Correct me if I'm wrong, but I feel like the answer is yes. The "data requests" are minor (to some extent) i.e. IP address, recovery email if it's enabled, or payment method. All which can be...
Correct me if I'm wrong, but I feel like the answer is yes. The "data requests" are minor (to some extent) i.e. IP address, recovery email if it's enabled, or payment method. All which can be anonymized, right? The way I see it, ProtonMail provides the user many ways to protect themselves. They let you register and use their service not only through VPN but also Tor. It sounds harsh to say but given everything that's laid out, if I got caught... Perhaps it's my fault. I don't know.
Especially when you consider that it's very difficult for a business to refuse compliance with the laws from the country in which they're based I'd have to agree with you. They can't do this...
Especially when you consider that it's very difficult for a business to refuse compliance with the laws from the country in which they're based I'd have to agree with you.
They can't do this without facing long-term consequences like being shut down if they refuse to follow the law and that puts the burden of anonymizing your online presence squarely on you.
In short, the answer is yes if you are looking for a secure, encrypted email service that does not have access to the contents of your inbox. After all, ProtonMail is far better than Gmail or Yahoo when it comes to privacy.
Then you should pause for a moment, chuckle a bit, and look for a service that doesn't have email in its name. In my book, it's already a lost cause and if you actually want privacy then you...
if you are looking for a secure, encrypted email service
Then you should pause for a moment, chuckle a bit, and look for a service that doesn't have email in its name. In my book, it's already a lost cause and if you actually want privacy then you should look for an alternative system that doesn't have to support legacy providers.
Proton Mail is a private email service that uses open source, independently audited end-to-end encryption and zero-access encryption to secure your communications.
This seems to apply to most of their products. For instance, this is on their webpage about Proton Pass:
Proton Pass uses the same battle-tested end-to-end encryption as other Proton services. Proton Pass encrypts all your data, including usernames, web addresses, and all other login-related fields.
This encryption, combined with rigorous hashing and authentication, ensures your data remains inaccessible even to us.
But it's all browser-based encryption, right? That means Proton could send you (and only you) malicious JS code. Which means you would have to audit the code for every request you make before you...
But it's all browser-based encryption, right? That means Proton could send you (and only you) malicious JS code. Which means you would have to audit the code for every request you make before you let your browser execute it, which is not feasible with current browsers.
I'm not saying this is a likely scenario, but theoretically, I only trust browser-based encryption as much as I trust some random, anonymous IT guy (who may be pressured by local law enforcement or foreign actors) working for Proton or any of its service providers.
Article doesn't mention any email content being exposed. This is unlike Trump's Twitter dms being exposed, or Facebook exposing the conversation of a mother/daughter regarding abortion. I want to...
Article doesn't mention any email content being exposed. This is unlike Trump's Twitter dms being exposed, or Facebook exposing the conversation of a mother/daughter regarding abortion.
I want to give the benefit of doubt to proton on why they're keeping ip adreesses of users. Perhaps due to some security requirement?
I really wonder how many people really need the levels of security touted when these kind of things come up. Is Proton (and other privacy focussed email providers) better than gmail, yahoo,...
I really wonder how many people really need the levels of security touted when these kind of things come up.
Is Proton (and other privacy focussed email providers) better than gmail, yahoo, hotmail et al? Yes!
Is it as good as... I don't know, roll your own on a virtual machine or server somewhere? Probably not.
The old analogy about how determined the thief (or law enforcement/the gubberment) is comes to mind.
If you're renting a server, or rack space, or using your own internet connection to host anything, and the interloper's objective is just to identify who is exchanging data, you're pretty much...
Is it as good as... I don't know, roll your own on a virtual machine or server somewhere? Probably not.
If you're renting a server, or rack space, or using your own internet connection to host anything, and the interloper's objective is just to identify who is exchanging data, you're pretty much screwed. You'd have to run your self-managed environment on someone else's device in order to make it more private than Proton & co. If both solutions are properly encrypting their data and communications channels, Proton or another similar service you consider trustworthy are arguably the best choice.
