there has been in the news several instances where proton has given to law enforcements information that have hold onto. in some cases regarding journalists.
their answer is always “ah, yeah. we do keep that one, but not the other data”
Of course they have to keep some basic account data. And I think the last IP you logged in from. Also email data outside the BODY can’t be encrypted. That’s just how email works. So law enforcement can get all of that if they convince a Swiss court to order Proton.
But no they don’t keep or turn over anything that isn’t technically required for the service to work. I don’t know what you’d expect.
in that particular case the people involved were identified through their recovery email which they did not hash like ‘safe’ other providers do. they have positioned themselves as safe even for activist and journalists and have failed to deliver in that account consistently.
How do you recover an account on the other providers? Do you have to provide the same recovery email you set before during account recovery? If you hash the email, you have no way of reading it anymore, so someone has to provide it to you again.
there has been in the news several instances where proton has given to law enforcements information that have hold onto. in some cases regarding journalists.
their answer is always “ah, yeah. we do keep that one, but not the other data”
before you ask…an example https://privacyradar.com/news/privacy/proton-mail-payment-data-stop-cop-city-activist-identified/
Of course they have to keep some basic account data. And I think the last IP you logged in from. Also email data outside the BODY can’t be encrypted. That’s just how email works. So law enforcement can get all of that if they convince a Swiss court to order Proton.
But no they don’t keep or turn over anything that isn’t technically required for the service to work. I don’t know what you’d expect.
in that particular case the people involved were identified through their recovery email which they did not hash like ‘safe’ other providers do. they have positioned themselves as safe even for activist and journalists and have failed to deliver in that account consistently.
no surprise since their CEO is a MAGA guy
How do you recover an account on the other providers? Do you have to provide the same recovery email you set before during account recovery? If you hash the email, you have no way of reading it anymore, so someone has to provide it to you again.
you ask the user for it if they want to recover the account and hash it. if the hash matches your previously stored hash then you send the email
other providers that position themselves as secure for activists or journalists do exactly that and they cannot handle that information