These allegations are false. Hidden at the bottom of the article, is this: "Public prosecutor Walder of the Competence Center Cybercrime contacted me, saying he had been misquoted". In other words, the alleged source (a public prosecutor) has also supported our denial of these false allegations.
ProtonMail does not voluntarily offer assistance. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in criminal cases.
Furthermore, end-to-end encryption means we cannot be forced by a court to provide message contents.
You 'forgot' to copy the full addendum. It reads as follows:
'Public prosecutor Walder of the Competence Center Cybercrime contacted me, saying he had been misquoted. He claims that had not divulged at the above-mentioned event that ProtonMail voluntarily releases real-time data. He had merely described ProtonMail as a potential provider of derived communication services (PDCS).
I was live-tweeting the event, including the interesting presentation by public prosecutor Walder. The remark that ProtonMail was a (potential) PDCS would have been too trivial to be live-tweeted. The insight on the other hand that ProtonMail voluntarily offers assistance for real-time surveillance, was spectacular and I therefore live-tweeted the statement. In its transparency report, ProtonMail – as mentioned above – itself refers to at least one case of real-time surveillance.'
From above, there is a Swiss public prosecutor, who is on the public record as saying that he "had not divulged at the above-mentioned event that ProtonMail voluntarily releases real-time data."
That is a pretty conclusive statement that the reporting here is false.
These types of allegations keep on appearing. I know we all generally trust CERN scientists (after all, they must be smart people who care), but to keep everyone’s trust I suspect nothing less than full transparency will do.
Where is ProtonMail’s data stored? Where are its web servers? Who has physical access? Who has login keys/credentials to storage and server machines? Who does security audits, how are they done, when we’re they done last, what were the results, and what steps are you taking to improve your system’s security? And most importantly, what exactly does ProtonMail do when dealing with authorities and other entities that want access to user data?
Security is a process, not a destination - that’s a mantra everyone in the security world learns early on. But trust is also a process, not a destination. As an example of a company that treats both as a process, consider AgileBits, the developer of 1Password. Their white papers are case studies in transparency.
Ideally, what you say makes sense, but at some point you're just going to have to place your trust in someone, or something. Realistically, a vendor won't be able to satisfy every single curiosity. Someone else might ask how do we know the data is actually stored where they claim its stored. How do we know if such and such employee even works there. How do we know the OS that their developers use isn't updated and/or compromised, What if they get a new employee who is incompetent and doesn't follow the established protocols, etc, etc. You can only go down one level of abstraction here. Otherwise you'll probably be writing a treatise on belief, knowledge and justified true-beliefs.
Problem ist once these allegations are out there is literally no way to dispelled them. Keep up the good works. My assumption is that you could be compelled by Swiss law to give access (a la Lavabit), but that the same would be true for literally any non-shady email provider. You get either someone trustworthy or someone who can avoid the rules, but there's no middle ground. Any of the providers sitting in Dutch bunkers or island tax havens can really be geld accountable or their trustability be verified. And any proper honest provider like posted or mailbox or Lavabit will necessarily have to comply with local laws. Swiss laws or German laws will certainly offer better legal security than American or Australian legal contexts - but everything has a limit.
So please don't be disheartened by the undeserved hate here.
This "article" is absolutely ridiculous. There is clear repudiation by the "source" and instead of modifying or deleting the article, the author put it in an addendum at the bottom. Lowest of the low behaviours, aiming to cause shock, alarm and attract gullible internet readers.
"Doesn't that mean the courts could compel you to just alter the JS payload to capture keystrokes for these folks? If not, how do you prove that to us?"
Swiss law is very clear in stating that this is not permissible, and this can be verified by checking the law itself.
> These allegations are false. Hidden at the bottom of the article, is this: "Public prosecutor Walder of the Competence Center Cybercrime contacted me, saying he had been misquoted". In other words, the alleged source (a public prosecutor) has also supported our denial of these false allegations.
