Proton Mail discloses user data leading to arrest in Spain
Legal and Case Context
- Proton is subject to Swiss law and only responds to Swiss authorities; foreign police must route requests through Swiss channels.
- Data are disclosed when the alleged act is a crime in both the requesting country and Switzerland (e.g., terrorism, espionage), not for things legal in Switzerland.
- In this case, Proton provided a recovery email; Apple then supplied name, address, and phone linked to that email, and telcos confirmed the phone subscriber.
- Some recall a prior French case where Proton was compelled to log and hand over a user’s IP; Proton later sought a Swiss ruling to limit such logging orders.
Expectations vs. Reality of Proton’s Privacy
- Many argue Proton’s marketing (“safe in Switzerland”, “secure private email”) leads users to overestimate protection against governments.
- Others stress Proton has always said they follow Swiss law, can hand over metadata and recovery data, but cannot read mailbox contents without additional compelled measures.
- Distinction emphasized: privacy (shield from marketers / casual snooping) vs anonymity (shield from state-level actors). Email is seen as structurally bad for anonymity.
Recovery Email and Opsec
- Thread highlights how a recovery email is a major link back to real identity, especially when it’s an Apple/Google address.
- Some say serious activists should never use recovery emails or identity-linked VPNs; convenience features and strong anonymity are fundamentally at odds.
Logging, VPNs, and IP Privacy
- Debate over “no-logs” VPNs: some cite Mullvad and others that allegedly withstood police raids; others doubt such claims or point to ownership changes.
- Consensus that IPs and assignment logs are widely retained and considered personal data, at least for state actors.
Cryptography and Client Trust
- Several note that although Proton can’t see stored email contents, they could be compelled to capture future messages or serve a modified client, depending on Swiss law.
- Proton engineers in the thread explain: keys are generated client-side, encrypted with password-derived keys, and stored encrypted; open-source clients exist.
- Discussion of PGP complexity, subkeys vs master keys, and Proton’s support for importing subkeys (e.g., via GNU “dummy” keys).
Comparisons and Broader Takeaways
- Some compare Proton favorably to Gmail/Outlook for avoiding ad mining but not as a tool for serious anti-state activities.
- Others mention Tuta, Posteo, Fastmail, and self-hosting as alternatives, each with tradeoffs (export, key handling, jurisdiction).
- Recurrent theme: don’t expect any legal company to defy lawful orders; for high-risk threat models, use truly anonymous channels or non-digital methods.