• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

ProtonMail Gives Up Logs on User, Then Scrubs Website of No IP Logging Claims

September 10, 2021 By Sven Taylor — 78 Comments
ProtonMail logs users

ProtonMail is widely touted as the most secure and private email service in the world. Having tested and reviewed the service ourselves, we have been recommending ProtonMail for years. However, the company behind ProtonMail is now in hot water — and at least one of its users has been arrested.

What happened exactly?

Last weekend, news blew up about ProtonMail logging one of its users and providing IP address logs to French authorities. The ProtonMail user was subsequently arrested in France.

So @ProtonMail received a legal request from Europol through Swiss authorities to provide information about Youth for Climate action in Paris, they provided the IP address and information on the type of device used to the police https://t.co/KtKF4wn3wv

— Etienne – Tek (@tenacioustek) September 5, 2021

Note: ProtonMail has provided us with more clarification, stating that the location and identity of the suspect were already known to the police. The logs that ProtonMail provided helped the police to further build a case against the person, ultimately leading to his arrest.

The news gained traction first on Twitter, with various media outlets also picking up the story. The key evidence of what transpired behind closed doors was a court document detailing how ProtonMail provided IP address logs of its user to French authorities.

The backlash has been swift. But should we jump to condemn ProtonMail or is this type of situation inevitable with privacy services? Let’s examine how ProtonMail responded to the situation and put it into context by comparing it to other cases where email and VPN services provided logs to authorities — as well as cases when they did not.

ProtonMail touts Swiss jurisdiction and privacy protection

We place a lot of trust in privacy services to do what they actually say. In the case of ProtonMail, they have boldly touted their privacy and security credentials for years. Not only have they claimed to not keep any IP logs by default, but they also regularly tout their Swiss jurisdiction, which allegedly confers legal independence.

Here is how ProtonMail advertises itself and its Switzerland jurisdiction.

ProtonMail logs users

So now let’s compare the reality of this situation with ProtonMail’s claims. We have learned that:

  1. Switzerland jurisdiction does not mean very much. Governments can simply go through a Swiss court and then ProtonMail will start logging any user that is requested by the court.
  2. The “extremely limited user information” is enough to find and arrest a ProtonMail user, with IP address and device info data.

It is also interesting how ProtonMail responded to this situation and the subsequent website revisions.

ProtonMail scrubs “we do not keep any IP logs” from its website… after IP logging incident

When a privacy service’s claims do not line up with reality, trust is eroded and potentially lost forever. While trust is very subjective, ProtonMail’s logging activities and subsequent website revisions have certainly raised some eyebrows.

Using the Wayback Machine, we can see that ProtonMail did some editing to its website in the wake of this logging incident.

Before the logging scandal:

ProtonMail user data Switzerland
ProtonMail’s old homepage (before the logging scandal).

In the image above, you can see that the “we do not keep any IP logs” claim is prefaced with the “By default” at the beginning. Now, after the logging fiasco, the reference to not keeping IP logs is gone.

After the logging scandal:

ProtonMail logging claims
ProtonMail’s new homepage (after the logging scandal).

Gone is the claim, “we do not keep any IP logs which can be linked to your anonymous email account.”

In ProtonMail’s defense, it does not seem like anything changed. Technically, they probably did not keep any IP logs by default — but that is the key distinction. With just one quick request through a Swiss court, however, an outside government or agency could quickly get all the logs they needed to find and arrest the ProtonMail user they’re looking for. Case closed.

You can read ProtonMail’s response to the situation here.

Not the first time ProtonMail has logged users

We should also point out that ProtonMail has logged users in the past when ordered to be a Switzerland court. This is detailed on the Transparency Report here.

ProtonMail transparency report

ProtonMail’s Transparency Report shows numerous cases where they have complied with various court requests for user data.

And similar to the current logging case, ProtonMail did some major site revisions by changing the wording of the Transparency Report after some other cases came to light. This was first noted by Martin Steiger in Switzerland here.

Other email provider’s that have bowed down to logging demands

Before you rush to condemn ProtonMail, you should understand the situation a bit more with some background information. For one, this is nothing new. We have been keeping a close eye on the privacy space for years now, and this is not the first time something like this has happened.