Ah, what a brave new world of clickbait and amateur "journalism" we live in... The "source" was probably asked for a quote five minutes before the article went live and the "publisher" has no incentive to correct it because all they care about is that people visit the site and load the ads so they get a few cents per 1000 views.
Good luck ProtonMail or any other entity caught in these "reporters" and "journalists" antics.
> I was live-tweeting the event, including the interesting presentation by public prosecutor Walder. The remark that ProtonMail was a (potential) PDCS would have been too trivial to be live-tweeted. The insight on the other hand that ProtonMail voluntarily offers assistance for real-time surveillance, was spectacular and I therefore live-tweeted the statement. In its transparency report, ProtonMail – as mentioned above – itself refers to at least one case of real-time surveillance.
The prosecutor in question has come on the record and said he was misrepresented. ProtonMail is also on the record as saying the "voluntary assistance" claim is false and untrue.
Unless there is some massive conspiracy/cover-up involving a Swiss public prosecutor, the most likely explanation (the article is wrong) is probably the correct one.
> Okay now explain why I can't make a protonmail account without:
> - disabling javascript
ProtonMail encrypts/decrypts messages in the JavaScript client, which is how messages are encrypted without the server ever having access to the plaintext. If you must disable JavaScript, then ProtonMail isn't the mail service for you(unless you use their mobile app).
Another commenter put it aptly when he said something to this effect: "It is [2019]. If you lobotomize your browser, you might find that a lot of the web doesn't work for you."
While ProtonMail’s marketing has always stood out as over the top self-congratulatory, the reaction of people saying “oh no, I need to find an alternative now” represents a fairly naive understanding of the very nature of communication platforms on the internet, especially email.
There is no alternative here. There is no company that will ever solve the problem, within the existing email protocol, where one unencrypted sender (say, marketing emails) can send to a so-called “encrypted receiver” and not have an intermediary able to temporarily read the emails. This is inherent in the design of the system. ProtonMail is not end-to-end encrypted in this case, and no email provider can be on the traditional web.
There are no alternatives. There is no hard, scientific, mathematical solution to this. The best you’ll get is “soft encryption”—the equivalent of encryption where the third party offering the service chooses the encryption key.
Of course there is an alternative, it's called encrypting your E-mail, and has been around for decades (for example in the form of PGP/GnuPG/GPG/whatever).
That said, having observed its history for the last 26 years, I do not think it is an accident that PGP/GnuPG is so difficult to use, poorly developed, generally marginalized, and has not been adopted by any of the big E-mail software authors.
Think of it another way: if Apple decided to really be pro-privacy today and built support for GPG into its Mac and iOS apps, the problem would be largely solved. But for some reason they do not, nor does any other major software maker.
The reason is not 'some reason', as you seem to be somewhat conspiratorially suggesting. The reason is it would not solve the problem of securing email.
I think it is worth reiterating that regardless of (insert application) provider used, one should assume lawful intercept and low friction compliance, not to mention eventual data leakage from hacks, bugs and competence issues.
If PGP is difficult, people can use a simpler route of 7-zip encrypting text files with a pre-shared passphrase. Share your passphrase out-of-band when feasible. i.e. physical notes, sftp, voice chat, private chat server (mumble / murmur super easy to set up), etc... Use different passphrases for different circles of friends. Example: [1]
One problem with ProtonMail that is also relevant here is that ProtonMail does not allow to pay anonymously for the service (so that investigators are able to follow the money trail).
On the other hand (this is not supposed to be an advertisement or testimonial; I just state the fact), the German email provider Posteo that has some popularity among people who are concerned about privacy also allows anonymous payments via banknotes (cash) that is sent via mail (just put the letter into a postbox in a completely different city).
I have not tested ProtonMail, but not likely. Most internet sites these days do not accept gift (prepaid) cards. I have found a couple VPS providers that do (or did) but the number of sites accepting gift cards is dwindling fast.
