> The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties.
Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?
Although I guess the server location didn't matter in this case since all they wanted was the billing information and the credit card info to identify the person.
> Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?
They said they want to relocate to Germany which I would say in a polite way, is much worse in this regard.
In what sense? Germany has among the strongest judicial oversight for invasion of privacy in Europe. Due process is followed when securing search warrants that provide access to subscriber data (Germany does not have administrative subpoenas like in the US and other countries).
Former attempts at surveillance have been struck down in the Bundesverfassungsgericht, and the right to privacy has even been affirmed for foreigners (as opposed to other countries like the US that reserve that foreign nationals have zero due process rights for invasion of privacy).
Germany is an absolutely terrible choice for this. Other Email providers such as Tuta which also offer encrypted emails, were forced to install a backdoor. As soon as the police arrive, every future email sent to the account in question is copied unencrypted without the person being informed.
This is much worse than passing on payment details or stored backup email addresses, as Proton Mail is required to do in Switzerland.
> Other Email providers such as Tuta which also offer encrypted emails, were forced to install a backdoor. As soon as the police arrive, every future email sent to the account in question is copied unencrypted without the person being informed.
Important caveat: Tuta was required by a court to provide police with access to a customer's _unencrypted_ emails (ie regular SMTP mail). The police had also asked for a backdoor to Tuta's E2E emails, and that request was rejected by the courts.
But the idea behind Tuta and Proton is that emails are encrypted when they arrive in the inbox. The fact that emails sent between Tuta users are still safe offer little added value because distribution is far too limited. The reason people choose such a provider is that they do not want the authorities to have access to their mailbox, but this is undermined by a backdoor. Switzerland is much better off in terms of the legal situation in this area.
In the sense that it's a joke that caves in to the flimsiest pressure from a certain superpower. Although pressure is a bad choice, it's more like it's a wholy owned subsidy.
Their end-to-end encryption is pointless because the vast majority of any recipients will just leak the plaintext emails via their own account providers anyway. It only works under very specific circumstances (all parties are using it). I think their marketing overstates what their secure private email actually means.
Yes. If you send an email from a protonmail account to a gmail account that email is in google's system. Same if in the other direction. Would anyone using protonmail not know this. I would guess at least 99.9% of proton users understand this.
Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?
Although I guess the server location didn't matter in this case since all they wanted was the billing information and the credit card info to identify the person.