Don’t hate the player. You can’t send mail with E2E encrypted headers and you can’t leave payment data and expect Proton to violate regulations and delete it.
Signal has to deal with neither of these issues.
The FBI had the payment data and served Proton with a subpoena, they had no choice but to tell which account it was for. The data is still encrypted, though.
The FBI did not serve the subpoena directly to Proton Mail.
“We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT,” said Proton AG’s head of communications, Edward Shone. “Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law.”
Meanwhile, on their homepage:
Highest standards of privacy
Proton is incorporated and headquartered in Switzerland, meaning your data is protected by some of the world’s strictest privacy laws.
The standard for email privacy
From newsrooms, activists, and international organizations to academics, Nobel Prize winners, and movie characters, Proton Mail is the trusted choice for secure and private communication.
ultimately, it’s the choice to use a credit card that created the issue. As Proton’s statement mentions, it also accepts payment by cryptocurrency and cash, which could be better ways to keep your information private if you absolutely need to.
Meanwhile, on Proton’s homepage:
Highest standards of privacy
Proton is incorporated and headquartered in Switzerland, meaning your data is protected by some of the world’s strictest privacy laws.
The standard for email privacy
From newsrooms, activists, and international organizations to academics, Nobel Prize winners, and movie characters, Proton Mail is the trusted choice for secure and private communication.
Right, so Proton is actually just pop privacy marketing with a side of Trump bootlicking, like everyone with actual cybersecurity credentials have been saying. Got it. There is literally no difference between Proton and Gmail besides ergonomics.
Mullvad handles payment data in a much, much better way.
Proton can do what it likes when it comes to messages being sent between different proton accounts. Use of meta data rich protocols like standard email is absolutely something they can be blamed for.
As is choosing operate from a jurisdiction that can comple them to collect IP addresses.
Which jurisdictions can’t compel an email provider to log IP addresses? I’ve never heard of this
The annoying part is them marketing themselves as like operating from Swiss “privacy haven” when swiss privacy laws aren’t that good and the parliament is actively destroying them as we speak.
Switzerland used to be one of the best countries for it, but indeed not anymore. Proton is well aware and has already moved some infrastructure out of Switzerland.
Use of meta data rich protocols like standard email, instead of, e.g., the signal protocol
Brother…its an email product though…if you can use Signal, use Signal. But it’s a different product entirely.
When my bank sends me verification info and banking statements over Signal I’ll be elated. Until then, we unfortunately have to continue dealing with email.
As is choosing operate from a jurisdiction that can comple them to collect IP addresses.
There is no such requirement. They collect them necessarily in order to function.
Brother…its an email product though…if you can use Signal, use Signal.
The point is there is no requirement for emails sent between different proton accounts to be as insecure as they are.
This is something where there are known open source solutions that are just flat out better than what proton is using, and proton just can’t be bothered. You can’t fix the whole Internet, but proton just doesn’t care enough to fix itself.
There is no such requirement. They collect them necessarily in order to function.
By default proton doesn’t log IP addresses. They’re just not needed. But when ordered to they do.
What insecurities are you referring to?
But when ordered to they do.
And your suggestion is…refusing to comply with the law?
I explained both these things in the first post you responded to.
- Using email protocols between proton accounts means they need more meta data which is then given up on a search warrant.
- If they cared about privacy they wouldn’t be based out of Switzerland. They’d pick somewhere with more privacy rights.
And I explained to you that Proton is an email service, not a chat app.
There is nowhere that has better privacy regulations than Switzerland.
I think that when communication is between two users on the same platform, it at least could be more like a chat app. Proton distinguishes the uniqueness of this in its own documentation, so it was actually surprising to me when I heard the actual behavior isn’t great. This isn’t some marketing description either. It’s pretty deep in their website.
Ironically, chat apps running over “email” servers actually look surprisingly private these days.
They are a Mail provider. You can’t blame a mail provider for providing a mail service.
You are basically asking for them to make it seem like you send mail, but in reality you send the message via some other protocol when it’s send to Proton users. At that point you might as well not send mail at all.
As for their jurisdiction: The data protection laws changed after they were founded. They are also lobbying against them and have in fact threatened to stop investing in or even leave Switzerland.
Yes, I think that a transparent upgrade that improves privacy is an obviously good thing.
And seriously, they should have left. The law allows the Swiss government to force proton to alter the code run on their servers to satisfy requests from foreign governments. That is ridiculous.
One is a messenger the other is using the e-mail protocols, aren’t there differences in how the metadata is possible to be encrypted between those too. Just wonder if this is a fair comparison.
both could log ip addresses and payment info, meta infos like who you message with, both do key management, only saves this stuff and then has to give it to the feds
Yes, both can, but both are not necessary, only 1 is.
