It was always going to end either this way for them, turning on their users, or being sued out of existence.
They took the slow death, looks like.
And all this over the dangerous group… “Youth for climate action.” Yeah, they should definitely be stopped, those young people peacefully protesting so they might have a future.
Why retain the logs then?
It’s… in the tweet itself:
I don’t understand why this is a surprise. The logs are erased after N days and the request (or at least an injunction to prevent deletion while it made its way through court) came in before they were erased. Or the user had authentication logging turned on. Either way, they didn’t use Tor, so of course they had to comply.
I know nothing about this group other than its name. It sounds quite innocuous. But then, so do several Koch-funded anti-worker groups. Do you have more info on them?
Everything I’ve read about them, which isn’t much, is that they’re exactly what they appear to be - young people protesting against climate change. Their most “nefarious” activity seems to be squatting in buildings in Paris. Not exactly the “extreme criminal activity” that was supposed to be the exception to Proton’s privacy rules.
I’ve been meaning to switch email to something more privacy friendly for a long time, and this was going to be it. But it’s clear that they’ll cave for literally anything… really, turning in kids for peaceful (and frankly, badly needed) protest against climate change? They didn’t even make an effort.
Does anyone know of better alternatives? Or is privacy-focused email just not a thing that actually exists?
The only other alternative i was considering was Tutanota but they are based in Germany so…
I can’t say i’m entirely surprised by this action but it shows their transparency is lacking and it raises the question of their trustworthiness going forward. So turn off logging and use it through a VPN or Tor? I guess.
The problem with existing in the legal system is that you don’t get to decide what is legal and what isn’t, the legal system does. In this case, the Swiss legal system (correctly or incorrectly, for all we know this kid murdered someone and that detail was left out) decided this person was a criminal and requested logging information, and ProtonMail complied with the law and provided pretty minimal information - no emails, no other data, only IPs.
You can say ‘well ProtonMail shouldn’t have complied with this law, they should decide for themselves what is legal and what isn’t’, and sure, they could be an extralegal service, but then you find yourselves in the position of 'I want an email provider that is unwilling to bend to the law, and I really hope they aren’t breaking any other laws I do care about.
If you want a privacy focused email address, ProtonMail still seems like a pretty reasonable option as long as you’re careful about the parts that they expose.
Perhaps that was their mistake. Punk kids expecting to get some of that Swiss discretion without even doing the tax evasion or money laundering to earn it.
Self-hosting. But email is not a secure technology. I don’t recommend it unless you don’t mind losing control of your data eventually.
No workaround ethic.
If the kids wanted real anonymity from the Swiss Police they should have named themselves Nazi Gold Hoarders for Climate Action.
I’m not saying they should decide what’s legal, but that they should design their entire system around not having anything to give the authorities when they ask for it. But I’m not a tech expert, so maybe in this case that was literally impossible, I don’t know. I just don’t like to see them lending a hand in persecuting activists, who have always been treated as the equivalents of terrorists by the law no matter how benign their actual activities.
When I worked in IT for a couple of U.S. law firms, we had to keep reminding attorneys that email is neither secure nor is delivery guaranteed. That’s more what fax was for – point to point rather than packet-switched delivery, plus confirmation of delivery and receipt time for each page.