ProtonMail logged IP address of French activist after foreign request approved by Swiss authorities

A police report revealed that the popular encrypted email service provider ProtonMail shared the IP address of a French activist with the authorities.

The privacy friendly end-to-end encrypted email service provider ProtonMail has shared the IP address of anti-gentrification activists with law enforcement authorities, a police report revealed.

The police used this information to identify and arrest a France activist who was using the popular service.

The company states that it doesn’t log IP addresses, except when it has to comply with local regulation. In this specific case, it received the request for information from the Swiss police, which was contacted by French authorities via Europol.

“According to their story, French police sent an Europol request to ProtonMail in order to uncover the identity of the person who created a ProtonMail account — the group was using this email address to communicate. The address has also been shared on various anarchist websites.” reported the TechCrunch website. “The next day, @MuArF on Twitter shared an abstract of a police report detailing ProtonMail’s reply. According to @MuArF, the police report is related to the ongoing investigation against the group who occupied various premises around Place Sainte-Marthe.”

“Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities,” ProtonMail’s founder and CEO Andy Yen wrote.

Yen pointed out that his company did not provide support to the Europol either the French police, it only complied with a foreign request approved by Swiss authorities.

“In this case, Proton received a legally binding order from the Swiss Federal Department of Justice which we are obligated to comply with. There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case).” the company wrote on Reddit.

“No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.” states ProtonMail on its website.

Users could continue to use ProtonMail, but experts recommend them to use a VPN or access it through the Tor network.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ProtonMail)

[adrotate banner=”5″]

[adrotate banner=”13″]