It’s also worth clarifying that ProtonMail doesn’t collect IP addresses by default. Instead, the monitoring/ logging starts after ProtonMail gets a legal request.
They still have to adhere to legal requests.
this post was submitted on 03 Nov 2025
429 points (94.0% liked)
Technology
76569 readers
2589 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
they should inform the victim about it
Under Swiss law, ProtonMail should notify the user if a third party makes a request for their private data and if the data is for a criminal proceeding. However, there’s a big catch/ loophole here. On its law enforcement page, ProtonMail highlights that the notification can be delayed in the following cases:
Where providing notice is temporarily prohibited by the Swiss legal process itself, by Swiss court order, or applicable Swiss law;
Where, based on information supplied by law enforcement, we, in our absolute discretion, believe that providing notice could create a risk of injury, death, or irreparable damage to an identifiable individual or group of individuals;
As a general rule though, targeted users will eventually be informed and afforded the opportunity to object to the data request, either by ProtonMail or by Swiss authorities.
This incident seems to fall under the first case, and that’s why ProtonMail didn’t notify the user. “Some orders are final and cannot be appealed, that’s just how the legal system works, not everything can be appealed. The user wasn’t notified for the same reason that you don’t notify a suspect before arresting them,” says ProtonMail founder Andy Yen.
Proooobably part of the request that they are not allowed to do that.
Yes, exactly.
Privacy is and should be a right, absolutely if you've done nothing wrong.
But it doesn't absolve anyone from the right to shroud from any crime committed, period.
if you’ve done nothing wrong
Through who's lens?
When a person is raped and seeking an abortion from Texas, do they deserve to be stripped of privacy? What about countries that see being gay a crime?
I don't particularly care about proton outing people, but they should absolutely be restricted from advertising that they're more private or secure than any other provider out there.
load more comments
(8 replies)
should be a right, absolutely if you've done nothing wrong.
The loss of privacy happens before the determination whether that person has done anything wrong. If the person's criminal case goes well, do you have a time machine to go back and not invade privacy?
load more comments
(9 replies)
The police gained access to the IP address because Swiss authorities chose to cooperate with the French government
We've seen this several times now. Proton is subject to Swiss law, just like every company in their respective countries. You choose Proton because Switzerland has the most privacy protections of any country on the planet (for now).
If you want private communications, don't use email. In fact, if we could all stop using email entirely, that'd be wonderful. There are hundreds of truly-private alternatives, many with no company involved at all.
There are hundreds of truly-private alternatives, many with no company involved at all.
Such as...? I bet some ISPs or hardware maker companies are involved at some point.
Cwtch. XMPP. Matrix. SimpleX. Quiet. Delta Chat. Arcane Chat. Revolt. Briar. Meshtastic. etc. etc. etc.
load more comments
(27 replies)
This is absolute nonsense. I would prefer most of Europe over Switzerland. The swiss government was always bad with privacy. See Fichenaffäre for example. Not to mention the new büpf and similar laws. I'm swiss. I would never store sensitive data in Switzerland on a public server. Well. Except taxdata, I guess. Can't really get around that.
Apart from it's an old story, discussed already back and forth, Proton's claims regarding privacy are really weak. Especially when it comes to presenting Switzerlamd as a privacy safehaven. Switzerland is a tax evasion savehaven, not a privacy safehaven, Proton. How Proton puts it: we provide world class privacy (but have to break our claims and comply with Swiss law immediately once there is a legitimate or not request from law enforcement, oepsie sorreyy!)
Why is this a surprise? IP Logging is pretty normal for any service.
2.5 IP logging: by default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our Terms of Service (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.
Source: Their privacy policy.
That’s some funny language around “May be obtained permanently” though. Is this minority report? Do they know ahead of time that someone is going to violate their TOS?
That said, I’m not totally against proton mail. It’s a lot better than other free alternatives. Of which there are few left. I’m sure Gmail tracks the IP of your rectum.
This seems necessary if they're to maintain an IP ban list. You shouldn't just be able to unban yourself by submitting an information deletion request.
This is stupid though. IP addresses in many homes rotate, so IP ban lists are utterly ineffective and could very well ban the wrong people.
load more comments
(1 replies)
I would rather they have funny language in their privacy policy opposed to mandatory logging, they have to cover themselves legally as well so they got to utilize legal-ise so they aren’t sued into the dirt.
I’m sure Gmail tracks the IP of your rectum.
I bet Google predicted you would say that!
The lesson here is despite what a service says, don't trust it and take the appropriate measures to cover your tracks.
You can create an access the inbox through Tor at protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion
The important thing is to always access it through Tor.
Also pay attention to what the service says and what it doesn’t. We get into this spot regularly because of things people assumed about Protonmail without being told.
A big problem is people see the word "privacy" and think that means anonymous. Neither Tuta nor Proton claim to be anonymous.
Yeah it’s getting really annoying at this point.
load more comments
(2 replies)
Proton needs to get its head out of its ass and fire Andy already, grow a pair and get off Reddit and back onto Mastodon and face the backlash like actual adults.
Okay so I do remember this issue being brought up a long time ago so it's not exactly news and the author has a poor time lapse of events.
ProtonMail is not like a safe haven for any criminal operation, that would make Proton incredibly liable. Just like Telegram became with what's been happening with trafficking and children-related incidents.
Secondly, an IP address is like stupidly easy to get anyways on someone unless VPN.
There is just so many things wrong that people are not taking into account but I guess let others go on self-virtuous parades to demonize Proton. If you understand laws, this is not a problem. If you understand tech, you'd realize the same. If you understand both, then hooray! You get it.
load more comments
(4 replies)
Proton are very open about what they do and don't provide.
They're not going to protect you and they will turn on you the second they get a letter in the mail or a text from the cops.
But what they DO provide is the ability to register an email address (with a domain that isn't blocked by most services) without providing any other information. And, from there, you can encrypt it yourself if it is a particularly sensitive message.
As for IP logging? if only there were tools like VPNs and Tor to negate that.
load more comments
(5 replies)
So Protonmail was required to log the IP of the user after being ordered to via the proper international Swiss legal channeks, per Swiss/Europol law. And at some point recently, Protonmail thus removed the copy from their frontpage that advertised never tracking IPs.
What the article doesn't really explain, is what exactly changed about Swiss or euro law? And when? What rules or acts have sprung up that made this possible? Or, was this always something that was possible that has only just now made precedent?
It's important to hold accountable the named individuals who are harming individual security, safety, and trust in this manner so that they can be prevented from continuing to do so.
Then what makes a privacy oriented service different from others when they can open a backdoor for government? The thing is government wants control and they will change laws for exactly that. What Proton should have done was to eliminate the chance of this happening in the first place. Why are they having a logging mechanism? Why don't they use RAM only servers or something like that? Privacy services should have the infrastructure and legal power to say "No", or they are lying.
You need to read the article. It explicitly and IMO satisfactorily answers your excellent questions.
proton is arm in arm with the us government and republicans, so it should be expected that they'll track and sell you out.
Oh ffs. We have known for years that Proton is just a for profit company like any other. They dont give a fuck about you or your privacy. They never have and they never will.
For profit or FOSS, they can’t ignore the Swiss government. It’s fucking stupid that people put this ridiculous standard on them like they’re able to just tell the Swiss no and face no consequences.
If you were in their position, you would roll over too, and if you claim otherwise you’re just straight up lying.
They complied with laws. Where is the issue?
- Authoritarian regime decides that being critical of the regime is illegal and makes laws to support this.
- Activists use Proton for privacy.
- Regime demands that they give up data on activists.
- Proton complies with the laws.
That’s the issue.
What data? Here it is the IP address and only under order by authorities.
I feel ever since the social media shitstorm people love to pile on Proton for anything. They never said they won't comply with law enforcment, did they?
load more comments
(17 replies)
So Proton should refuse to comply with the law and have to close their entire business?
load more comments
(6 replies)
load more comments
(2 replies)
load more comments
(7 replies)
load more comments
(14 replies)
"climate activists have been taking over commercial apartments" So ... trespassing? They breached privacy for apparent trespassing? Is that it?
I dont really blame Proton for this. Accessing anything on the internet on a clear connection and not through a VPN or TOR makes it your own damn fault when you get identified.
load more comments
(5 replies)
view more: next ›