The ProtonMail developers have dropped the phrase “we do not collect IP addresses”. Because they collect
A few days ago, a whole scandal erupted around the protected, as many thought, email ProtonMail – the service developers provided Swiss law enforcement with the personal data of some users who were subsequently arrested in France. And we are not talking about arms dealers or terrorists, but about members of the “green” movement Youth for Climate, who advocate a clean environment. Unfortunately, as soon as the French authorities sent a request to Switzerland, Proton Technologies employees gave them the IP addresses of the activists.
Naturally, this raised certain questions from active users of the service, because the developers of secure mail promised maximum confidentiality and privacy. Moreover, the ProtonMail user agreement clearly stated:
“By default, we do not keep any IP logs which can be linked to your anonymous email account.”
Based on this information, ProtonMail employees would not have been able to provide the French authorities with the IP addresses of specific users, because the service, in theory, should not have them. Soon after the scandal, Andy Yen, the head of Proton Technologies, explained that in fact the service still registers and stores the IP addresses of users, but not all, but only a few. How exactly the service defines these “some” he did not explain, and yesterday evening, September 7, they decided to rewrite the user agreement of the postal service. Now, instead of a promise not to collect IP addresses, it says:
“ProtonMail is email that respects privacy and puts people (not advertisers) first” (ProtonMail is an email that respects privacy and puts people (not advertisers) first).
That is, the developers of the once most popular secure mail service have officially recognized that they collect IP addresses, and they are provided to the authorities on demand, which calls into question the reliability of this project.