Nothing to hide, but nothing to show you either.
Jump to navigation Jump to search

ProtonMail is an email provider owned by the company Proton. Advertised itself as a privacy-respecting email provider, it is found to have several severe privacy problems.

Bad Qualities[edit source]

  1. The website’s images is partly powered by Prismic, which is a third party that admitted to log your IP address [1].
  2. They falsely claim that “It is not necessary to provide personal information in order to create an Account”[2], but hCaptcha is required to create an account[3], in which they log your “IP addresses, browser type, Internet service provider, platform type, device type, operating system, date and time stamp of access, and other similar information.” [4]. Email can be used as an alternative for registration, but as temporary emails are blocked, it is a personal information.
  3. JavaScript, which is the main tracking method used by the surveillance companies[5], is required to sign up.
  4. The way their OpenPGP encryption works is by generating the keys when you created your account, and using your existing OpenPGP keys is not allowed. This type of encryption is proved to have serious shortcomings[6].
  5. They have access to your “sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. ”, which is more than other privacy-focused email providers.
  6. They didn’t state how long do they store the collected data in their privacy policy, some of them are stated, but with vague words such as “temporarily”.
  7. Per their privacy policy, “ In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities. ” So direct surveillance can be placed at any time against you, when the government knock the door and shouts “terrorism” (as shown in the below case), and you will never be told you're being watched.
  8. As per their transparency report[7], they compiled 4920 requests just in 2021, and it shows an increasing trend. They have also helped the EU to arrest French activist and protester by logging their IP addresses[8].
  9. ProtonMail is suspected to be a honeypot of the United States[9] and their staffs do not even use ProtonMail[10].
  10. ProtonMail is proved to have several false claims [11].

Redeeming Qualities[edit source]

  1. They do have an onion domain for users who are concerned with privacy [12].

References[edit source]