For some reason I have it in the back of my mind that they were at one point accused of being a honeypot for US intelligence because of their association with MIT. Probably complete BS, but maybe not. Are they as open source as they claim to be? Looks like they’re on github. F-Droid seems to think they have some Google libraries or whatever that they use.
ProtonMail users, how do you like/dislike it?
Protonmail is fine, I doubt they are a honeypot but they do have to comply with Swiss court orders which some people give them undeserved hate for, they logged the IP of an activist after an order by Swiss authorities1, however this could happen regardless of where they’re based, no one can ignore a court order. Swiss privacy laws are less protected for communication providers than they are for VPNs, which causes people to mistakenly assume the email providers there are just as private.
IMO they are decent, I only use them as a mirror for my primary email address in case something happens to it, but it’s never failed me in that yet.
As for the open source side of it, the Google libraries they use are the services to allow notifications through Google’s push notification service on Android, and Firebase telemetry. The rest of the app is open source aside from having those included. They don’t offer a version of their app without those yet sadly.
1French authorities initially requested the information, however Proton didn’t respond until it went through a Swiss court___
According to Exodus, version 3.0.17 only had Sentry crash-reporting.
Did they add in Firebase in later versions?
Hmm, the repo I was looking at must’ve just been poorly worded then, I was looking at this one. It said it only used sentry but the warning label said that it also had Firebase, maybe they had it in old versions but got rid of it later but the repo didn’t bother to remove the label possibly, I’ll edit that part
They don’t have to ignore it, just go to court to fight it. Apple has done this. To be clear I have no idea if they did or did not do that or what their chances of winning would be.
I don’t think they contested it for this case, we do get numbers on how many they contest yearly though https://proton.me/legal/transparency
Interesting how much the legal orders jumped after 2018/2020
Well I’m glad to see they contest at least some of them. That must cost them a fortune in legal fees to protest 7k orders/year.
They only logged the IP. That’s metadata. IIRC Apple refused backdooring its phone encryption. That’s a lot more invasive.
They didn’t just log the IP, they provided it to French authorities.
like… yeah, no shit
Also: if the activist had used ProtonVPN he would’ve been completely fine, as (iirc) swiss courts cannot order you to disclose information about your VPN-Users
Doesn’t Proton specifically provide instructions for how to use proton mail via proton vpn (and/or tor, discussed in the article) to provide extra privacy against IP-demanding court orders?
@Nia_The_Cat@beehaw.org, thanks for your detailed reply! 🙂👍