It is something to always take into consideration and not forget.

  • Syn_Attck@lemmy.today
    link
    fedilink
    arrow-up
    6
    arrow-down
    2
    ·
    edit-2
    8 months ago

    See the last points in the article: run by activists, and would rather shut down than cooperate with law enforcement.

    I don’t know if proton is run by activists, but I do know they’ve cooperated with law enforcement by inserting code to log user requests when coming from a specific user. Plenty of articles about the court case, and it’s also why they did away with their no-log policy.

    Also, are their logins token based or username based and connected to the protonmail account?

      • Syn_Attck@lemmy.today
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        8 months ago

        Sure here’s the correction, and why I’d never trust them with anything sensitive.

        They had a no-log policy, and all mail is PGP encrypted on their servers and proton to proton is encrypted in transit and at rest (it doesn’t travel), decrypted only client-side in the browser or with proton bridge, with your account password acting as the PGP key password.

        They could have designed the system so they couldn’t be forced to add that backdoor, or at least automatically notified all users when an unauthorized change was detected, or they could have shutdown, or they could have revoked their warrant canary, but instead they were caught when the court case came to light and they were caught with their pants down, and revoked their no-log policy. https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/

        This weekend, news broke that security/privacy-focused anonymous email service ProtonMail turned over a French climate activist’s IP address and browser fingerprint to Swiss authorities. This move seemingly ran counter to the well-known service’s policies, which as recently as last week stated that “by default, we do not keep any IP logs which can be linked to your anonymous email account.”

        That’s why I asked if the proton VPN is token-based and completely disconnected from the proton email account, or if they’re the same login. If the latter, it’s trivial to request the IP address of email account xxx@proton.me