And would it be breaking any laws for a third party to pay for your ProtonMail account? Might be worth it to some people to pay 2x or even 10x the annual fee in cash to a third party to not have their financial fingerprints on the account.
There's a lot of paranoia in this thread. The whole point of end to end encryption is that it protects against court-mandated searches. (among other things) It doesn't prevent the search, it renders the search less useful.
End to end encryption in email is somewhat silly, because the vast majority of the time you will be sending email to a private company, or to a gmail address, or generally just to another party that will not respect your privacy at all.
The real benefit to something like ProtonMail is that they're not Gmail. They're not scanning every message you send you send and using it to build an advertising profile on you. If you're really worried about government warrants, email is not the tool for you.
Exactly - I am getting a pretty big “baby out with the bath water” vibe here. I use the service precisely because it has a decent UI and most importantly isn’t google. I use telegram for the same reason. I believe some determined state level actor could get what they needed against me, but I can easily say that the information I give to ProtonMail or Telegram at least isn’t going to be vacuumed up by the next dystopian company without some level of effort.
End-to-end encryption protects against the service provider (employees) from easily reading your data. This is the biggest benefit.
Of course the service provider can be compelled by law enforcement to hand over encrypted data. Law enforcement may then either attempt to brute force the encryption key password, or compel the user to provide the encryption key password (typically the account password with end-to-end encrypted services):
https://en.wikipedia.org/wiki/Key_disclosure_law
Does ordering you to hand over your password entail a form of self-incrimination or a violation of the right to silence? Would granting police the power to compel passwords cross a line centuries old against forcing a person to speak to build the case against them?
https://globalnews.ca/news/5310901/canada-privacy-passwords-...
End-to-end using server provided javascript code means that the code can be changed on the fly per user to enable lawful intercept. Plausible deniability only works if the client is encrypting the payload entirely independent of the provider. That would require the end user to be compelled directly and javascript would not be required.
Are there cases where company employees are reading your email for some reason other than marketing? Serious question --- I'm not too aware of how and where this is documented.
Your point about being compelled to hand over your key password (email password) is valid and interesting, but I'm inclined to restate my original point: email is not the tool for you if you believe you're apt to be arrested and your communications subpoenaed.
A bunch of folks have been warning that ProtonMail is essentially well-polished marketing, smoke and mirrors. It isn't just their position on law enforcement or data collection; they've made a series of very awkward cryptographic mistakes that sort of give the game away. For example, using problematic crypto libraries, omitting salient facts from their marketing copy, and repeatedly failing to deliver on promises to correct the above issues.
I'm not saying you're wrong at all, but I'd love to see some source material for these claims - specifically the "repeatedly failing to deliver on promises to correct the above issues" in regards to their crypto.
A lot of people have also been launching large scale sophisticated ddos attacks against protonmail.
Combine that with baseless over-exagerrated claims easily refuted every 3 months and what does that tell you?
If you want to communicate securely, don't use email. Every email provider in the world is subject to some government authority, and there is not a government on the planet that will allow a service to operate without some provision for surveillance (nor should it!).
But before you move everything to the secret decoder ring, think about what you are actually trying to achieve. Don't want your email to be read by the FBI? Move it to a server in Switzerland and it will be read by the NSA.
I like ProtonMail and I hope they succeed. I find their marketing (explicit or implied) that suggest it protects you against targeted government surveillance annoying and disingenuous.
Readit News
These allegations are false. Hidden at the bottom of the article, is this: "Public prosecutor Walder of the Competence Center Cybercrime contacted me, saying he had been misquoted". In other words, the alleged source (a public prosecutor) has also supported our denial of these false allegations.
ProtonMail does not voluntarily offer assistance. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in criminal cases.
Furthermore, end-to-end encryption means we cannot be forced by a court to provide message contents.
