Proton Mail may log IPs if Court Ordered

Jarod888

2[H]4U
Joined
Dec 19, 2005
Messages
2,935
Proton Logs IPS

Written by Jeff Stone
Sep 7, 2021 | CYBERSCOOP
ProtonMail, the encrypted email service that’s built a reputation for safeguarding user data, said it had no choice but to provide details about an activist to French authorities, amid mounting questions about the privacy protections in the popular mail client.

Swiss-based ProtonMail is an end-to-end encrypted service that markets itself as a tool that encrypts messages and other user data before the company accesses it. It’s a technique that, for more than 50 million users, aims to provide additional layers of protection than are available with more common email options, such as Gmail.

A French police report published on Sept. 2 appears to show that police used ProtonMail to collect the IP address, a specific number that pertains to an individual computer, of an unnamed French activist who was demonstrating against real estate gentrification in Paris. The case appears to undercut ProtonMail’s assurance that it does not log the IP addresses of unique users.

While the exact circumstances of the case remain murky, ProtonMail founder and CEO Andy Yen said in a series of tweets that the email firm was the subject of a legal order from a Swiss court. ProtonMail does not collect user IP addresses by default, Yen said, but “only if Proton gets a legal order for a specific account,” the company wrote in a Sept. 6 statement.

French police obtained a Swiss court order by transmitting their request through Europol, at which point ProtonMail began logging details on the IP address in question, according to TechCrunch. Authorities reportedly arrested the activist after obtaining more details about the IP address.

“We are also deeply concerned about this case and deplore that the legal tools for serious crimes are being used in this way,” the company said.

“There was no possibility to appeal this particular request,” the statement went on.

The French request did not call on ProtonMail to provide any email message data, which is encrypted in a way that the company maintains it would be unable to provide.

ProtonMail received more than 3,500 orders from Swiss courts in 2020, up from 17 in 2017, according to its transparency report.

-In this Story-
 
If it was court ordered, and such orders are legal in the country they operate in, then there's not much they could have done aside from moving their HQ and/or servers.

Something else to keep in mind when choosing your "privacy oriented" company: even if they truly are putting in their best effort towards privacy, and doing a good job, if the jurisdiction they operate in allows courts to force them to do what they want, your data is only safe as long as they aren't interested in it.
 
Any secure service that keeps no logs isn't a secure service, how can they guarantee something they arent monitoring? But any business must follow the laws of the country they operate in and they will comply with all legal requirements made of them, they might make them file a crapload of paperwork but in the end, they will comply.
 
If it was court ordered, and such orders are legal in the country they operate in, then there's not much they could have done aside from moving their HQ and/or servers.
While that is true, if they were serious about being as private as they claimed, they would not have logged IP addresses, this way there would have been nothing for them to disclose in response to the court order.
 
I think they are Swiss based to optimise that aspect has much has they can. Europol when transnational on this one, to make Swiss police involed.
 
While that is true, if they were serious about being as private as they claimed, they would not have logged IP addresses, this way there would have been nothing for them to disclose in response to the court order.
They way I read it, they do not log IP addresses by default. They did in this case because of a court order.
 
While that is true, if they were serious about being as private as they claimed, they would not have logged IP addresses, this way there would have been nothing for them to disclose in response to the court order.
They do not log or store apparently (at least that the claim), they can be forced to do so and they start doing so once forced if I understand this:
https://protonmail.com/blog/transparency-report/
ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.

  • In April 2019, upon the order of the Swiss judiciary in a case of clear criminal conduct, we enabled IP logging against a specific user account which is engaged in illegal activities which contravene Swiss law. Pursuant to Swiss law, the user in question will also be notified and afforded the opportunity to defend against this in court before the data can be used in criminal proceedings.
 
While that is true, if they were serious about being as private as they claimed, they would not have logged IP addresses, this way there would have been nothing for them to disclose in response to the court order.
I get the impression that the order was to begin logging, not to provide past logs which as you say, they wouldn't have been able to in the first place.
 
They do not log or store apparently (at least that the claim), they can be forced to do so and they start doing so once forced if I understand this:
https://protonmail.com/blog/transparency-report/
ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.

  • In April 2019, upon the order of the Swiss judiciary in a case of clear criminal conduct, we enabled IP logging against a specific user account which is engaged in illegal activities which contravene Swiss law. Pursuant to Swiss law, the user in question will also be notified and afforded the opportunity to defend against this in court before the data can be used in criminal proceedings.
I get the impression that the order was to begin logging, not to provide past logs which as you say, they wouldn't have been able to in the first place.


Understood. With a little creativity I think there are ways to design the system to make that impossible, so that you can honestly reply with "we can't do that without it becoming an undue burden and potentially shutting down our business"
 
I should clarify though...

