back to article Encrypted mail service Proton hands suspect's personal info to local cops

Encrypted email service Proton Mail is in hot water again from some quarters, and for the same thing that earned it flak before: Handing user data over to law enforcement.  Proton, which offers several services it touts as being secure and safe, includes an end-to-end encrypted email product. Ostensibly designed for the …

  1. Khaptain Silver badge

    Simple rule

    If you are using a third party, you lose the right to privacy.

    Trust nothing that you don't control from end to end.

    1. Anonymous Coward
      Anonymous Coward

      Re: Simple rule

      The article is pretty clear there wasn't a loss of privacy, though. Only a loss of anonymity.

      1. Khaptain Silver badge

        Re: Simple rule

        "The article is pretty clear there wasn't a loss of privacy, though. Only a loss of anonymity."

        Which amounts to the same thing, through the IP Addresses the Powers that Be were able to find who they are looking for. Once they have your address and a couple of other details, you're dead meat.

        1. zimzam

          Re: Simple rule

          They're not the same, anonymity requires the user to take extra steps to ensure that private data is not identifiable. What you do in your bedroom is private, but your ownership of your house isn't anonymous.

          1. navarac Silver badge

            Re: Simple rule

            What it boils down to as always I suppose, is don't give anyone access to data that you don't want them to be subpoenaed or warranted for.

        2. Lee D Silver badge

          Re: Simple rule

          So why is anyone sending an ultra-secret message expecting anonymity from an IP address that is tied to them?

          Walking down to the local McDonald's or cafe to send the email would have been better security, and even that's a dumb idea if you do that more than once or are already under surveillance (correlation attacks, etc.). A certain Mr Bin Laden found that out the hard way (though he did evade detection for quite a while!).

          The fact is that you can't secure a sloppy user. It's just not possible. And almost universally the people who desire the utmost privacy, anonymity and security (e.g. criminals) are often some of the most sloppy.

          1. wolfetone Silver badge

            Re: Simple rule

            "The fact is that you can't secure a sloppy user."

            This. You can't secure an impatient user either who just wants total convenience either.

          2. FIA Silver badge

            Re: Simple rule

            The fact is that you can't secure a sloppy user. It's just not possible. And almost universally the people who desire the utmost privacy, anonymity and security (e.g. criminals) are often some of the most sloppy.

            You mean 'bad criminals'. ;)

            Like in every industry, there's people who are good at it, and people who aren't.

            With crime, you tend to only hear about the ones that aren't.

          3. Anonymous Coward
            Anonymous Coward

            Re: Simple rule

            I don't believe that was how Bin Laden was tracked down. There was a tip from a spy in Pakistan Intelligence. And that was followed up with a plan to do a DNA test on the children in the house during a vaccination drive. In the end, that part might not have been completed, because they found other confirming information. [He Led the CIA to bin Laden—and Unwittingly Fueled a Vaccine Backlash, Nat Geo]

        3. Anonymous Coward
          Anonymous Coward

          Re: Simple rule

          Anonymity is a part of privacy, especially when it comes to metadata. Ofc anonymity should never be a part of security!

    2. Anonymous Coward
      Anonymous Coward

      Proton Doesn't Understand Privacy

      I used to be a fan of Proton's VPN and paid for their top tier VPN service. But then a mandatory update to their Windows app (earlier versions did not work anymore) resulted in their VPN bypassing the Comodo firewall on my Windows laptop. Other Proton VPN users had the same firewall complaints.

      So I emailed Proton's support. I was first told "try different settings and see if that works". Later they admitted that their VPN bypassed firewalls, that it was a feature, and that "if you use our VPN you do not need a firewall because you cannot be found". In subsequent emails they doubled down on that technically tone deaf statement and made other claims so inaccurate I doubted their VPN's ability to keep me anonymous.

      I ended up cancelling their VPN service, so I'm not surprised at their lack of privacy/anonymity for their email service, either.

