[coffeeandbooks]

ProtonMail has a bad history of irresponsible sensationalism. It’s like constantly marketing yourself as the most private e-mail service “built by CERN scientists” but who will give information about you to authorities:

https://www.engadget.com/protonmail-climate-activist-ip-swis...

I know that ProtonMail doesn’t claim to protect your IP address, but I don’t expect the average user to make that distinction.

This is another dumb article. Getting your service tested for vulnerabilities is good hygiene but it shouldn’t be used as marketing material to make users think your service is Fort Knox.

[capableweb]

> ProtonMail has a bad history of irresponsible sensationalism. It’s like constantly marketing yourself as the most private e-mail service “built by CERN scientists” but who will give information about you to authorities:

Well, conflating "security" with "following the law" seems odd. Do anyone realistically expect a legally incorporated company to not follow laws? They have to respond to lawful requests, otherwise there will be no business at all.

As long as they fight against unlawful requests, they are what they make out to be. If they're found to be spying on their users when it's not lawfully requested, then you have some bite in your argument. But otherwise, I'm not sure what you expect them to do.

By the way, they seem to be pretty upfront about how they collaborate with law enforcement, at least according to https://protonmail.com/law-enforcement Maybe it wasn't like that in 2021 when the article you linked was published?

In the end, if you rely on any single company for both your security and privacy, you're playing a loosing game. Not hiding your IP when signing up for something when you're planning to do illegal activities? Maybe time to reconsider your opsec strategy.

[coffeeandbooks]

> Well, conflating "security" with "following the law" seems odd. Do anyone realistically expect a legally incorporated company to not follow laws?

I’m talking about privacy, not security. And again, this has nothing to do with their official policies listed on their website, but rather their tendency to market themselves as “a super private e-mail provider built by CERN scientists.”

I think for many use cases (e.g., political activism) most peoples intuitive idea of privacy does not align at all with what ProtonMail actually provides.

> In the end, if you rely on any single company for both your security and privacy, you're playing a loosing game. Not hiding your IP when signing up for something when you're planning to do illegal activities? Maybe time to reconsider your opsec strategy.

Totally agree. But again, this is less about getting the average individual to rethink their op sec strategies, and more or less about ProtonMails proclivity to market themselves as an organization that solves these opsec problems for you.

This article is yet another example.

[capableweb]

Yeah, ProtonMail generally proclaims itself to be for privacy as well, but I think that's because of their focus on security, not anything else.

And this blogpost is strictly about security, not about privacy, so it seems maybe your comment was generally about ProtonMail, not specifically about this blogpost.

But yeah I agree, their marketing is a bit problematic, but I'm not sure you can blame them. They do have laws to adhere to, they do make it clear that if you are breaking the law and their receive lawful requests from authorities, they do have to comply, implicitly telling people to cover their tracks if they need to.

[lkxijlewlf]

If you want protection from bad laws, vote for people who don't make bad laws to start with.

[junon]

I'm so tired of this argument. It doesn't work. Nobody volunteers to willingly and knowingly sacrifice their privacy. Politicians do this even after promising the opposite.

[lkxijlewlf]

And I'm so tired of people just voting straight down the party line. That's why nothing works.

[junon]

That's not the point I'm arguing, that's something else entirely. The two are not binary opposites.

[coffeeandbooks]

This is so smart, I wish someone would have thought about this a long time ago!

Joking aside - making good privacy laws is not an easy task. “privacy” is not even easy to define, much less create fair laws around what will likely be an imperfect definition.

[blablabla123]

I agree with the sensationalism but it's a for-profit company after all. They definitely do more than the average email provider but it's certainly not the Tor equivalent of E-Mail.