I am a huge privacy enthusiast, but I don't have a problem with information being divulged in response to a legal court order.

Getting a warrant for these types of things is the standard we should be expecting in order to avoid abuse.

The problem is, now that we know they have the ability to enable logging for this purpose, we know that they have the ability to do so for other purposes, and it really removes the trust that they won't.

They could be lying to us and profiting off of supposedly private data (less likely being European under GDPR, but still possible) And what if a third party comes in and buys them and changes their policy on privacy, such as we have seen time and time again in other areas, like with PIA (Private Internet Access), Waterfox, and even Audacity?
 
I should clarify though...

I am a huge privacy enthusiast, but I don't have a problem with information being divulged in response to a legal court order.

Getting a warrant for these types of things is the standard we should be expecting in order to avoid abuse.

The problem is, now that we know they have the ability to enable logging for this purpose, we know that they have the ability to do so for other purposes, and it really removes the trust that they won't.

They could be lying to us and profiting off of supposedly private data (less likely being European under GDPR, but still possible) And what if a third party comes in and buys them and changes their policy on privacy, such as we have seen time and time again in other areas, like with PIA (Private Internet Access), Waterfox, and even Audacity?
Just curious, what changed with PIA? I am curious about what vpn service I should go with.
 
Understood. With a little creativity I think there are ways to design the system to make that impossible, so that you can honestly reply with "we can't do that without it becoming an undue burden and potentially shutting down our business"
Apparently you can pay for that:
Proton does also offer a VPN service of its own — and Yen has claimed that Swiss law does not allow it to log its VPN users’ IP addresses. So it’s interesting to speculate whether the activists might have been able to evade the IP logging if they had been using both Proton’s end-to-end encrypted email and its VPN service…

“If they were using Tor or ProtonVPN, we would have been able to provide an IP, but it would be the IP of the VPN server, or the IP of the Tor exit node,” Yen told TechCrunch when we asked about this.


The activists just did not pay for that option it seem.
 
Just curious, what changed with PIA? I am curious about what vpn service I should go with.

They were bought by Kape Technologies, the same company that owns the very controversial Cyberghost. There is a whole host of privacy controversies when it comes to Kape, most of which they seem to have successfully SEO'd off the first page of most search engines.

Long story short, they are a very shady company with ties to both data based advertising and the intelligence services of a few countries.

This article discusses many (but not all) of the concerns.

As far as which VPN services are still good?

People still seem to speak positively about NordVPN.

I use Mullvad which has been very good to me as well.
 
While that is true, if they were serious about being as private as they claimed, they would not have logged IP addresses, this way there would have been nothing for them to disclose in response to the court order.
But if they aren't logging how can they be sure their service is secure or private?
 
Apparently you can pay for that:
Proton does also offer a VPN service of its own — and Yen has claimed that Swiss law does not allow it to log its VPN users’ IP addresses. So it’s interesting to speculate whether the activists might have been able to evade the IP logging if they had been using both Proton’s end-to-end encrypted email and its VPN service…

“If they were using Tor or ProtonVPN, we would have been able to provide an IP, but it would be the IP of the VPN server, or the IP of the Tor exit node,” Yen told TechCrunch when we asked about this.


The activists just did not pay for that option it seem.
Aren't most of TOR's exit nodes still compromised or did they finally get control of those back?
 
They way I read it, they do not log IP addresses by default. They did in this case because of a court order.
Thats how a CEO wants you to read it, because there's no oversight and no way to know otherwise. He's spinning the situation into the least worst light for his business.

Anything that markets itself as for "privacy" is going to be suspect by default. Of fucking course they have logs and backups of everything. Why, because they're not going to sacrifice their entire business just to protect someone bad actor using their service. Once there was a financial interest to a "privacy service" they will always elect to protect that before going down on some mickey mouse idealism.

The only thing close to a true private system would be some anonymous and distributed system with no finances or businesses involved (Tor comes to mind), but even then, governments, law enforcement and scummy for-profit Israeli companies selling encryption-breaking tech will find weak spots.
 
Last edited:
Of course they do. There is no such thing as secure digital communication when it comes to government agencies. The easiest way to catch people committing internet-related crimes is to promote something like "secure e-mail" or a "secure web browser" and then catch all the fish with one net.
 
So the moral of the story is to use only pen and paper, or verbal communication, to discuss all of your dastardly deeds. That should put you at a 50/50 chance of having a private conversation.
 
Of course they do. There is no such thing as secure digital communication when it comes to government agencies. The easiest way to catch people committing internet-related crimes is to promote something like "secure e-mail" or a "secure web browser" and then catch all the fish with one net.
Wish that was true. There is a wanted killer out there who uses Proton. Police know he is using it yet nothing nearly a year later.