Email headers need to be unencrypted, unless they had a proprietary “almost like email but not interoperable” protocol. Signal doesn’t have payment info for most users because it’s free to use, but for donations they need to store payment data too.
I work in digital forensics specifically with emails, and this is not how the email protocol works
Signal and email are 2 different things, completely different
Proton was legally forced to record IPs for this account (as per the linked article). Theoretically that could happen to Signal just as well if the laws allow it in their jurisdiction. There was nothing in the article about message content or metadata being handed over to authorities.
As far as I know in France you can‘t have an anonymous phone number so technically using TOR and Proton Mail you can achieve a higher level of privacy than with Signal
But Signal is legal in France, so what would be the point? There’s no need to hide that you’re using it.
Also, that wouldn’t give you a higher level of privacy. Email records a lot of metadata unencrypted: The sender, recipient, subject line, and time sent. That’s way more compromising than the fact that you’re using Signal.
Fair point, and it seems like I was wrong about the phone numbers in France. If you can use an anonymous prepaid phone number, it makes sense to use Signal + TOR. But in many European countries, even though Signal is legal, you have to provide your legal ID to get a phone number, so your Signal account is never anonymous, as opposed to a free Proton Mail address, which you can create without providing any information.
A non-anonymous Signal account still gives you more privacy than an anonymous Proton Mail account.
All Signal can tell the authorities is the fact that your phone number was used to register a Signal account, the date (and time) that happened, and the date (and time) the account last connected to the Signal servers. In a country where you’re allowed to use Signal, that information cannot hurt you.
Proton (and every “private” email provider), on the other hand, has much of that same information (when an account was registered and when it last connected to the server) plus the date and time each individual email was sent, its recipient, and its subject line. And if the email was sent to, or came from, someone who isn’t using an encrypted email provider, the authorities will know who to serve a subpoena to to find an unencrypted copy of it. (!!!) That’s all infinitely more dangerous than the knowledge that you have a Signal account. And all the authorities need to do to get it is find out your Proton Mail address.
It doesn’t make sense under any coherent threat model to use “anonymous” (that amount of metadata would eventually deanonymise you anyway) “encrypted” email instead of Signal in a country where Signal is legal. You would be making yourself less safe for no reason.
Yeah, okay, fair point. I guess it depends on the use case. For general communication, you’re absolutely right, but in the article, it said he was a climate activist, and I imagine I‘d rather use a separate anonymous email address to organise and demonstrate than an account linked to my phone number and through that to my identity.
Huh wait does using Tor actually help with mail privacy in any way? I know Tor hides pretty much as much as can be hidden about the user, but for mailing, don’t you need to give out your personal details to sign up regardless?
Not generally but since in this case they had to record and hand over the IPs used to access the Proton Mail account, if he had used TOR they couldn’t have handed over anything useful
Aha got it
Man I wish my old account were banned. I’d point out so many comments and you all screeching that proton would protect you🤣
This is why it’s always struck me as unreasonable for proton to claim they care about user privacy. If they did, they wouldn’t provide an email service, as it is inherently impossible to adaquately protect the metadata if it is sent to a different mail server. A better approach would be for them to explain why you can have email or privacy, but not both, and to point people to a separate service if they insist on email, so it is decoupled from any of their other services. Accepting payment through a means that isn’t tied to your personal identity would be a good step too.
That seems a little disingenuous. Just because email can’t be protected well in most cases, doesn’t mean you can’t have a service that cares about privacy and does whatever is possible.
Google can train AI on your email, and then when I go make an alternative that doesn’t do that, you will say I don’t care about privacy? What is that, no true Scotsman? Don’t let perfect be the enemy of good. Even with all these issues, Proton is more private than Gmail.
They provide a suite of services, most of which can be provided in a private manner. Blowing a hole in that by providing email seems counter productive. As I said, they could point you at a separate email service. Even if they provided that service it could ensure an adaquate break between the private services and and the non-private.
As a service, is it more privacy conscious than, say, Gmail? Yes, but you’re still ultimately just asking the postman not to read your postcards.
Accepting payment through a means that isn’t tied to your personal identity would be a good step too.
They do accept bitcoin, and if that’s not private enough, they also let you mail them cash in an envelope.
Mailing cash is probably less private. Your mail is postmarked, and can be tracked. The serial numbers on the bills can be tracked too. Not to mention the envelope itself, fingerprints, possible DNA in the saliva when you licked it to seal it, your handwriting or printing to address it, how unique the stamp is…
Only if all that information is collected and stored. Digital finance systems tend to track every transaction and keep a record of them (because of legal requirements among other reasons). With cash in an envelope a government can’t check all the info you suggested a year after the payment has happened, perhaps not even after a few days.
True. I’m thinking of what they can collect after they’ve already decided to target you.
