Privacy-focused ProtonMail provided a user’s IP address to authorities
This weekend, news broke that security/privacy-focused anonymous email service ProtonMail turned over a French climate activist’s IP address and browser fingerprint to Swiss authorities. This is seemingly in contradiction to the well-known service’s policies, which as recently as last week stated “by default, we do not keep any IP logs which can be linked to your anonymous email account.”
After providing the activist’s metadata to Swiss authorities, ProtonMail removed the section which had promised no IP logs entirely, replacing it with one saying “ProtonMail is an email that respects privacy and puts people (not advertisers) first.”
No logging “by default”
The phrase “by default” did a lot of heavy lifting in ProtonMail’s old front page. [credit:
Jim Salter
]
As usual, the devil is in the details—ProtonMail’s original policy simply said that the service does not keep IP logs “by default.” However, as a Swiss company itself, ProtonMail was obliged to comply with a Swiss court’s injunction demanding that it begin logging IP address and browser fingerprint information for a particular ProtonMail account.