I am sure it can be the easiest way if they are actively looking and have a lead on something, but I don't think its just cut and dry.

https://www.fox5vegas.com/news/crim...cle_f72ace6a-2a97-11eb-8b78-afb81dc445b3.html
 
I just changed everything over to Proton like two months ago. I'm not switching again. XD
 
Criminals aren't exactly very bright, which is why they are criminals. They even say on their website you have zero protection if you get involved with things that require a court order. Having said that, even with a court order, Tutamail claims to not be able to hand anything over, but who knows? These encrypted e-mail services are mostly for not having your e-mails data-mined, but they aren't going to protect you if you are being an idiot.
 
If it was court ordered, and such orders are legal in the country they operate in, then there's not much they could have done aside from moving their HQ and/or servers.
What does the law say about notifying the customer that they're legally obligated to begin logging their activity?
 
Fact is, no one is going to jail for you. These services need to operate by the law of their jurisdiction. If they get a legit warrant, they have to comply (or face shutdown or severe legal penalty).

I don't see this as a major issue. AFAICT, they were not logging the whole time for all users, and had no past history to divulge, but they can be forced to enable logging for a specific user given that a warrant is in place, which is fair.
 
Fact is, no one is going to jail for you. These services need to operate by the law of their jurisdiction. If they get a legit warrant, they have to comply (or face shutdown or severe legal penalty).

I don't see this as a major issue. AFAICT, they were not logging the whole time for all users, and had no past history to divulge, but they can be forced to enable logging for a specific user given that a warrant is in place, which is fair.

Not really. Because it’s not advertised in that way. It’s advertised as no IP logging. Which is mostly true. But it’s also blatantly false under these circumstances.

For the majority of us it won’t matter one iota. But it does question the credibility of the company by its own claims.

I wouldn’t stop using them over this, but it also leaves a bad taste that what you pay for is only mostly right. Granted I agree they have to follow the laws. But I think their advertising is suspect.
 
I thought there was a mail service a few years ago that was privacy focused and they chose to shutdown because they would not comply with a court order.
 
I thought there was a mail service a few years ago that was privacy focused and they chose to shutdown because they would not comply with a court order.
Yes, it was Lavabit.

https://www.wired.com/2013/08/lavabit-snowden/

That is an option I guess in these cases, to just shutter the company completely, but it's pretty extreme and also not fair to the vast majority of users who probably aren't doing anything and have no warrant out for them.
 
But the questions remain - what's the difference between using a mail provider that logs your IP's vs one that only does when court ordered? The same information is given up. I'm not aware of mail providers handing over logged IP information without a warrant. You are really just "protecting" yourself from the ISP which you ultimately do not know if you can trust, anyways.
 
But the questions remain - what's the difference between using a mail provider that logs your IP's vs one that only does when court ordered?
I mean, I guess not much. At least the history would not be there, also they only got metadata (not the contents of the email). But yes, still not great.
 
They way I read it, they do not log IP addresses by default. They did in this case because of a court order.
Toe-may-toe, toe-mah-toe. Reduces the point of using them if they are going to freely hand your IP/identity to the government anyway. Sure you can use a VPN or TOR, but all it takes is one time where you don't.

People still seem to speak positively about NordVPN.
Nord used to be pretty good. Except now they force you to login through their website, which means your ISP knows you are using them. Also, the change looks sketchy. Surfshark has been moving up the charts fast, apparently, but they haven't been audited.

Alternate email providers attached. As of 2018, there weren't really any good alternatives that were outside of US/European domains. Unfortunately, That One Privacy Site is no longer. ProPrivacy is an alternative.
 

Attachments

  • That One Privacy Guy's Email Comparison Chart_Edit.zip
    63.7 KB · Views: 0
Last edited:
Toe-may-toe, toe-mah-toe. Reduces the point of using them if they are going to freely hand that info over to the government anyway. Sure you can use a VPN or TOR, but all it takes is one time where you don't.


Nord pretty good. Except now they force you to login through their website, which means your ISP can potentially know you are using them. Surfshark has been moving up the charts fast, apparently.

Alternate email providers attached. Unfortunately, That One Privacy Site is no longer. ProPrivacy is an alternative.
Nord and Most VPN’s traffic is identifiable at a traffic level. On my Palo Alto’s I can choose to say allow Nord but block ToR based completely by their packet identifiers. For security reasons we run full SSL decrypt but we still block both incoming connections from known VPN’s any unidentifiable SSL traffic.
It’s not at all difficult on a hardware level to defeat most VPN providers. Had to report two employees for their usage for what they were attempting to do over yet another one of those pop up Amazon backended VPN providers.