Riseup logs user data for US authorities

Riseup, which is an email and VPN provider based in the United States, was forced to comply with data requests a few years ago:

After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).

There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].

This appears to be similar to the ProtonMail situation, except that with ProtonMail, the goal was to identify the user with IP address logs.

Tutanota saves unencrypted emails for German authorities

A similar situation unfolded in 2020 with the German email provider Tutanota. In this case, Tutanota was required by a German court to log incoming and outgoing emails for a specific user identified in a German court order. This only affected unencrypted emails for a specific user, as Tutanota explained here.

However, all unencrypted emails that were sent and received by this user would have ended up with the German government, while encrypted emails would have been safely encrypted (and unreadable). The original article explains the case is in German here.

Similar to the ProtonMail case, this was a specific court order targeting one individual who was using Tutanota’s service for (alleged) illegal activities. In other words, the courts did not force a blanket policy that affects all of the service’s users.

When logging requests are denied (with VPNs)

When putting the current logging situation into context, it’s also important to examine when logging requests are denied. We have written about different examples of this in our no logs VPN guide. This includes cases where ExpressVPN, Private Internet Access (PIA), and OVPN have all successfully denied government requests for user data.

As one example, we’ll take a look at a recent case with OVPN, a Swedish-based VPN service that has successfully fought back against logging demands. The VPN was ordered by a court to log users who were accused of violating copyright laws by downloading movies. They were being sued by a group called the “Rights Alliance” on behalf of the movie industry.

Rather than comply with the request, OVPN lawyered up and went to court to fight for its users. And they won the case, proving that they are a truly no logs VPN service that takes their users’ privacy seriously.

To summarize the verdict, the Rights Alliance and their security experts have not been able prove any weaknesses in OVPN’s systems that could mean that logs are stored. OVPN therefore wins the information injunction as our statements and evidence regarding our no log VPN policy have not been disproven. The movie companies also need to pay OVPN’s legal fees which amounts to 108,000 SEK (roughly $12,300 at current exchange rate).

While the nature of an email service and VPN service are very different, this case does show that there are examples when privacy companies successfully fight back against demands for user data.

However, there are other VPNs that bow down and comply with these demands, as we have seen with PureVPN logging users for the FBI, as well as with IPVanish, which is based in the US.

Should people still use ProtonMail?

While this latest logging fiasco (and ProtonMail’s website revisions) will probably shake many peoples’ trust in the service, ProtonMail itself remains secure and private compared to most other options. With most free email services, such as Gmail and Yahoo, your inbox is wide open for data collection and advertising exploitation.

Conversely, ProtonMail keeps your inbox encrypted and secure at rest, without giving others access. Sure, they may be forced to log user IP addresses, but there is a simple solution for that (see below). Additionally, you can be certain that advertisers are not collecting the content of your inbox to hit you with targeted ads.

Nonetheless, if you now want to seek out alternatives to ProtonMail, see our guide on private and secure email services. We’ll still be recommending ProtonMail because nothing has really changed. The same goes for Tutanota.

Be smart and always use a VPN (and other privacy tools)

We’ve said this before and we’ll say it again. Everyone reading this should be using a VPN when going online. A VPN is simply basic protection that will hide your IP address and geographic location when you go online. This is something everyone needs in today’s world of mass surveillance and tracking.

Had the ProtonMail user in question been using a good VPN, and also implementing basic OPSEC, he probably would never have been arrested. ProtonMail would have logged the user’s IP address, but that would have only led investigators to a VPN server in some random data center, rather than the user in question.

In addition to using a secure browser and a VPN, we also recommend using a good ad blocker that can effectively block ads and trackers on all browsers. There is also the option to combine both VPN and ad blocker, which is especially effective in many circumstances, while also being easy to use. See our VPN ad blocker guide for additional information.

Consider using an encrypted messenger for really private communications

Lastly, this is a good opportunity to repeat another piece of advice that we have been saying for years:

If you really need privacy, don’t bother using email. Instead, use a good encrypted messaging service.

Email is simply an outdated method of communication that is leaky and contains lots of private data. By contrast, there are some great privacy-focused encrypted messaging systems, from Signal to Telegram and Wickr. We have also been impressed with Session, which takes privacy to another level and keeps no metadata whatsoever.

