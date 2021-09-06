from the protecting-us-from-bad-privacy dept.
From TechDirt:Swiss Court Says ProtonMail Isn't A Telecom, Isn't Obligated To Retain Data On Users
Background:
ProtonMail offers encrypted email, something that suggests it's more privacy conscious than others operating in the same arena. But, being located in Switzerland, it's subject to that country's laws. That has caused some friction between its privacy protection claims and its obligations to the Swiss government, which, earlier this year, rubbed French activists the wrong way when their IP addresses were handed over to French authorities.
The problem here wasn't necessarily the compliance with local laws. It was Proton's claim that it did not retain this information. If it truly didn't, it would not have been able to comply with this request. But it is required by local law to retain a certain amount of information. This incident coming to light resulted in ProtonMail altering the wording on its site to reflect this fact. It no longer claimed it did not retain this info. The new statement merely says this info "belongs" to users and Proton's encryption ensures it won't end up in the hands of advertisers.
The news:
[...] these retention obligations that have been challenged. These obligations undercut earlier promises made by Proton to its users -- the ones that resulted in a rewrite of its privacy guarantees as well as its cooperation with French authorities.
Fortunately for ProtonMail and its users, surveillance of the service will go back to being more limited. The Swiss Federal Administrative Court has sided with Proton, finding that it is not a service provider under the definitions included in the data retention law.
Tools can be used for bad things. Therefore we must carefully monitor their use and users. Computers can be weapons. Just ask anyone who has been hit over the head by a laptop.
ProtonMail deletes 'we don't log your IP' boast from website after French climate activist reportedly arrested:
Encrypted email service ProtonMail has become embroiled in a minor scandal after responding to a legal request to hand over a user's IP address and details of the devices he used to access his mailbox to Swiss police – resulting in the user's arrest.
Police were executing a warrant obtained by French authorities and served on their Swiss counterparts through Interpol, according to social media rumours that ProtonMail chief exec Andy Yen acknowledged to The Register.
[...] At the time of writing, the company's website said: "We believe privacy and security are universal values which cross borders."
After data from ProtonMail was handed to the Swiss and then French police, the author of a left-wing political activists' blog in France wrote (en français) that a group called Youth for Climate had been targeted:
The police also noticed that the collective communicated via a ProtonMail email address. They therefore sent a requisition (via EUROPOL) to the Swiss company managing the messaging system in order to find out the identity of the creator of the address. ProtonMail responded to this request by providing the IP address and the fingerprint of the browser used by the collective. It is therefore imperative to go through the tor network (or at least a VPN) when using a ProtonMail mailbox (or another secure mailbox) if you want to guarantee sufficient security.