Ok, so in what other way should they allow anonymous payments?
Sorry frongt, but I think you’re wrongt, haha. I don’t think mailing cash is less private than other methods.
If anyone was concerned enough to the point they were sending cash, they might also take precaution to send coins instead of notes, wearing gloves when handling them, folding their own envelope - do people still lick envelopes anymore? - using lettering stamps instead of handwriting…
Forgive me for the joke on your username, made me laugh.
That’s only a concern if Proton keeps all the envelopes people send them, and the authorities are willing to sift through them all and check the fingerprints on them one by one.
Ah, thats good to know, I looked at their signup page and it didn’t have those options listed.
Ain’t gonna stop me from shit posting about group chat leaks on signal
Phone numbers.
and it has a paid client app, too
That is exactly what they did, the user used a credit card with their damn name on it, while Proton even allows you to send them cash money for the service.
The FBI filed a MLAT (Mutual Legal Assistance Treaty) request which was processed by the Swiss Federal Department of Justice and Police.
The Swiss gave a legal binding order to Proton to hand over information that they had, the only information that was handed over was the payment identifier.
I don’t get why people get hung up on a company complying with a legal order by their justice system, especially with Proton that could not hand over any more information.
deleted by creator
The issue is them having any info to give out in the first place, it is a horrendous transgression for a shop that touts privacy as their thing.
Signal demonstrated that you can decouple payment info from account info and thus they ain’t got nothing to produce, MLAT or not. The least Proton coulda done is mimic that tech.
That is not really the same, Signal is a donation and Proton is a subscription where a monthly (or yearly) request has to go to the payment provider for your fee, for this you need to keep the payment information on file and linked to the account. Signal can say I got donated by someone but they do not need to keep this information linked to a specific user, just the payment record (that still has your cc/bank details on it) for tax purposes.
Proton allows payment with cash, so you can stay private, but if you use your credit card, your company will know and they have to store it in some way.
Not Protons fault in this case.
They don’t have to store it.
Proton even allows you to send them cash money for the service.
They won’t accept Scottish bank notes tho >: (
The least Proton coulda done is mimic that tech.
Proton even allows you to send them cash money for the service.
Still shame that they can’t do it if you pay by card. Being able to send periodic payment by cash is fine but it’s a bad excuse to claim that there are no improvements.
Signal demonstrated that you can decouple payment info from account info
How did Signal demonstrate this? Signal is not a paid subscription service
Signal supports payments between users
Indeed, but those are crypto payments from a third party crypto wallet. It’s also between users and not recurring, so Signal has no reason to keep the data.
I donated them money once. I wonder if they still have a trace of it.
I have pointed this out to protards many times. The fact is there are solutions to not keeping this data on their servers. Then they have the audacity to blame the user.
A company that was concerned about privacy and not money would have already moved this data off their servers. Proton is a garbage company.
On one side you have a free software, on the other you have a paid service. If you pay for that service with a credit card, of course they’ll have your name.
This is like comparing walking across town to hiring an Uber and being annoyed the Uber keeps a record of the transaction.
Proton = Protrump
God, I wish more people used Signal
I’ve been using Signal more to test if I can recommend it to other people… it’s mostly like WhatsApp, which is good…
Except, can we please disable all of those god damn popups. Everyday: “Hey! Verify your pin!”, “Hey! Verify your LONG ASS recovery key!”, “Hey, plz donate!”, “HEY! I couldn’t start a backup”, “HEY LOOK AT ME!”
- I have never been asked to verify my recovery key.
- It asks to verify pin once a month. Which I think is fair, since it can help you recover from a lockout / transfer your device.
- backups are important, but they can also be disabled
- Donating to open source projects is important, as it’s a large portion of their funding.
It asks to verify pin once a month. Which I think is fair, since it can help you recover from a lockout / transfer your device.
Even that is too annoying. OK, I just realized there’s a way to turn off reminders. Trust me bro, I’m not gonna forget. I’m a big boy.
backups are important, but they can also be disabled
Ah! YES! Thanks! I just poked around deeper in the settings and disabled them. Backups are not important to me. I don’t want to backup my messages.
I have never been asked to verify my recovery key.
Maybe it’s because I had backups on? Let’s see if this popup goes away.
Donating to open source projects is important, as it’s a large portion of their funding.
Agreed. Which is why I donate to them… And I still get the popups! I’m already a donor, leave me alone.
Overall, I want to give my attention to my messages, not to Signal. Leave me alone. Let me message people. I don’t want to be nagged. WhatsApp doesn’t nag people nearly as much. I know Signal is overall better, but user annoyances like the excessive popups makes it harder for me to try to convince normal people to use Signal.
I agree with all your points, BUT I do think Signal could be slightly less “user-hostile” with the reminders, maybe?
