protonprivacy

protonprivacy, 14 hours ago

@xevhi @skarfester The name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can't decrypt data, but in terror cases Swiss courts can obtain recovery email.

protonprivacy, 10 hours ago

@sjoel No, login IP addresses are not logged by default, and yes, using Tor or a no-logs VPN like Proton VPN would effectively hide your real IP address. You can learn how to use Proton Mail more anonymously here: https://proton.me/blog/use-protonmail-anonymously

protonprivacy, 1 day ago

@jonah

Thank you for the suggestion, we'll look into making this warning easier to dismiss.

You can also use an email address that you're not using for anything else as a recovery if your threat model requires it.

protonprivacy, 2 days ago

@BrideOfLinux @adingbatponder The individual in this case used their actual apple email as an optional recovery email.

Setting a recovery email is not required and we provide other options for recovery: https://proton.me/support/set-account-recovery-methods

protonprivacy, 1 day ago

@adbenitez @jonah

Regarding 3rd party clients, you can do that on desktop, thanks to Proton Mail Bridge: https://proton.me/mail/bridge

On mobile, we cannot do that due to how our encryption works.

Regarding the case you shared, the name/address of the terrorism suspect was actually given to police by Apple, not Proton. The suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can't decrypt data, but in terror cases Swiss courts can obtain recovery email.

protonprivacy, 1 day ago

@carturo222 @dilmandila @thunderbird You can do it via Proton Mail Bridge: https://proton.me/mail/bridge If you have any questions, don't hesitate to contact us here.

protonprivacy, 2 days ago

@stux @TechCrunch Setting a recovery email is optional.

We also provide other optional recovery options outside of email, more on this here: https://proton.me/support/set-account-recovery-methods

protonprivacy, 2 days ago

@stux @TechCrunch Nope, once it's gone, it's gone. 👍

protonprivacy, 2 days ago

@1HommeAzerty Thanks for sharing your thoughts, we'll pass on the feature suggestion to the team for future consideration.

protonprivacy, 2 days ago

@cygnathreadbare You seem to confusing Proton VPN with Proton Mail. Proton VPN is no-logs as has been proven in independent audits and in court (https://protonvpn.com/blog/transparency-report - we don't have any info to share with law enforcement).

Proton Mail, being a communication service, is legislated differently, and we have always been clear what data we can and cannot protect, see: https://proton.me/legal/privacy and: https://proton.me/support/proton-mail-encryption-explained

protonprivacy, 2 days ago

@posthumouspoet Yes, recovery addresses are only kept as long as they are needed by the owner of the account - as soon as you remove it from your account, it's removed from our systems too. You can also replace it with a different recovery method: https://proton.me/support/set-account-recovery-methods

You can learn what is and is not encrypted here: https://proton.me/support/proton-mail-encryption-explained

Regarding IP logging, you can find the details here: https://proton.me/legal/privacy (they are not logged by default)

protonprivacy, 3 days ago

@pacogens Hi there, setting a recovery method is optional, more on this here: https://proton.me/support/set-account-recovery-methods

protonprivacy, 3 days ago

@jik @jonah @AIBrain @doomy Setting a recovery email is also optional, more info here: https://proton.me/support/set-account-recovery-methods

protonprivacy, 3 days ago

@jik @jonah @AIBrain @doomy Hi Jonathan, email is just one of several recovery options, rest assured your feedback has been passed along to the team.

protonprivacy, 2 days ago (edited 2 days ago)

@pacogens Thanks for clarifying! We outline this in the first paragraph here: https://proton.me/mail/privacy-policy

Note that It’s also important to differentiate that VPN is not classified as a communication tool in Switzerland — Proton VPN does not log IPs and there are no existing Swiss laws that can compel us to do so.

Also, nothing is delivered easily: Swiss law is very restrictive, and there are many hurdles to jump through to get a court order.

protonprivacy, 2 days ago

@leberschnitzel Proton stores minimal data and almost all data is end to end encrypted. You can find details in our privacy policy: https://proton.me/legal/privacy You can also check this article to see which data is stored encrypted and which cannot be: https://proton.me/support/proton-mail-encryption-explained

protonprivacy, 2 days ago

@doomy From a technical perspective, one can't end-to-end encrypt or hash a recovery email as it needs to be accessible to send the recovery email, which is typically initiated by an unauthenticated user who has lost their password. In brief, if we did that, one wouldn't be able to use the recovery address for its intended purpose.

protonprivacy, 1 day ago

@doomy Recovery addresses are also used to inform users in case suspicious login attempts or something of that sort has occurred, and for that we need to have access to the address itself. For the majority of users, anonymity is not a priority, but keeping attackers out is.

protonprivacy, 1 day ago

@leberschnitzel The swiss law has limits which are quite strict, especially after our 2021 court victory: https://proton.me/blog/court-strengthens-email-privacy. We limit data retention, so support tickets are not stored forever, either. They have also never been requested.

protonprivacy, 2 days ago

@activeruser We've looked into it and here are the results: https://mastodon.social/@protonprivacy/112411129477213219

protonprivacy, 3 days ago

@Mushi The name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can't decrypt data, but in terror cases Swiss courts can obtain recovery email.

protonprivacy, 2 days ago

@Mushi There was no leak, Proton's services are not compromised. The recovery email is not mandatory, as you can see above. Proton stores minimal data and almost all data is encrypted in a way that we cannot access. You can find details in our privacy policy: https://proton.me/legal/privacy

protonprivacy, 2 days ago

@narunya @joeo10

We've looked into it, here are the results: https://mastodon.social/@protonprivacy/112411129477213219

protonprivacy, 3 days ago

@leoboulton Hi Leo, if you have additional info to share on what you were expecting on the roadmap and any issues with our marketing, we can pass it along to the team.

We have a lot planned for 2024 across all the Proton products, and we're supported solely by subscribers, rather VC investors, advertisers and selling user data.

You can also filter by 'completed' on User Voice to check out all the implemented community feature requests: https://protonmail.uservoice.com.