Protonmail now keeps IP Logs
schneier.comMy understanding is that they will log you under specific law enforcement request. It’s very different from saying they automatically log everyone.
In the discussion of their fulfilling the request, the data they provided was described as the IP during account creation. If that was accurate then it is a neat trick that law enforcement knew which accounts would eventually be of interest.
I dmed Andy Yen and he assured me they only start logging after requests, can you link me to your source?
TheRegister article quotes:
"They therefore sent a requisition (via EUROPOL) to the Swiss company managing the messaging system in order to find out the identity of the creator of the address. ProtonMail responded to this request by providing the IP address and the fingerprint of the browser used by the collective."
It looks like the Swiss police responded to a request that could not be fulfilled (creator's ip) by getting something ~equally good (most recent ip) through asking protonmail to enable IP monitoring and the resulting report shown redacted on TC looks like a normal subpoena response where the data was already available.
This does not really look like the back and forth seen with authorities first trying to request the impossible in a subpoena (i.e. famously from lavabit but also from any cloud provider) but that level of adversarial ~obstruction through precise compliance might not be possible in Swiss law.
If that's the case then my understanding of the event is wrong.
Not really different, since it's binary.
The message used to be "we don't keep IP logs" and now it's the opposite.
Not the opposite more a middleground "we don't keep IP logs unless (uncommonly) forced by law enforcement".
Or... they always have, and now they're just being honest about it.
I'd be willing to bet 99% of services that say they don't log your IP, actually log your IP in some form. You're telling me all these companies just discard webserver logs? No chance.
It would be nice if we lived in a world where the Protonmails could not be compelled by law to keep IP logs for when their service is accessed by specific users, but at least they can not reveal the content of those specific users' email.
What are some good alternatives?
None for email, unless you roll your own[0][1][2][3][4].
[0] https://github.com/foxcpp/maddy
[1] https://github.com/LukeSmithxyz/emailwiz
[2] https://github.com/iredmail/iRedMail
Peer to peer services with encrypted communications are impossible to centrally control and monitor.
AFAIK none of those are "encrypted" outside of TLS and disk encryption (that is, if your instance uses encryption at rest, which it might not).
Regardless, they are not suitable replacements for email.
Don't do things that get you into trouble over email or use Tor / VPN.
I dislike all the Protonmail stuff but he's wrong. It's weird to see a popular name get it wrong about something I know a fair bit about. Afaik he's trustworthy so wtf is this.