November 2, 2021
  • November 2, 2021
  • Home
  • Example blog
  • ProtonMail Removes “We Are Not Logging Your IP Address” Boast From Website After French Climate Activist Arrested • The Register

ProtonMail Removes “We Are Not Logging Your IP Address” Boast From Website After French Climate Activist Arrested • The Register

By on September 7, 2021 0

Encrypted messaging service ProtonMail found itself embroiled in a minor scandal after responding to a legal request to hand over to Swiss police a user’s IP address and details of the devices they used to access their device. mailbox, which led to the arrest of the Internet user.

Police were executing a warrant obtained by French authorities and served on their Swiss counterparts through Interpol, rumors on social media that ProtonMail CEO Andy Yen admitted to having The register.

At the time of writing, the company’s website said, “We believe that privacy and security are universal values ​​that cross borders.”

After ProtonMail data was passed to Swiss and then French police, the author of a blog of left-wing political activists in France wrote (in French) that a group called Youth for Climate had been targeted:

ProtonMail has said in the past that it does not collect user data and implements end-to-end encryption, and repeated it over the weekend, stating, “In no way, however, our encryption does can be bypassed, ie emails, attachments, calendars, files, etc., cannot be compromised by legal orders. “

This statement, although in bold, appears to be confirmed by the service’s privacy policy which states that it can access the following user information:

  • Sender and recipient email addresses
  • The IP address of incoming messages from
  • Object of the message
  • Times for sending and receiving messages

This is all standard, unencrypted information from email headers, inherent in the SMTP email specification, although it seems ProtonMail’s previous promises about logging user information were a bit too generous. In January of this year, the company’s home page read: “No personal information is required to create your secure email account. By default, we do not keep any IP logs that can be linked to your email account. anonymous. Your privacy comes first. “

Today that boast has been replaced with a cutesy version: “ProtonMail is an email that respects privacy and puts people (not advertisers) first. Your data belongs to you and our encryption guarantees it. We provide it. also an anonymous mail gateway. “

The company’s privacy policy, which was updated yesterday, now reads: “If you violate Swiss law, ProtonMail may be legally compelled to register your IP address as part of a Swiss criminal investigation.”

In a statement posted on Reddit, which Yen forwarded to El Reg instead of making its own statement, ProtonMail said:

As a Swiss company, ProtonMail is obligated to obey Swiss law and comply with Swiss legal requirements, although it is not clear why the company was logging user agent strings and IP addresses of users. client connections. An option exists in the ProtonMail user interface to enable access logging, although there is no public information to suggest whether the French environmental protester had it enabled or not.

In a follow-up clarification, ProtonMail insisted, “ProtonMail does not give data to foreign governments; it is illegal under article 271 of the Swiss penal code. We only comply with legally binding orders from the Swiss authorities.

“The Swiss authorities will only approve requests that meet Swiss legal standards (the only law that matters is Swiss law).”

He reiterated: “There was no legal possibility to resist or combat this particular request. ®



Source link

Leave a comment

Your email address will not be published. Required fields are marked *