Difference between revisions of "ProtonMail"

ProtonMail   (Tech company, Alt Tech)
Formation	16 May 2014
Founder	• Jason Stockman • Andy Yen • Wei Sun
Headquarters	Switzerland
Email and VPN server originally located in formally neutral Switzerland to avoid US/NATO surveillance or "information requests", but this has been hollowed out.

ProtonMail is an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland by scientists who spent time at the CERN research facility.^[1]

Originally an Alt Tech company located in formally neutral Switzerland to avoid any surveillance or information requests from countries under the Fourteen Eyes, and/or under other government surveillance laws, like the United States' Patriot Act or covert surveillance, by 2021 there had been several exposures of cooperation with US authorities.

Also, there's a precedent of privacy-focused communications groups (especially those based in Switzerland), such as Anom^[2] and Crypto AG^[3] actually being intelligence fronts used to collect data on users en masse.^[4]

Encryption

ProtonMail uses client-side encryption to protect email content and user data before they are sent to ProtonMail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, or dedicated iOS and Android apps.^[5]

ProtonMail is run by its parent company Proton Technologies AG, which is based in the Canton of Geneva.^[6] The company also operates ProtonVPN, a VPN service. ProtonMail received initial funding through a crowdfunding campaign. Initially invitation-only, ProtonMail opened up to the public in March 2016. In 2017, ProtonMail had over 2 million users,^[7] and grew to over 5 million by September 2018,^[8] 20 million by the end of 2019,^[9] and over 50 million in 2020.^[10]

An email message sent from one ProtonMail account to another is automatically encrypted with the public key of the recipient. Once encrypted, only the private key of the recipient can decrypt the message. When the recipient logs in, their mailbox password decrypts their private key and unlocks their inbox.

Email messages sent from ProtonMail to non-ProtonMail email addresses may optionally be sent in plain text or with end-to-end encryption. With encryption, the message is encrypted with AES under a user-supplied password. The recipient receives a link to the ProtonMail website on which they can enter the password and read the decrypted message. ProtonMail assumes that the sender and the recipient have exchanged this password through a backchannel.^[11] Such email messages can be set to self-destruct after a period of time.^[12]

Surveillance laws

Both ProtonMail and ProtonVPN are located in Switzerland to avoid any surveillance or information requests from countries under the Fourteen Eyes, and/or under government surveillance laws like the United States' Patriot Act. The company also states that it is located in Switzerland because of its strict privacy laws.^[13]

But by law, Proton has to cooperate with Swiss security authorities. With the Swiss Surveillance Act (BÜPF) and the Intelligence Service Act (NDG), Switzerland is "a fully-fledged surveillance state"^[14]. Switzerland provides mutual legal assistance to the United States on the basis a 1973 treaty; this way data also ends up with law enforcement agencies there.^[14]

ProtonMail founder Andy Yen originally stated that the company would rather leave Switzerland than comply with the Swiss Surveillance Act. ProtonMail chose to stay in Switzerland, and thus has to comply with it^[14].

Good cooperation with authoritites

In 2021, a company user was involved in threats against the health bureaucrat Anthony Fauci. In a series of emails, the sender threatened, among other things, to kill Fauci and his family. The American Justice Department wrote^[15] in an affidavit that the accused used "an email account from a provider of secure, encrypted email services based in Switzerland". According to the affidavit, the relevant e-mails end with "Sent with ProtonMail Secure Email"^[14].

Based on data from ProtonMail, it became apparent that the accused had used several ProtonMail user accounts at the same time. According to his own statements, the accused had switched to ProtonMail because he believed he was protected by Swiss data protection law and end-to-end encryption. Nevertheless, the sender could be identified by the interaction of data from ProtonMail with other online services such as Mail.com.^[16]

The Swiss Federal Office of Police (Fedpol) confirmed the exchange with the American authorities. At the same time, Fedpol said it was delighted to work with ProtonMail: "Protonmail is cooperating with the authorities. The cooperation is good."^[17]

In 2021, ProtonMail also turned over a French climate activist's IP address and browser fingerprint to Swiss authorities. The company stated its guarantees of email content privacy were not breached.^[18]

Participating in information war

In May 2021, during the aftermath of an emergency landing in Minsk of a Ryanair flight between Greece and Lithuania^[19], ProtonMail provided fractional information about emails which delivered a bomb threat against the plane to several airports. As analyst Moon of Alabama pointed out, "the partial and seemingly willfully incomplete response by ProtonMail about when and how many emails were sent...has led to false claims by various media against the government of Belarus", thus making it part of the Western information war against the country.^[20]

Proton has financially supported^[21] Belarus-based Charter'97, an "independent" media organization that Proton describes as one of "Belarus’s most trusted news sites,"^[22] but which in reality is backed by Western governments and adjacent organizations, including Open Society Foundations, and the German Marshall Fund of the United States.

References