I get annoyed at the pop-ups in my Linux system, too, and all of them are got similarly legitimate reasons. Getting the way of my current task (or worse stealing focus) doesn’t even seem like the “right” way for computers/tools to behave.
How obtrusive are the popups? Are you on iPhone or Android? The pin verify popup is like 20% of the screen at the bottom for me. And it’s nearly the same color as the background, so I sometimes don’t even notice it. Or at least, I finally see it and think “how long has that been there?”
I agree that some things can probably be scaled back. But wouldn’t it be an even worse experience if someone forgot their pin, and thus was unable to access their data?
Android and desktop. I’m no UX designer, so I don’t know what the ideal is, but when I’m using the software with a purpose, anything that gets in the way of that purpose is (at best) an annoyance. I’m probably wrong, but I think I’d prefer a passive notification to verify pin / donate / whatever that triggers after/as I leave Signal for something else – a indicator I’m done with my purpose (albeit flawed; maybe I just need to copy info from FF or whatever.)
One problem with Signal is that it can be difficult to connect with someone who is on there.
I’ve run into this a couple of times myself. And I’ve had friends run into it too. We know for a fact someone is using Signal, but you can’t find them in the search, even though you have them in your contacts with the correctly formatted number.
Personally, this issue has become a stumbling block for getting people I know to use it more.
Does that person allow searching by phone number? That is a setting you can disable.
Do you have to find a person in search to be able to send them a message?
Yes, at least that’s been my experience.
Yes this is a problem. They use to have it so that you could see all your contacts and you could use it as your normal messenger app and if they also had signal then you get encryption. At least now you can use a username instead of a phone number. Problem with that is you can only have one username. You can change it but that gets messy.
Too bad that simplex is buggy and doesn’t work, or else I would rant how proton requires a phone number to signup and the server side of the app is centralised and proprietary.
Unfortunately as things are now, signal is the only e2ee app (that supports voice calls) that works.
SimpleX works well for me. What problems have you had with it?
No it’s not lol
…email will inherently be a lot less secure than messaging, no matter what you do.
If you truly want to be private about something, don’t email it lol
Or go talk to the other person out in the middle of a field somewhere without your phones. And I’m not even 100% sure anymore that that would work. Like, maybe the lanternflies are bugged (pun intended).
The bird surveillance system is always watching. Remember birds aren’t real!
Flying tape recorders.
Well I’d suggest a forest instead but anyway depends how you get there :
- look up online how? there might be now a path on a server to your target destination
- disconnect phone in a pattern that’s usually not how you use it? more surveillance
- public transport tracking, plate tracking until you leave the city
- rough estimation on your direction then follow up with drones tracking you, if it’s 100m high it’s hard to notice
… anyway, ending the paranoia comment ;)
Don’t forget facial recognition! Then just in case you decided to wear a mask, gait recognition!
Membership in the Ministry of Silly Walks about to pay off!
Is it really so hard to make it secure? If both parties are using some kind of secure email client, couldn’t the clients just encrypt and decrypt the subject/content?
The main issue is that in reality, 95%+ of people aren’t using an encrypted service. So it’s proton to Gmail usually
Sure but this is very similar to messaging isn’t it? Like most of my friends use WhatsApp, but a few people use signal and that number is increasing.
At least with email, a single client could presumably send encrypted emails to others when possible, and regular emails when not. Add opposed to messaging where I cannot send messages from signal to WhatsApp
People like Jeffrey Epstein running one of the biggest blackmail networks in the planet and at the same time blatantly emailing each other about it from gmail really amazes me. Either they are that stupid or powerful enough that they just don’t care.
no matter what you do.
Even PGP?
…TBF, getting your counterparty to also use PGP is the heavy lift there.
Security yes, privacy not especially.
PGP lets you encrypt the messages and sign them to digitally prove you sent them.
It doesn’t help with the problem here which is that the metadata of who you are (the IP used to log into the webmail and the email address of the sender) and who you’re talking to (the email of the recipient) and when (timestamps etc.) were able to be leaked.
In fact, depending on the implementation, PGP could be considered slightly worse for privacy because you’d have the added identity proof of the message having a signature that only you could create with your private key (although that’s encrypted, it’s a stronger identity proof than the sender email address). It also generally leaks the recipients’ key IDs too (although that’s configurable) PGP is great for accountability, message confidentiality and non-repudiation. Not so much for privacy. For that you’d need other systems.
Good point re: metadata. Keeping that private is an underrated aspect of security.
proton only encrypts (without PGP) emails between 2 protonmail users
*end-to-end encrypts. All email contents are encrypted on the Proton servers regardless of who they were sent to.
Nothing stops you from pgp encrypting your own mail
yes, PGP is the exception to the protonmail encryption


















