https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/ Skip to main content * Biz & IT * Tech * Science * Policy * Cars * Gaming & Culture * Store * Forums Subscribe [ ] Close Navigate * Store * Subscribe * Videos * Features * Reviews * RSS Feeds * Mobile Site * About Ars * Staff Directory * Contact Us * Advertise with Ars * Reprints Filter by topic * Biz & IT * Tech * Science * Policy * Cars * Gaming & Culture * Store * Forums Settings Front page layout Grid List Site theme Black on white White on black Sign in Comment activity Sign up or login to join the discussions! [ ] [ ] [Submit] [ ] Stay logged in | Having trouble? Sign up to comment and more Sign up not the onion (router) -- ProtonMail removed "we do not keep any IP logs" from its privacy policy Swiss courts compelled it to log and disclose a user's IP and browser fingerprint. Jim Salter - Sep 7, 2021 9:15 pm UTC ProtonMail offers end-to-end encryption and a stated focus on privacy for its email service--which offers a user interface quite similar to those of more mainstream services such as Gmail. Enlarge / ProtonMail offers end-to-end encryption and a stated focus on privacy for its email service--which offers a user interface quite similar to those of more mainstream services such as Gmail. Jim Salter reader comments 56 with 46 posters participating, including story author Share this story * Share on Facebook * Share on Twitter * Share on Reddit This weekend, news broke that security/privacy-focused anonymous email service ProtonMail turned over a French climate activist's IP address and browser fingerprint to Swiss authorities. This move seemingly ran counter to the well-known service's policies, which as recently as last week stated that "by default, we do not keep any IP logs which can be linked to your anonymous email account." After providing the activist's metadata to Swiss authorities, ProtonMail removed the section that had promised no IP logs, replacing it with one saying, "ProtonMail is email that respects privacy and puts people (not advertisers) first." No logging "by default" * The phrase "by default" did a lot of heavy lifting in ProtonMail's old front page. Jim Salter * The new "your data your rules" snippet offers a much less concrete guarantee of privacy and emphasizes ProtonMail's optional Tor onion network service. Jim Salter As usual, the devil is in the details--ProtonMail's original policy simply said that the service does not keep IP logs "by default." However, as a Swiss company itself, ProtonMail was obliged to comply with a Swiss court's injunction demanding that it begin logging IP address and browser fingerprint information for a particular ProtonMail account. That account was operated by the Parisian chapter of Youth for Climate, which Wikipedia describes as a Greta Thunberg-inspired movement focused on school students who skip Friday classes in order to attend protests. According to multiple statements ProtonMail issued on Monday, the company could not appeal the Swiss demand for IP logging on that account. The service could not appeal because a Swiss law had actually been broken and because "legal tools for serious crimes" were used. ProtonMail does not believe the tools were appropriate for the case at hand, but the company was legally responsible to comply with their use nonetheless. Break out your Tor browser In addition to removing the misleading (if technically correct) reference to its "default" logging policy, ProtonMail pledged to emphasize the use of the Tor network to activists. The new "your data, your rules" section on ProtonMail's front page directly links to a landing page aggregating information about using Tor to access ProtonMail. Advertisement Using Tor to access ProtonMail may accomplish what ProtonMail itself legally cannot: the obfuscation of its users' IP addresses. Since the Tor network itself hides users' network origin prior to packets ever reaching ProtonMail, even a valid subpoena can't get that information out of ProtonMail--because the company never receives the data in the first place. It's worth noting that the anonymity offered by Tor relies on technical means, not policies--a situation that could serve as a textbook example of a double-edged sword. If a government agency or other threat can compromise Tor nodes your traffic passes through in a way that offers it a way to track origins, there is no policy preventing said government from doing so--or from using that data for law enforcement purposes. ProtonMail also operates a VPN service called ProtonVPN and points out that Swiss law prohibits the country's courts from compelling a VPN service to log IP addresses. In theory, if Youth for Climate had used ProtonVPN to access ProtonMail, the Swiss court could not have forced the service to expose its "real" IP address. However, the company seems to be leaning more heavily toward recommending Tor for this particular purpose. There's only so much an email service can encrypt ProtonMail is also careful to point out that although its user's IP address and browser fingerprint were collected by Swiss authorities acting on behalf of Interpol, the company's guarantees of email content privacy were not breached. The service uses end-to-end encryption and deliberately does not possess the key necessary to decrypt a user's email body or attachments. Unlike gathering the source IP address and browser fingerprint, collecting that data is not possible simply by changing a configuration on the company's own servers as demanded by a court order. Although ProtonMail can and does encrypt the email body itself with keys unavailable to the servers processing them, the SMTP protocol requires the email sender, email recipient, and message timestamps to be server-accessible. Accessing the service via Tor or a VPN may help obscure IP addresses and browser fingerprints, but the service can still be legally compelled to provide any of those fields to Swiss law enforcement. In addition, email subject lines could also be encrypted without breaking the SMTP protocol, but in practice, ProtonMail's service does not, which means the relevant courts may compel the service to provide that data as well. Listing image by ProtonMail reader comments 56 with 46 posters participating, including story author Share this story * Share on Facebook * Share on Twitter * Share on Reddit Jim Salter Jim is an author, podcaster, mercenary sysadmin, coder, and father of three--not necessarily in that order. Email jim.salter@arstechnica.com // Twitter @jrssnet Advertisement You must login or create an account to comment. Channel Ars Technica - Previous story Next story - Related Stories Today on Ars * Store * Subscribe * About Us * RSS Feeds * View Mobile Site * Contact Us * Staff * Advertise with us * Reprints Newsletter Signup Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox. Sign me up - CNMN Collection WIRED Media Group (c) 2021 Conde Nast. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1 /20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy. Your California Privacy Rights | Do Not Sell My Personal Information The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Conde Nast. Ad Choices