PrivacyMatters 2 Posted ... (edited) From Slashdot. ProtonMail, a hosted email service with a focus on end-to-end encrypted communications, has been facing criticism after a police report showed that French authorities managed to obtain the IP address of a French activist who was using the online service. From a report: The company has communicated widely about the incident, stating that it doesn't log IP addresses by default and it only complies with local regulation -- in that case Swiss law. While ProtonMail didn't cooperate with French authorities, French police sent a request to Swiss police via Europol to force the company to obtain the IP address of one of its users. For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying premises rented by Le Petit Cambodge -- a restaurant that was targeted by the November 13th, 2015 terrorist attacks in Paris. On September 1st, the group published an article on Paris-luttes.info, an anticapitalist news website, summing up different police investigations and legal cases against some members of the group. According to their story, French police sent an Europol request to ProtonMail in order to uncover the identity of the person who created a ProtonMail account -- the group was using this email address to communicate. The address has also been shared on various anarchist websites. The next day, @MuArF on Twitter shared an abstract of a police report detailing ProtonMail's reply. According to @MuArF, the police report is related to the ongoing investigation against the group who occupied various premises around Place Sainte-Marthe. It says that French police received a message on Europol. Protonmail's response:https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/blog/transparency-report/ Edited ... by PrivacyMatters URL to response Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Hm. So we can establish that the argument "we only adhere to the laws of our country" is quite weak in Europe, given that you apparently can ask investigators of your target country over Europol. It's actually a good instrument if you think about it because if a German criminal goes into hiding outside Germany, he's not out of German authorities' reach, to some extent. 1 PrivacyMatters reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
PrivacyMatters 2 Posted ... (edited) Would the use of a VPN, such as AirVPN or ProtonVPN (in this case, I believe the users did not use the bundled service) or TOR prevent this situation? In the transparency report; the state over 700 cases of this nature out of 3000+ Legal orders. In which ProtonMail's parent corporation representation states they fought and denied hundreds more improper orders sent on by the Swiss authorities. Interestingly, most do not understand email is not a secure service by default, and ProtonMail's whole thing is encryption, because ultimately such as any VPN or service will know the originating IP of a user. The company was required to log, after legal request, which from a financial point of view, I believe is true because it costs money to data mine without any benefit, unlike Google for example. Also, when does an IP equal an individual? There must be more to the story. More reasons to use AirVPN imo, vs protonvpn because: no ZenDesk, no outsourced customer service, no outsourced payment processors, no parent company holdings as far as I know. Also I love the openess of your code, and willing to work with outsiders, such as the CLI wrapper. The activism also I agree with. So important: I created this account with the ability to use no linking information to anything, including a random string with @ and .com Edited ... by PrivacyMatters My brain without coffee. 2 Staff and Just a Fred reacted to this Quote Share this post Link to post
Staff 10016 Posted ... On 9/7/2021 at 6:14 PM, PrivacyMatters said: Would the use of a VPN, such as AirVPN or ProtonVPN (in this case, I believe the users did not use the bundled service) or TOR prevent this situation? Hello! We can't answer for ProtonVPN, but in case of AirVPN or Tor, the answer is yes provided that: the activist never connected from his real IP address to ProtonMail since when the wiretapping and gag orders ware issued on enforced on ProtonMail the activist never wrote to some infiltrator information which could have disclosed his identity the activist always used gpg to encrypt e-mail content, so that the content was hidden to anyone wiretapping Proton servers All of the above is limited to disclosing the identity only through Proton order and French data retention (remember that France data retention is in breach of the CJEU legally binding decisions, because blanket data retention is enforced on ISPs). If other investigation methods were used (for example by relying on finding e-mail recipients, identifying them and forcing them to reveal the activist identity), the activist identity could have been disclosed anyway, but not through Proton forced co-operation. Kind regards Quote Share this post Link to post