ProtonMail is a very popular free email service based in Switzerland that promises to provide encryption and privacy to its users. This is the main selling point to use ProtonMail, even if you don't have anything to hide, privacy is important.
ProtonMail has always stated it does not log or store IP information on its users (by default).
Recently ProtonMail was asked to privide meta data and IP information on a French climate activist to the Europol. ProtonMail complied with this request and send the IP and device details to Europol.
ProtonMail has claimed "Under no circumstances however, can our encryption be bypassed, meaning emails, attachments, calendars, files, etc, cannot be compromised by legal orders." but they do specify they can see the following according to ProtonMail's privacy policy.
- Sender and recipient email addresses
- The IP address incoming messages originated from
- Message subject
- Message sent and received times
After this incident, ProtonMail removed the claim "we don't log your IP" from their website.
According to ProtonMail representative on Reddit, this was done to better clarify* ProtonMail's obligations.
You can read the full details in their clarification post. You can also check out their recently updated transparency report.
We will be making updates to our website to better clarify ProtonMail’s obligations in cases of criminal prosecution and we apologize if this was not clear. As a Swiss company, we must follow Swiss laws. We will also clarify that the use of our onion site (details below) is highly recommended for users with heightened privacy needs. Finally, we will also be updating our privacy policy to make clearer our legal obligations under Swiss law.
ProtonMail September 6th 2021 clarification post
Basically they claim they will fight for their users (and have over 700 times in 2020) whenever possible, but the only law they are responsible for is Swiss law.
If you want better protection while using ProtonMail, they suggest you use Tor when using ProtonMail. Brave browser has fantastic built-in support for Tor and will in fact handle all the work for you when a site has a known tor option. Keep in mind, if you ever used ProtonMail in the past without Tor on your desktop or mobile, there is a posibility your IP is already available to them.
If you haven't switched to Brave, I can't recommend it enough. I have written many posts on Brave you can find here:
- Increase security, privacy, and speed by switching to Brave Browser
- Increase security by using browser profiles
- Brave now supports Gemini custodian wallet
Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.
- Edward Snowden
Why you should vote me as witness
