm not sure if I entirely understand the point you're making, but this sentence confuses me: Isn't this explicitly not the fault of capitalism, but instead government interference?
You may not feel you owe your target better, but you owe this community much better if you're participating in it. The damage this sort of poison causes to the ecosystem greatly exceeds any benefits it may have.
Source IP I got in my test: 185.70.43.80
```
# whois.ripe.net
inetnum: 185.70.40.0 - 185.70.43.255
netname: CH-PROTONMAIL-20140915
mnt-by: protonmail-mnt
org-name: Proton AG
```
From privacy policy https://protonmail.com/privacy-policy
> We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to ProtonMail are scanned for Spam and Viruses to pursue the legitimate interest of the protection of our users.
very disappointing.
Unrelated: I've been getting quite frustrated with some of the functionality and limitations of PM especially for the price I pay (I have 2 catch-all domains, 1 user for each, which requires 2 times pro accounts), so recently I've been trying to migrate away to mailbox.org. Mailbox allows for automatic PGP encryption when the emails come in which is great. However, there is no way to move all my PM emails onto my mailbox.org account while keeping the encryption (not via the original key set up in Protonmail, nor via new key set up in mailbox.org). Has anyone ever run into such a scenario, and what can be done in this scenario?
Only encrypted e-mails are somewhat safe. So I just don't understand who's upvoting this. It's a silly post.
Protonmail doesn't have to "log" messages; they have them already. If I were Protonmail and I had to comply with lawful intercept requirements, I'd just:
a) make sure that message content isn't deleted from the mailbox when the user thinks it is
b) make sure I retain access to server-managed PGP keys (by logging key material and user-supplied passphrases)
But I sure as hell would not call some Java logger.trace() on every goddamn email! That's totally nonscalable and just silly.
https://careers.protonmail.com/o/devops-engineer-remote-euro...
Did you run an experiment? How was it run?
Is this between protonmail addresses?
Similar words often wrongly used in plural: - advices - feedbacks - codes (when referring to source code) - moneys - datas - syntaxes
https://dictionary.cambridge.org/dictionary/english/moneys
I didn't say a plural form doesn't necessarily exist. I said they're words that are often used wrongly in the plural.
Moneys is used specifically when it denotes different sources of income. Similar to fruits meaning a variety of different kinds of fruit, but the ordinary plural of fruit is fruit, and fishes denoting a variety of different kinds of fish, but the ordinary plural of fish is fish. "How much moneys does this cost "is obviously as wrong as "how much fruits / fishes did you buy".
Same with codes, you can talk about "nuclear codes" but not "morse codes" or "source codes".