anonymous messaging delivers the IP addresses of certain users

ProtonMail, the famous Swiss encrypted messaging service, is not above the law. As part of a Franco-Swiss investigation, the Swiss firm was forced to disclose information on several users targeted by the investigation.

Credit: Protonmail

In the field of encrypted messaging services, ProtonMail is one of the references. Indeed, the service boasts of offering “Swiss confidentiality”, in the sense that user data will be protected by Swiss laws, “among the strictest in terms of privacy protection ”. Email exchanges are end-to-end encrypted, and ProtonMail ensures that no IP logs linked to your account are kept.

However, a recent case proves the contrary. But let’s contextualize first if you don’t mind. Here we are in 2020, several collectives and associations are deciding to illegally occupy certain properties in the Saint-Marthe district in Paris, the goal being to fight against the gentrification of the district carried out according to the statements of the demonstrators by Nexity and Edmond Coignet, two heavyweights of the real estate.

Members of the Youth for Climate collective involved

As you can imagine, the police intervened, clashes broke out, and injuries were to be deplored in both camps. Protesters arrested for violence, refusal to comply, degradation and home invasion. Several people arrested belong to the Youth for Climate collective, the youth climate movement launched by Greta Thunberg.

Quickly, the investigation revealed that the demonstrators used a ProtonMail account to communicate with each other, and in particular to discuss the organization of the various actions to be carried out in the Sainte-Marthe district. The police therefore wish to explore this track in order to find out the identity of the account creator, the IP addresses and the fingerprint of the devices used.

However, ProtonMail is a Swiss service, the French police have no legitimacy to demand anything from encrypted messaging. This is why the French authorities have chosen to make a request to Europol. As the European police agency, Europol was able to demand the full cooperation of ProtonMail from the Swiss authorities. Unsurprisingly, the service complied with the various injunctions and provided the requested information.

Also read: NordVPN, ExpressVPN – Russia blocks the most popular VPNs in its territory

protonmail security
Credit: Protonmail

Protonmail complies with the injunctions of Europol and the Swiss authorities

As a rule, ProtonMail only complies with legally binding orders that have been approved by the Swiss authorities. […] Consequently, ProtonMail only complies with two types of orders: orders from Swiss authorities and foreign requests duly investigated and validated by Swiss authorities within the framework of an international mutual legal assistance procedure and deemed to comply with the law. Swiss”, ProtonMail justified itself in an official blog post.

Okay, ProtonMail only bent the law if this statement is to be believed. Still, ProtonMail boasts the total lack of collection of connection logs and IP on its site (visible above) and that by digging a little in the conditions of use of the service we can come across it: “However, IP logs may be stored temporarily to fight against abuse and fraud, and your IP address may be stored permanently if you are engaged in activities that violate our terms of use (spamming, DDOS attack, brute force attack, etc.) ”.

Note, however, that emails, attachments, files and calendars cannot be compromised by legal orders, as the ProtonMail teams remind us, since they are protected by the service’s encryption system.

Source: ProtonMail

Leave a Comment