'Public prosecutor Walder of the Competence Center Cybercrime contacted me, saying he had been misquoted. He claims that had not divulged at the above-mentioned event that ProtonMail voluntarily releases real-time data. He had merely described ProtonMail as a potential provider of derived communication services (PDCS).
I was live-tweeting the event, including the interesting presentation by public prosecutor Walder. The remark that ProtonMail was a (potential) PDCS would have been too trivial to be live-tweeted. The insight on the other hand that ProtonMail voluntarily offers assistance for real-time surveillance, was spectacular and I therefore live-tweeted the statement. In its transparency report, ProtonMail – as mentioned above – itself refers to at least one case of real-time surveillance.'
https://steigerlegal.ch/2019/05/23/protonmail-real-time-surv...
Important: The English text is just an unofficial translation.
"I live-tweeted it, so they said it. If they didn't, I wouldn't have live-tweeted it.".
I'm sorry, but that's a pretty weak argument, even when it's a he-said-she-said type conversation.
That is a pretty conclusive statement that the reporting here is false.
Where is ProtonMail’s data stored? Where are its web servers? Who has physical access? Who has login keys/credentials to storage and server machines? Who does security audits, how are they done, when we’re they done last, what were the results, and what steps are you taking to improve your system’s security? And most importantly, what exactly does ProtonMail do when dealing with authorities and other entities that want access to user data?
Security is a process, not a destination - that’s a mantra everyone in the security world learns early on. But trust is also a process, not a destination. As an example of a company that treats both as a process, consider AgileBits, the developer of 1Password. Their white papers are case studies in transparency.
If anything, they are more apt to plagiarize and steal other people's ideas.
When they leave science to do something else, they frequently morph into ruthless businessmen.
So please don't be disheartened by the undeserved hate here.
Doesn't that mean the courts could compel you to just alter the JS payload to capture keystrokes for these folks? If not, how do you prove that to us?
Swiss law is very clear in stating that this is not permissible, and this can be verified by checking the law itself.
Solving this problem is the reason I built this:
https://github.com/Spark-Innovations/SC4
Ah, what a brave new world of clickbait and amateur "journalism" we live in... The "source" was probably asked for a quote five minutes before the article went live and the "publisher" has no incentive to correct it because all they care about is that people visit the site and load the ads so they get a few cents per 1000 views.
Good luck ProtonMail or any other entity caught in these "reporters" and "journalists" antics.
> I was live-tweeting the event, including the interesting presentation by public prosecutor Walder. The remark that ProtonMail was a (potential) PDCS would have been too trivial to be live-tweeted. The insight on the other hand that ProtonMail voluntarily offers assistance for real-time surveillance, was spectacular and I therefore live-tweeted the statement. In its transparency report, ProtonMail – as mentioned above – itself refers to at least one case of real-time surveillance.
Unless there is some massive conspiracy/cover-up involving a Swiss public prosecutor, the most likely explanation (the article is wrong) is probably the correct one.
Dead Comment
- disabling javascript
- verifying with a phone number that is pretty picky
- getting stuck in captcha hell if I'm on TOR
and if I want to pay with Bitcoin, it already needs to be an existing account
> - disabling javascript
ProtonMail encrypts/decrypts messages in the JavaScript client, which is how messages are encrypted without the server ever having access to the plaintext. If you must disable JavaScript, then ProtonMail isn't the mail service for you(unless you use their mobile app).
Another commenter put it aptly when he said something to this effect: "It is [2019]. If you lobotomize your browser, you might find that a lot of the web doesn't work for you."
If you know a JS-free captcha approach that is of similar quality to Recaptcha, I'm sure the Protonmail folks would love to hear about it.
How do you want to decrypt your data client-side without running a software to do just that?
Unsurprisingly, HTML cannot encrypt your data.
> verifying with a phone number
I never had to do that.
> getting stuck in captcha hell if I'm on TOR
Applies to pretty much all websites that use captcha. The purpose of captcha is to stop spammers; just suck it up or switch browsers.
