[capableweb]

> ProtonMail has a bad history of irresponsible sensationalism. It’s like constantly marketing yourself as the most private e-mail service “built by CERN scientists” but who will give information about you to authorities:

Well, conflating "security" with "following the law" seems odd. Do anyone realistically expect a legally incorporated company to not follow laws? They have to respond to lawful requests, otherwise there will be no business at all.

As long as they fight against unlawful requests, they are what they make out to be. If they're found to be spying on their users when it's not lawfully requested, then you have some bite in your argument. But otherwise, I'm not sure what you expect them to do.

By the way, they seem to be pretty upfront about how they collaborate with law enforcement, at least according to https://protonmail.com/law-enforcement Maybe it wasn't like that in 2021 when the article you linked was published?

In the end, if you rely on any single company for both your security and privacy, you're playing a loosing game. Not hiding your IP when signing up for something when you're planning to do illegal activities? Maybe time to reconsider your opsec strategy.

[coffeeandbooks]

> Well, conflating "security" with "following the law" seems odd. Do anyone realistically expect a legally incorporated company to not follow laws?

I’m talking about privacy, not security. And again, this has nothing to do with their official policies listed on their website, but rather their tendency to market themselves as “a super private e-mail provider built by CERN scientists.”

I think for many use cases (e.g., political activism) most peoples intuitive idea of privacy does not align at all with what ProtonMail actually provides.

> In the end, if you rely on any single company for both your security and privacy, you're playing a loosing game. Not hiding your IP when signing up for something when you're planning to do illegal activities? Maybe time to reconsider your opsec strategy.

Totally agree. But again, this is less about getting the average individual to rethink their op sec strategies, and more or less about ProtonMails proclivity to market themselves as an organization that solves these opsec problems for you.

This article is yet another example.

[capableweb]

Yeah, ProtonMail generally proclaims itself to be for privacy as well, but I think that's because of their focus on security, not anything else.

And this blogpost is strictly about security, not about privacy, so it seems maybe your comment was generally about ProtonMail, not specifically about this blogpost.

But yeah I agree, their marketing is a bit problematic, but I'm not sure you can blame them. They do have laws to adhere to, they do make it clear that if you are breaking the law and their receive lawful requests from authorities, they do have to comply, implicitly telling people to cover their tracks if they need to.