Proton Mail discloses user data leading to arrest in Spain

Legal and Case Context

  • Proton is subject to Swiss law and only responds to Swiss authorities; foreign police must route requests through Swiss channels.
  • Data are disclosed when the alleged act is a crime in both the requesting country and Switzerland (e.g., terrorism, espionage), not for things legal in Switzerland.
  • In this case, Proton provided a recovery email; Apple then supplied name, address, and phone linked to that email, and telcos confirmed the phone subscriber.
  • Some recall a prior French case where Proton was compelled to log and hand over a user’s IP; Proton later sought a Swiss ruling to limit such logging orders.

Expectations vs. Reality of Proton’s Privacy

  • Many argue Proton’s marketing (“safe in Switzerland”, “secure private email”) leads users to overestimate protection against governments.
  • Others stress Proton has always said they follow Swiss law, can hand over metadata and recovery data, but cannot read mailbox contents without additional compelled measures.
  • Distinction emphasized: privacy (shield from marketers / casual snooping) vs anonymity (shield from state-level actors). Email is seen as structurally bad for anonymity.

Recovery Email and Opsec

  • Thread highlights how a recovery email is a major link back to real identity, especially when it’s an Apple/Google address.
  • Some say serious activists should never use recovery emails or identity-linked VPNs; convenience features and strong anonymity are fundamentally at odds.

Logging, VPNs, and IP Privacy

  • Debate over “no-logs” VPNs: some cite Mullvad and others that allegedly withstood police raids; others doubt such claims or point to ownership changes.
  • Consensus that IPs and assignment logs are widely retained and considered personal data, at least for state actors.

Cryptography and Client Trust

  • Several note that although Proton can’t see stored email contents, they could be compelled to capture future messages or serve a modified client, depending on Swiss law.
  • Proton engineers in the thread explain: keys are generated client-side, encrypted with password-derived keys, and stored encrypted; open-source clients exist.
  • Discussion of PGP complexity, subkeys vs master keys, and Proton’s support for importing subkeys (e.g., via GNU “dummy” keys).

Comparisons and Broader Takeaways

  • Some compare Proton favorably to Gmail/Outlook for avoiding ad mining but not as a tool for serious anti-state activities.
  • Others mention Tuta, Posteo, Fastmail, and self-hosting as alternatives, each with tradeoffs (export, key handling, jurisdiction).
  • Recurrent theme: don’t expect any legal company to defy lawful orders; for high-risk threat models, use truly anonymous channels or non-digital methods.