> and if I want to pay with Bitcoin
Why would you want to do that?
There is no alternative here. There is no company that will ever solve the problem, within the existing email protocol, where one unencrypted sender (say, marketing emails) can send to a so-called “encrypted receiver” and not have an intermediary able to temporarily read the emails. This is inherent in the design of the system. ProtonMail is not end-to-end encrypted in this case, and no email provider can be on the traditional web.
There are no alternatives. There is no hard, scientific, mathematical solution to this. The best you’ll get is “soft encryption”—the equivalent of encryption where the third party offering the service chooses the encryption key.
That said, having observed its history for the last 26 years, I do not think it is an accident that PGP/GnuPG is so difficult to use, poorly developed, generally marginalized, and has not been adopted by any of the big E-mail software authors.
Think of it another way: if Apple decided to really be pro-privacy today and built support for GPG into its Mac and iOS apps, the problem would be largely solved. But for some reason they do not, nor does any other major software maker.
Technically, there is: Encrypting our own mail with our own keys.
They also allow anonymous signups.
If PGP is difficult, people can use a simpler route of 7-zip encrypting text files with a pre-shared passphrase. Share your passphrase out-of-band when feasible. i.e. physical notes, sftp, voice chat, private chat server (mumble / murmur super easy to set up), etc... Use different passphrases for different circles of friends. Example: [1]
[1] - https://tinyvpn.org/e/c/6/ec6ef8690422c94f17da3b2caa60a5c1.7...
Created using:
pwOn the other hand (this is not supposed to be an advertisement or testimonial; I just state the fact), the German email provider Posteo that has some popularity among people who are concerned about privacy also allows anonymous payments via banknotes (cash) that is sent via mail (just put the letter into a postbox in a completely different city).
You need an existing account, which you can't get if you:
- disable javascript
- don't verify with a phone number
- get stuck in captcha hell
verify with a phone number is notorious for blocking google voice number blocks and detecting devices that aren't pinging cell towers
> https://posteo.de/blog/bnetza-entscheidung-zu-posteo-kryptog...
> https://posteo.de/Dienstaufsichtsbeschwerde_Strafanzeige.pdf
(both in German).
Dead Comment
Deleted Comment
End to end encryption in email is somewhat silly, because the vast majority of the time you will be sending email to a private company, or to a gmail address, or generally just to another party that will not respect your privacy at all.
The real benefit to something like ProtonMail is that they're not Gmail. They're not scanning every message you send you send and using it to build an advertising profile on you. If you're really worried about government warrants, email is not the tool for you.
Of course the service provider can be compelled by law enforcement to hand over encrypted data. Law enforcement may then either attempt to brute force the encryption key password, or compel the user to provide the encryption key password (typically the account password with end-to-end encrypted services): https://en.wikipedia.org/wiki/Key_disclosure_law
Does ordering you to hand over your password entail a form of self-incrimination or a violation of the right to silence? Would granting police the power to compel passwords cross a line centuries old against forcing a person to speak to build the case against them? https://globalnews.ca/news/5310901/canada-privacy-passwords-...
Your point about being compelled to hand over your key password (email password) is valid and interesting, but I'm inclined to restate my original point: email is not the tool for you if you believe you're apt to be arrested and your communications subpoenaed.
There are others, you can just search for them. This is one I just happened to have on hand, on this very website.
https://news.ycombinator.com/item?id=19748370
https://news.ycombinator.com/item?id=19748370
Sure seems like they got caught lying, to me.
[1] https://threema.ch/en/transparencyreport
But before you move everything to the secret decoder ring, think about what you are actually trying to achieve. Don't want your email to be read by the FBI? Move it to a server in Switzerland and it will be read by the NSA.
I like ProtonMail and I hope they succeed. I find their marketing (explicit or implied) that suggest it protects you against targeted government surveillance annoying and disingenuous.