Check out our guide on the best encrypted messaging services to learn more.

About Sven Taylor

Sven Taylor is the lead editor and founder of Restore Privacy, a digital privacy advocacy group. With a passion for digital privacy and accessible information, he created RestorePrivacy to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics.

Reader Interactions

Comments

  1. F***proton

    November 7, 2022

    Proton mail also marking your emails as spam and asking human verification eveysingle decide or ip even with vpn so how’s that possible they are collecting more than you think fingerprint and iOS device profiles etc devices in your network so one of the big tech or government tell them spy on you they will obey like good dog that’s what they are!! Big tech dog… delete your proton mail asap never use this spy network again.. trust me.

    Reply
  2. MKAnonimenSkiMK

    October 14, 2022

    If you want privacy and encryption for your Emails or Web Mail messages, You use an Email or Web Mail from the TOR Network or the Dark Net or the Deep Web. If you want privacy for your Internet connection, Use the OVPN Software or App or a VPN Software or App from the TOR Network or the Dark Net or Deep Web.

    Reply
  3. Renfro

    June 24, 2022

    Why do any of you think that you can do something illegal and not get caught by big brother?? We are being watched by the powers that be no matter where you think you can hide.

    Reply
    • John

      July 20, 2022

      Problem is Big Brother is the be
      Iggest crook out there.

      Reply
      • Phil R

        July 20, 2022

        Absolutely, the popo is corrupt to the core! No doubt in my mind. Im a former Governmental auditor.

        Reply
        • Unknown

          September 6, 2022

          Perfect Privacy VPN even successfully denied data government requests.

  4. Mike

    March 28, 2022

    In my view, ProtonMail obeying the court order in question was in line with their terms of service. There have been many more instances when they successfully fought off warrants but this case involved potential terrorism. That is not something a company like them (or anyone else) should ignore.

    Here’s a radical idea, stop breaking the law or engage in illegal or criminal activities and then you won’t have the authorities snooping around, peering into your life.

    Reply
    • jdaflaurehgire

      April 3, 2022

      Well the problem is that weird stuff is declared as suspicious by courts all over the world, with which they can than get legal search warrants for literally everyone, its just a game of perspectives.
      So just the wrong party would need to get in charge, and they’ll have open doors fck1ng up everyone who they dont like.
      Betraying the ground concepts of swiss jurisdiction wouldnt be hard for most bigger governments i think, so this means any protonmail user can easily get spied upon by any government the swiss “accepts”.
      Something which isnt shocking, but needs to be communicated clearly and transparently.

      Reply
    • Michael

      May 8, 2022

      Some dont break the law at all. Yet still wind up in jail, fines, lawyers, harrassment by law, and even worse, death penalty when its all said and done… But they were innocent the WHOLE TIME!! you trying to make it sound like its all good to sort through everybody shit to see if theres any terrorists using email addresses from Proton.

      Which means you ALSO approve of any of law related men snooping on into EVERYBODYS emails from tutanota and the rest of the private mailboxes across the world. Just as long as some legal law man says “open it up I think theres a terrorist”, its all good to open flood gates of emails and every agency(corrupted or not) ALL go digging through ALL of the citizens of the worlds emails. You dont think the law, the gov’s behind their laws, the men involved, you think theyre ALL GOOD and none are CORRUPT or VINDICTIVE and never VIOLATE THEIR POWERS. you my boy r a sad site for the future of PRIVACY!

      Hell, you just like them. I dont want everybody reading my mail before the mailman hands it to me. AND THEY NEVER USED TO! So how in tf is it ok to all of sudden read peoples mail now before they even get to look at it??! Freakin IDIOT. have a nice crap day, bozo.

      Reply
    • Donald Trump

      September 3, 2022

      I’m your local sheriff. I understand that you leave your door unlocked and you have no problem with me coming into your home unannounced and looking around, shuffling through your stuff, and taking pictures.

      Reply
    • Gonzo

      January 28, 2023

      In canada peacefull truckers were called terrorists, those days in Ontario anyone who says Vaxx is bad can be called terrorist.

      Reply
« Older Comments

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP