It has been admitted. So they DO log your IP address when you use their service. So their customers have been lied to and have their privacy at risk. They cannot be trusted.
So how long have ProtonMail kept this massive lie from its users then?
> under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account.
So I assume normally IP addresses aren't logged. But they can enable IP address logging for specific accounts when ordered to do so.
There is very little practical difference in the protection that gives users, but seemingly the privacy policy was technically correct.
Since day #1 would be a safe guess. I don't think the honor system is a good way to deal with companies so when a company writes something like that and I have no way of verifying it then I don't believe them. Worked pretty good so far.
Just to be clear, there's no reason to believe you aren't a Chinese bot trying to sow division among western countries with this comment. It's a pretty safe guess and we have no way of verifying otherwise, after all.
Actually, there is. I've met 10's of HN'ers in person, this account is many years old and in pretty good standing, on top of that I have regular contact with the mods and many others on here IRL.
You probably should have picked a different account than mine to try this particular line with.
He didn't. By stating that he has now way of verifying he most likely meant that he exhaust all the ways, within his ability, to verify it. While the other poster made no effort to verify if Jacques is not a bot (it's easy). There's a difference in actively verifying given statements and passively accepting all that is written or all doubts that a busy mind can produce.
I think you may have missed it a bit too. jacquesm wrote:
...I have no way of verifying it then I don't believe them. Worked pretty good so far.
This can't possibly be true since one can't verify everything. If one truly lived this then they'd be in an endless quest of verifying things. For instance, verifying verifiers.
We are about to enter into an age of hard to detect AI generated articles and research so this isn't philosophical silliness.
It is probably worth reading the clarifications made by ProtonMail [1] and their Transparency Report [2]. As a company based in Switzerland, it was clear to they could be compelled to do so and they never hid that fact.
IMO a breach of trust would be actually logging IPs by default and before a legal request is made.
>The firm's privacy policy, which was updated yesterday, now says: "If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation."
That makes it sound like they normally do not / did not log the IP, but then got orders from the police the log these particular IPs.
If that is the case, why did they remove this statement? It seems to me that if the statement remained true even though this guy got arrested, it would be true under the "by default" clause. By removing it, they indicate it was never true; or, I suppose, they discovered just how fun it is to get people arrested, and decided to change their policy on the fly!
They clearly changed it because of the amount of backlash they got and because so many people called that statement deceptive. Just because it's true doesn't mean it's smart to say it and them removing the statement is absolutely reasonable.
> If that is the case, why did they remove this statement?
As far as I understand according to several comments I read here in HN "99%" of the people don't understand what "by default" means, making the sentence misleading for most.
pretty much every comment section about protonmail has been pointing this out for years
their users were too fanatical over "Swiss laws" to pay attention, going as far to demand proof when observers were merely pointing out the fundamental flaw in the Protonmail concept and incongruent advertising
Today, i read somewhere while watching protonmail case comments, that switzerland has quite extensive surivellance laws which include possiblity of logging whole country inbound and outbound traffic for period of 6 months.
So how long have ProtonMail kept this massive lie from its users then?