Edit:
For those who may be confused by this
The new VPN provider wasn’t yet on my block list but because they were back ended by Amazon it was a known SSL traffic pattern. So it allowed it, decrypted it, and monitored it, then flagged the bajesus out of the traffic.
 
Well current centralized databases owned by 3rd parties (corporations/businesses/governments) are themselves putting a nail into their own service. So in a way this is good news, if a government and others can access as well as bad governments will be able to access centralized databases and the list can get worst who has access to the controlling 3rd party. Decentralized, unowned and not controlled by anybody database structures can become very valuable for sensitive private information/data and no government or 3rd party could get access since it will have no boundaries or clear owner. Your data could be anywhere in the world or many different parts of the world, even possible to be off world as in satellites. That only you have access to it. In other words a totally different shift so to speak dealing with cloud services from today. Just like fiat, printing presses in the world are going brrrrr, other means of more secure and reliable ways for transacting value is taking hold.

https://www.lynxpro.com/blog/data-storage-cloud-vs-blockchain/
https://www.forbes.com/sites/yoavvi...terprise-blockchain-adoption/?sh=89d61be2c759
 
Nord and Most VPN’s traffic is identifiable at a traffic level. On my Palo Alto’s I can choose to say allow Nord but block ToR based completely by their packet identifiers. For security reasons we run full SSL decrypt but we still block both incoming connections from known VPN’s any unidentifiable SSL traffic.
It’s not at all difficult on a hardware level to defeat most VPN providers. Had to report two employees for their usage for what they were attempting to do over yet another one of those pop up Amazon backended VPN providers.

Edit:
For those who may be confused by this
The new VPN provider wasn’t yet on my block list but because they were back ended by Amazon it was a known SSL traffic pattern. So it allowed it, decrypted it, and monitored it, then flagged the bajesus out of the traffic.
I'm not following fully, you're saying if I used one of those vpns you could decrypt it all and see exactly what the traffic is? Damn, did not know that was possible!
 
I'm not following fully, you're saying if I used one of those vpns you could decrypt it all and see exactly what the traffic is? Damn, did not know that was possible!
Yeah it fakes the security certificates and man in the middles the whole thing.
It’s a very common tool on corporate networks otherwise you couldn’t secure them. All sorts of viruses and keyloggers encrypt their network traffic to avoid detection and any bad actors who could be leaking sensitive data would just need to connect to a secure site and you couldn’t monitor any of their uploads or any number of other scenarios.
Short description from the Palo Alto site on the subject: https://docs.paloaltonetworks.com/p...w.html#idd71f8b4d-cd40-4c6c-905f-2f8c7fca6537

"Palo Alto Networks firewall decryption is policy-based, and can decrypt, inspect, and control inbound and outbound SSL and SSH connections. A Decryption policy enables you to specify traffic to decrypt by destination, source, service, or URL category, and to block, restrict, or forward the specified traffic according to the security settings in the associated Decryption profile. A Decryption profile controls SSL protocols, certificate verification, and failure checks to prevent traffic that uses weak algorithms or unsupported modes from accessing the network. The firewall uses certificates and keys to decrypt traffic to plaintext, and then enforces App-ID and security settings on the plaintext traffic, including Decryption, Antivirus, Vulnerability, Anti-Spyware, URL Filtering, WildFire, and File-Blocking profiles. After decrypting and inspecting traffic, the firewall re-encrypts the plaintext traffic as it exits the firewall to ensure privacy and security."
 
Last edited:
Ah, that's DPI right? Cisco has a flavor of that, forget what it's called. Crazy.
 
In the end this just makes real privacy networks and cloud services much more valuable than the current ruse.
 
In the end this just makes real privacy networks and cloud services much more valuable than the current ruse.
much more valuable to who? The more secrets the more people want in, there is no system that can not be bypassed by somebody determined enough. And who controls this network who supports it who can join it, who instead are you trusting with your security?
 
much more valuable to who? The more secrets the more people want in, there is no system that can not be bypassed by somebody determined enough. And who controls this network who supports it who can join it, who instead are you trusting with your security?
If you encrypt your own data and then put it on a Cloud server (Centralized) does not matter who looks at it. Now if your system is not secure or you don't have a layered approach as in an offline system that creates the data and encrypt as an example which is then transferred through a connected system, meaning you can have a system that cannot be bypassed easily. Off course if your system is robbed, taken by someone, compromised etc. -> bypassed.

A decentralized database is not controlled by anyone nor can anyone control it. That is what makes Crypto ( the good coins so to speak) unique. Talking about blockchain technology. You can have a totally decentralized database where no one really knows where any of the data is or what is on it other then the owner(s).

https://coinmarketcap.com/alexandria/glossary/decentralized-database
 
Back
Top