The Controversies surrounding ProtonMail.

There have been some highly controversial news about ProtonMail, my go-to email service provider...

In essence:

A post was made on Twitter regarding a French climate activist who was arrested because [...] Europol had requested to ProtonMail that they provide the IP address used.

Switzerland is the hub for privacy worldwide and has always been a politically neutral area (which I love) so when it comes to legal cases like this it's always interesting how the mechanics work. Under Swiss Privacy Law a court order can only come from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can effectively force ProtonMail to release the information they have. The problem with this is that ProtonMail said on the homepage that it's an anonymous email provider that doesn't keep logs (which is technically possible by using Tor) while simultaneously stating in the privacy policy that in extreme cases they are overruled by the court and ~can~ have to log the IP addresses which were used.

All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and corporations. As ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.

This is how end to end encryption works. Bob sends Alice a message, he uses her public key to encrypt it and it can only be decrypted by the corresponding private key, which Alice has.

Alice uses her private key to decrypt the message from Bob.

“Messages are stored on ProtonMail servers in encrypted format. They are also transmitted in encrypted format between our servers and user devices. Messages between ProtonMail users are also transmitted in encrypted form within our secure server network. Because data is encrypted at all steps, the risk of message interception is largely eliminated.”