this post was submitted on 03 Nov 2025
452 points (94.3% liked)
Technology
76585 readers
2968 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
They complied with laws. Where is the issue?
That’s the issue.
What data? Here it is the IP address and only under order by authorities.
I feel ever since the social media shitstorm people love to pile on Proton for anything. They never said they won't comply with law enforcment, did they?
Whatever they gather. It says as much in the article; they started recording IPs once a request by the Swiss government came through.
That's based on the currently available laws. So if a law gets drafted that says "if we suspect someone to be complicit in criminal activity we want you to gather more data" we should just be fine with that because the authorities say so? Because the authorities are always infallible and incorruptible, right?
The details of this individual case isn't the problem, it's the precedent it sets that is. When Mullvad got raided for their logs there was nothing recovered because they don't store anything. Proton stores things based on if the authorities ask them to, and when they find out that it wasn't a terrorist or child-trafficker they go "woops we had no idea the account belonged to a climate activist."
The authorities aren't infallible. Some years back here in Sweden we had police raid, physically abuse, and kidnap a guy they suspected was a pedophile because he'd sent images of him and his 30 year old boyfriend having sex via Yahoo Mail. There's no reality where this man should've been fucking beaten up and traumatised the way he was, but it happened, and there was no recourse for him. Nowhere down the chain of responsibility did anyone get reprimanded or investigated for misconduct.
Complying with the law is such a bullshit fucking excuse.
ProtonMail does not log things by default, but they can still be court ordered to do so by swiss authorities - if you want to run any business at all, you have to submit to a jurisdiction, you can only choose which one to run under. And even if your chosen authority is alright by itself, it can still be misled by other jurisdictions like the French did, using the terror-cudgel against climate activists.
I can also recall that in this case Proton said that had their user actually bothered to use any VPN, even Proton's, there wouldn't have been anything to give to authorities except for an exit node IP.
"She shouldn't have dressed that way."
Proton could do better, and it's ridiculous that there are people out here okay with them not doing better.
You'll agree that Proton doing better would require them to move to a different country, right?
Also Mullvad doesn't offer email accounts, does it? Seems that they couldn't have a 'no user data' policy if they did since the emails would be exactly that.
I'm okay with this. Sweden isn't exactly known as a bastion of freedom. Our current minister of equality (Liberals) is pushing for a porn ban. The EU proposal colloquially called "Chat Control" was originally put forth by the Swedish EU Commissioner Ylva Johansson who belongs to the Social Democrats.
You'll forgive me if I don't feel like it's productive to repeat myself, but if you genuinely care for a response you can view it here: https://pawb.social/comment/18804733
Have a good one.
Yeah, they should just go to prison for someone they don’t know and had nothing to do with, that’s the only answer we should be ok with!
Do you hear how stupid that sounds?
Right, because corporations are widely known for going to prison when they break the law. Where exactly did they imprison Facebook for interfering in elections? Running illegal experiments on people? Pirating books and pornography? Surveilling children and selling their data?
Look at Mullvad. They've denied access to their data multiple times, they got raided, and nothing of use was recoverable. That's what respect for privacy looks like. Proton could set their infrastructure up in this fashion, but instead they've chosen to just hand out user data freely.
Now you’re comparing apples to oranges? Is that what you do when your position is untenable?
So Proton's no-log policy is an apple and Mullvad's no-log policy is an orange, is what you're saying?
No, I’m saying that you’re comparing email to a VPN. You’re not stupid, you know it’s a bad comparison, which is why you didn’t compare Mullvad to ProtonVPN, because you know your argument would fall apart immediately.
I'm comparing Mullvad (a company) to Proton (a company) not their products. They both have a no-log policy (that's a company policy) only one is actually no logs, and the other is "we sometimes log." I don't think you're stupid either, so I don't get what's not getting through.
You're being dishonest, is what's not getting through.
Mullvad doesn't log because their product is built from the ground up to not be capable of connecting users to their activity. Email was invented before true anonymity on the internet was even a concept. To date, nobody has developed an email solution that is incapable of logging its users when forced to by the government. Both companies have a no log policy, and both follow that policy, insofar as it isn't breached by force by a legal order from their government. If Mullvad had a system where that was possible, they would have given up that information when they were raided, because they would have had no fucking choice. But like Proton, their VPN is incapable of logging access.
Comparing email to a VPN is about as dishonest and bad faith as anyone can get. Email was never intended to be anonymous, and VPNs were. You know this, which is why you compared Proton's email to Mullvad's VPN. If you had compared the two VPNs from both companies, your argument would have immediately fallen apart because neither are capable of logging users without completely rewriting the entire system from the ground up. Your argument is no different than comparing a hippo to a bird, then complaining because the hippo can't fly.
Mullvad's VPN is incapable of doing so because their infrastructure is entirely built on volatile memory. This obviously doesn't work with email because the emails need to persist, but this is isn't a very big problem as that storage is encrypted.
My problem here is that access logs don't need to be stored permanently. That could definitely be stored on a volatile medium, and then authorities could come over and confiscate it as much as they want. That sort of software architecture is entirely possible to set up, but Proton has made a decision not to.
That is a choice. They could've chosen to not comply, they could've chosen to let the authorities raid their servers, and had their servers been set up in such a fashion that no data could be obtained, there wouldn't be a problem.
They've chosen instead to log and give up information on a climate activist; not a ring of traffickers, or a terrorist group, but some dude or dudette that thinks that climate change is a bit of a problem and that the people in charge aren't doing enough about it.
I guess we'll have to agree to disagree. Do I realise that this creates legal problems for Proton? Yeah. So what? They're a corporation, they get to deal with it. What this incident has shown is that their word doesn't mean a thing. What happens when the fascist American regime starts demanding information on dissenters? Are they just going to fold and serve up whatever they ask on a silver platter, too?
What's dishonest is saying "we don't log, except when we do, and only when they're serious criminals, or climate activists."
To be fair, the IP is basically the only thing they can get, due their encryption they have access to the email body, which complies with privacy, but not anonymity.
Mullvad is not a mail provider...?
They both have no-log policies. One is "we never log" and the other is "we log sometimes" do you see the difference?
The difference is that they're different products with different technical requirements.
So Proton should refuse to comply with the law and have to close their entire business?
I don't know about 'should' but wasn't that the impression their marketing tried to give? Or at least that they would fight to defend user privacy for noble activists? But when challenged, its owners seem to have folded quicker than a strapontin.
No. Nothing in their marketing says they'll refuse to comply with lawful orders.
They do successfully challenge many of them. This is all documented in their transparency report.
Maybe not now, but it used to say 'your privacy comes first' which certainly gave the impression privacy would be more important than blindly believing and obeying courts.
Thanks for the link to their report.
Privacy is not binary. It lives on a Spectrum. On one end you have Proton and Tuta. And on the other, Gmail, Outlook, Yahoo, etc.
For sure, I know this, but privacy does not come first for any of them and it was wrong of Proton ever to say it did. To them, their survival comes before yours, so they will betray you to the Swiss courts if needed.
No. The impression their marketing gave was that they followed Swiss law.
Legal entity that doesn't comply with the law is simply not possible. If you think otherwise, you're being really naive
And yet, legal entities are often found guilty of not complying with the law. I think people were expecting Proton to at least try to fight a morally-questionable court order.
They said things that led the unwary to trust they wouldn't. Remember, this isn't some terrorist mass-murderer they handed over, but apparently an anti-gentrification youth activist linked to Greta Thunberg's campaign groups.
Edit to add: in particular, Proton used to claim 'your privacy comes first' but this case suggests in reality, the Swiss government's help for French police comes first.
Proton never says they won’t comply with orders from the Swiss government. You won’t find that claim anywhere on their website, any more than you’ll find it on Tuta’s website.
In fact, they frequently say that they'll comply with orders from the Swiss government.
The Swiss aren’t Tuta’s government. They would, however, comply with an order from the German government, because they would have no choice.
I meant Proton is pretty open about complying with the Swiss government
of course they are, and that's a good thing. because there's a lot of people in the comments here that mistook privacy for anonymity and expect Proton to break the law for them out of principal. which, quite frankly, is unfair to Proton because I'm willing to bet none of the people in this thread would be willing to do that if they were in Proton's position.
Not to mention that if proton refused to comply and got shut down, they'd be screwing over all of their customers.