  2. Anonymous Coward
    Anonymous Coward

    The dangers of shiny, really

    It was (and still is) totally possible to provide not only E2EE but also total anonymity with the tools from the 70s;

    But that isn't all appy and trendy.

    1. Blazde Silver badge

      Re: The dangers of shiny, really

      tools from the 70s

      Letters cut out of a newspaper stuck on a ransom note? (Pro-tip: wear a bunny suit and use a clean room)

      1. Anonymous Coward
        Anonymous Coward

        Re: The dangers of shiny, really

        Very droll minister.

        Look up NNTP, then laugh.

        1. Anonymous Coward
          Anonymous Coward

          Re: The dangers of shiny, really

          The NNTP server you login to stores IP, client, time/date and username/password information (as well as payment details you would sumbit) and all activity you commit (access, reads, writes, etc).

          A predictable response would be "yes, but you can use a VPN/TOR exit/anonymous payment methods/made up accounts/etc".

          Sure, but you can do the same on every part of the internet. An internet forum/Google Drive/PasteBin/Torrent/email/etc/etc has exactly the same limitations.

          So, I'm a little confused why you think NNTP offers any anonymity at all?

      2. tip pc Silver badge

        Re: The dangers of shiny, really

        stamps are now barcoded

        1. Wellyboot Silver badge

          Re: The dangers of shiny, really

          No postal service was ever set up to be anonymous, letters have the recipients address in plain sight and the franking stamp narrows down the origin to a small geographical area. Privacy of the content is protected by laws that explicitly state the circumstances in which that privacy can be removed.

          You can either deliver/collect something yourself or use a third party service, there are no other possibilities.

          EDIT

          The barcode really doesn’t do much more than be an anti counterfeiting measure, if knowing where you purchase your stamps matters to any agency you’re already very well known to them!

    2. zimzam

      Re: The dangers of shiny, really

      It's not possible to invisibly automate that though. That's their point, the user still has to apply strong data hygiene.

  3. katrinab Silver badge
    Black Helicopters

    Any company that plans to stay in business is going to comply with requests from their local law enforcement. There isn't really any way round that.

    1. S4qFBxkFFg

      "local law enforcement"

      Multiple brands of this product are available: choose one that will never be interested in you (preferably one that is specifically uncooperative with those that are) and select an email provider in that location.

      1. Dan 55 Silver badge
        Black Helicopters

        The problem with choosing an e-mail provider in Iran or North Korea is that e-mails sent to this provider are probably going to get special attention anyway.

        1. katrinab Silver badge
          Black Helicopters

          Even then, the existing regimes aren't likely to be around forever, or continue to have the same approach forever.

          Switzerland for example used to be a good place to hide dodgy money. It isn't any more.

          1. Wellyboot Silver badge

            Hiding the money trail is the problem these days when even Swiss bank managers raise an eybrow to suitcases full of cash.

            You just need to find a country where the banking 'fees' are tolerable when hiding the loot investing proceeds of entrepreneurial activites.

        2. Yet Another Anonymous coward Silver badge

          But Iran and N Korea are unlikely to hand over data to the UK police. So if you are a UK terrorist ( or rent a flat in a better school catchment area) you should use a Russian email provider.

  4. elsergiovolador Silver badge

    Truth

    If the state really wants the data they will get the data, simples. Laws will not stand in the way.

    If the provider is claiming they don't track, don't read or whatever, if there is intelligence that they store some juicy stuff, they'll get a backdoor implemented for three letter agencies to have a poke and peek.

    If someone thinks otherwise, they are likely deluded.

    If you are a privacy freak, you can only make it more difficult to get information. Always use own encryption, layering, style transfer etc and assume anything you don't control is compromised.

  5. TimMaher Silver badge
    Coat

    I am a lineman for the county

    And I drive the main road.

    Searchin’ in the sun for another overload.

    1. Plest Silver badge

      Re: I am a lineman for the county

      "Dee-dee dee-dee dee-dee dee-dee dee-dee-dee"

  6. FuzzyTheBear
    Stop

    Obsolete

    The governments and it's agencies will never let anyone have a cypher they can't break, Ever.

    1. Anonymous Coward
      Anonymous Coward

      Re: Obsolete

      Governments may have extensive powers...........................

      .......................but those powers don't extend to:

      (1) One time pads

      (2) Dead letter boxes

      The spooks can snoop on my phone or my email............but there are things that I CAN DO which THEY CANNOT CONTROL!!

      Suck it up!!!!

      1. elsergiovolador Silver badge

        Re: Obsolete

        All they need is a wrench

        1. Khaptain Silver badge

          Re: Obsolete

          Or a large knotted rope and a chair with no seat...

        2. Anonymous Coward
          Anonymous Coward

          Re: Obsolete

          A wrench won't do diddly for a one-time pad, assuming you've done your job and destroyed your copy of the key after you encrypted the message the government wants to recover.

          Torture fails 100% of the time when the individual you're torturing does not have the information and cannot get it.

          (It fails 99% of the time even if they do. You get the garbage that the individual you're torturing thinks you want to hear, not the truth.)

          1. Wellyboot Silver badge

            Re: Obsolete

            While failing to retrieve useful information, it does reduce the amount of activity needing to be monitored in the first place.

            There are very few people willing to risk their families suffering the same fate. This is why many nasty regimes throughout history have made sure it's widely known they do this.

    2. amajadedcynicaloldfart Bronze badge

      Re: Obsolete

      It's called 'Signal"...

    3. gnasher729 Silver badge

      Re: Obsolete

      I could create a cypher that the government couldn’t break 39 years ago. (That’s when RSA was explained in Knuth’s “Art of Computer Programming”). Admittedly a Mac at that time would have had a hard time encrypting/decrypting more than 100 characters per second with a 1024 bit key).

  7. PB90210 Silver badge

    Which?

    Which?

    Whichita or Wichita?

    1. Anonymous Coward
      Anonymous Coward

      Re: Which?

      Some shithole town in middle of nowhere Kansas. Does it really matter how it's spelled?

      1. amajadedcynicaloldfart Bronze badge

        Re: Which?

        It is the title of a record you arsehole!

    2. Androgynous Cow Herd

      Re: Which?

      Thatita

  8. Lee D Silver badge

    It's almost like if you set up a company anywhere that you're subject to the laws of that country, isn't it?

    And if you want to operate a business, take money, provide services then - by definition - you're subject to the laws of the country that you operate from (and, potentially, others).

    Also, using an end-to-end encryption email service doesn't guard against the metadata you provide that service - such as timings of email, source and destination, account details, credit card details, even website cookies, etc. etc. If you thought that, for even a second, maybe you should not be the guy who sends ultra-secret stuff around.

    If you desire perfect security, then you simply can't use a commercial service that's hosted in any country. It's honestly that simple.

    And do you know what the best advice for encryption also is? Never roll your own.

    If you want to send a message to someone and don't want anyone to know the contents of that message, that's easy enough. If you don't want ANYONE, EVER to ever discover that you sent a message of any sort to a person who you never want identified and want it to be impossible to determine who, what, when or whether that message was sent... now you've just made your task a thousand times more difficult. And the answer - offline or online - is never "employ a third-party".

    At this point, you're into the realms of hiding messages in blockchain data, dealing exclusively with the system end-to-end yourself, and only transacting everything in anonymised and "washed" bitcoin (good luck getting that untraceable by the way - again, the metadata at both ends will get ya!), and that's the kind of stuff that attracts FAR MORE attention than anything else.

    Encryption is not to protect your privacy. It's to secure the contents of a message. As demonstrated, it's not even very good at doing that because authorities' ears prick up when you try that.

    If you want absolute anonymity in perpetuity, or even within your lifetime... I'm not even sure there exists a way to do that with any certainty at all.

  9. Anonymous Coward
    Anonymous Coward

    Privacy, Anonymity,.................

    You really have to wonder.........if people really want privacy or anonymity, there are some things they can do:

    (1) Use mail.com and set up throw-away email addresses (....so NO ACCOUNT DETAILS for anyone to share)

    (2) Do the mailing from an internet cafe or from a burner phone (......so no useful IP address for anyone to share or use)

    (3) Use private encryption for messaging which needs privacy (......on top of E2EE!!)

    If anyone wants privacy or anonymity.......my recommendation is that THEY TAKE PERSONAL RESPONSIBILITY for it themselves!!

    Why would anyone actually believe that Proton or Signal or WhatsApp are even REMOTELY INTERESTED in preserving anonymity or privacy?

    Beats me!!

    1. Yet Another Anonymous coward Silver badge

      Re: Privacy, Anonymity,.................

      That does seem like an awfully complicated process just to be allowed to complain to the local council without some minion being able to look up who you are to retaliate.

  10. O RLY

    Flak vs Flack

    They probably did not earn any flack, but definitely earned flak.

  11. Tron Silver badge

    God Moaning.

    The resist-once have accqo-aired a bum. They are going to ex-plod the whaleway brodge.

    Way too tough for state spook AI. It would scan it, see 'bum' and classify it as zero risk erotic banter. The best place to hide is in plain sight. If you use an encrypted service or frolic on the dark net, you may as well be painting a target on your back and illuminating it.

    1. Midnight

      Re: God Moaning.

      "It is I, LeClerc!"

      Plain sight indeed.

  12. naive

    Providers promising privacy shouldn't keep information in the EU/US or their own country

    Any service provider who promises increased privacy, but stores information in any of the countries where authorities might be interested in who its customers are and what they are up to, can't deliver on the promise.

    If Proton had done a halfway decent job of protecting their customers they would:

    1. Have an entry point in an Asian/South-American country, ideally load balancing to multiple of such entry points in different countries/jurisdictions, making them difficult to trace.

    2. Frequently switch ip-addresses of entry points, so they can't filter using an "ip-address" warrant for those entry points using local internet providers.

    3. Frequently wipe ip-logs on those systems.

    4. Traffic from the off-shore entry point into their own systems is VPN encrypted, and does not contain source ip's of customer devices.

    5. It should offer plausible deniability, i.e. random sender addresses.

    6. Leave no cookies or traces in customer web browser or client devices.

    If setup like this, Proton could hand the cops a list of their customers, and wish them good luck with it, since the data identifying users is not there.

    The fact they didn't do anything basic to protect their customers, makes it seem probable they are a government run scam.

    1. Anonymous Coward
      Anonymous Coward

      Re: Providers promising privacy shouldn't keep information in the EU/US or their own country

      That's good in theory, but they can make proton implement targeted logging to catch any person of sufficient interest.

    2. IGotOut Silver badge

      Re: Providers promising privacy shouldn't keep information in the EU/US or their own country

      @niave.

      Congratulations.

      You pretty much summed up most things that can be done using a VPN or TOR

      https://proton.me/tor

  13. Anonymous Coward
    Anonymous Coward

    Web based

    Any web based encrypted email service is by definition insecure. People who use ProtonMail are stupid and deserve to get caught.

    Only client software based encrypted email, like PGP or S/MIME, where both parties use it to encrypt their messages can be considered safe.

    1. Anonymous Coward
      Anonymous Coward

      Re: Web based

      Wow. You sound angry. I use proton mail simply because I don't want Google for example to scan my email and send me advertising. So basically any sensitive info.

      Don't automatically assume that people using Proton are committing some kind of crime.

      Since Gmail is awfully convenient, and has a great spam filter, it is an excellent email service for throw away things, like forum accounts and ecommerce.

      I always assume that government agencies that want to know what I'm up to have an infintite number of ways to do this, up to and including bugging my home. The privacy I'm after is from ad agencies and fraudsters.

  14. Blackjack Silver badge

    So to anyone with a Proton paid account, still worth it or what?

  15. galbak

    How about mullvad? They only have your (random, subject to change) account number, no email address etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like