I suppose you might be talking about how proton can serve you a malicious alternative client against your knowledge that tricks you into unwittingly compromising the security of your data. That's true, but I don't think that's part of the typical swiss law enforcement data request process. In order to make this happen, a company has to deliberately and proactively attack you, whereas it seems much simpler and more routine to passively obtain information about you from a datacenter owner or ISP.
Find an alternative that has the same suite of features as Proton. You probably won't, because it means sacrificing convenience for more privacy. Putting your data behind the jurisdiction of a...
Find an alternative that has the same suite of features as Proton. You probably won't, because it means sacrificing convenience for more privacy.
Putting your data behind the jurisdiction of a neutral country is still a pretty smart idea if you're ok not playing sysadmin yourself.
Correct me if I'm wrong, but I feel like the answer is yes. The "data requests" are minor (to some extent) i.e. IP address, recovery email if it's enabled, or payment method. All which can be anonymized, right? The way I see it, ProtonMail provides the user many ways to protect themselves. They let you register and use their service not only through VPN but also Tor. It sounds harsh to say but given everything that's laid out, if I got caught... Perhaps it's my fault. I don't know.
Especially when you consider that it's very difficult for a business to refuse compliance with the laws from the country in which they're based I'd have to agree with you.
They can't do this without facing long-term consequences like being shut down if they refuse to follow the law and that puts the burden of anonymizing your online presence squarely on you.
Answer near bottom of the article:
Then you should pause for a moment, chuckle a bit, and look for a service that doesn't have email in its name. In my book, it's already a lost cause and if you actually want privacy then you should look for an alternative system that doesn't have to support legacy providers.
So what alternative would you suggest?
They have to comply regardless, not doing it would get their servers raided and get them in so much legal trouble.
Question should be if they or the user have the keys to the encrypted mailbox?Edit see u/nul comment
Yup. From their website:
This seems to apply to most of their products. For instance, this is on their webpage about Proton Pass:
But it's all browser-based encryption, right? That means Proton could send you (and only you) malicious JS code. Which means you would have to audit the code for every request you make before you let your browser execute it, which is not feasible with current browsers.
I'm not saying this is a likely scenario, but theoretically, I only trust browser-based encryption as much as I trust some random, anonymous IT guy (who may be pressured by local law enforcement or foreign actors) working for Proton or any of its service providers.
I’m not sure. You’d have to check their website and see for yourself. I never looked into it
Article doesn't mention any email content being exposed. This is unlike Trump's Twitter dms being exposed, or Facebook exposing the conversation of a mother/daughter regarding abortion.
I want to give the benefit of doubt to proton on why they're keeping ip adreesses of users. Perhaps due to some security requirement?
I really wonder how many people really need the levels of security touted when these kind of things come up.
Is Proton (and other privacy focussed email providers) better than gmail, yahoo, hotmail et al? Yes!
Is it as good as... I don't know, roll your own on a virtual machine or server somewhere? Probably not.
The old analogy about how determined the thief (or law enforcement/the gubberment) is comes to mind.
If you're renting a server, or rack space, or using your own internet connection to host anything, and the interloper's objective is just to identify who is exchanging data, you're pretty much screwed. You'd have to run your self-managed environment on someone else's device in order to make it more private than Proton & co. If both solutions are properly encrypting their data and communications channels, Proton or another similar service you consider trustworthy are arguably the best choice.
I suppose you might be talking about how proton can serve you a malicious alternative client against your knowledge that tricks you into unwittingly compromising the security of your data. That's true, but I don't think that's part of the typical swiss law enforcement data request process. In order to make this happen, a company has to deliberately and proactively attack you, whereas it seems much simpler and more routine to passively obtain information about you from a datacenter owner or ISP.
Find an alternative that has the same suite of features as Proton. You probably won't, because it means sacrificing convenience for more privacy.
Putting your data behind the jurisdiction of a neutral country is still a pretty smart idea if you're ok not playing sysadmin yourself.