I’m using Proton for privacy, not anonymity. I’ve literally put my name and surname in my email address. I don’t care if someone knows that me is me.
But I do care that no one is reading and/or automatically processing my mails.
Proton’s privacy policies state that they retain unencrypted metadata (addresses, timestamps, etc.) which are required to provide the service. This information may be disclosed to law enforcement. However, the actual content in your account is largely end-to-end encrypted. Law enforcement might request it, but without the keys to decrypt it they won’t be able to read your data.
Metadata tracking should be very concerning to anyone who cares about privacy because it inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out a network of relations is incredibly valuable. An intelligence agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand. So, in a twisted way, tools for private conversations that share their metadata with third parties, are perfect machines for mapping associations and identifying targets such as political dissidents.
I don’t disagree with you, but sending and receiving emails requires transmission of unencrypted metadata. There’s no easy way around it
Right, which really suggests that email is not the right medium if you want genuine privacy.
Okay, but people still need emails for basic services and accounts, so would you rather them use Gmail or Proton?
Like duh don’t email your mom with a detailed plan on how you’re gonna do a terrorist attack. Crazy idea, I know.
Honestly, I suspect it makes very little difference in practice which one you’re using if you’re going to communicate with people outside Proton. If I use Gmail, and you send me an email from your Proton account, guess what happens.
The yanks were drone striking people in Iraq and Afganistan based on who was calling who, I’m certain they still do this kind of thing too. Your uncle’s an important guy and he calls you for your birthday? kablamo
exactly
with email, the meta data leaking is at the protocol level, email is comically insecure and no matter funny encryption you do with pgp the protocol itself will leak data, and Proton’s advertisments as a secure private email provider are misleading in a fundemental level thanks to this, I do not see how any email provider could fix this other than making a whole new standard for an email-like protocol
email is a legacy tool that needs to be phased out and a sane better replacement has to be made, untill that there is little to no hope to not leaking email metadata to some degree since email is effectively required to create accounts in most web services
yup email is just fundamentally not the right tool for this
Wasn’t their whole marketing point that they’ll have nothing meaningful to give out since everything’s properly E2E encrypted? Not sure how much the compliance rate matters when the provided data is useless. (They would need to comply in order to remain legally operating…)
Without a link to the report or any other justification information this reads like a hit piece. The other important item to understand is what information actually could be released.
As much as I dunk on proton for their CEOs idiocy and lack of Linux support, I also push for accuracy and infographics are dangerous in that space.
I’ll see if I can link the relevant info once I get home and am not on a phone anymore.
The data they can hand is your acc creation information and which IP accessed the email. They can’t hand email content because of zero knowledge encryption, and they can’t hand VPN traffic because it’s not logged and they can’t be forced to log it. https://protonvpn.com/support/no-logs-vpn/
deleted by creator
No business is going to violate court orders on behalf of their users. What people need to learn is to not use the same provider for everything, vpn and email especially should be on different services.
Any way to know if we are among the 32k+ disclosed users ?
I have started using message.casa.
If they sold it to the government then I want my cut of the name money, if I’m on that list. If every piece of crap business/corporation is requiring me to give my name and then sells my name, I deserve at least 50% of that dosh! Class action anyone?
