ProtonMail is usually in the news for its strong privacy features and how it serves as a privacy-friendly Gmail alternative. However, that’s not the case this time around. The company is currently facing widespread criticism for logging the IP address of a French activist and revealing it to law enforcement authorities. Disclosing this piece of information has led to the arrest of the activist. In this article, we will be discussing what exactly happened and why ProtonMail revealed the IP address of its user. Also, we will talk about whether you can still trust ProtonMail with your privacy and its alternatives.

Why Did ProtonMail Log IP Address?

Before we get to the part about why ProtonMail logged the IP address, it’s important to have some background info on the incident to understand the big picture. Over the past year, French climate activists have been taking over commercial apartments near Sainte-Marthe, France. As per the activists, this move is to fight against gentrification. For those unaware, gentrification is the process in which a neighborhood gets occupied by relatively wealthy people. It is followed by an influx of real estate investments, leading to an increase in the cost of living for an average person in the area.

  • Why Did ProtonMail Log IP Address?What Did the Authorities Demand and What Did ProtonMail Disclose?What About ProtonMail’s No Log Policy?Is ProtonVPN Safe to Use?How to Make ProtonMail Safer?Can You Still Trust ProtonMail to Uphold Your Privacy?ProtonMail Alternatives

As mentioned above, ProtonMail can’t directly share data with foreign governments. In fact, doing so is illegal under Article 271 of the Swiss Criminal code. The police gained access to the IP address because Swiss authorities chose to cooperate with the French government. ProtonMail also points out how Swiss authorities will only approve requests that meet Swiss legal standards.

Under Swiss law, ProtonMail should notify the user if a third party makes a request for their private data and if the data is for a criminal proceeding. However, there’s a big catch/ loophole here. On its law enforcement page, ProtonMail highlights that the notification can be delayed in the following cases:

This incident seems to fall under the first case, and that’s why ProtonMail didn’t notify the user. “Some orders are final and cannot be appealed, that’s just how the legal system works, not everything can be appealed. The user wasn’t notified for the same reason that you don’t notify a suspect before arresting them,” says ProtonMail founder Andy Yen.

At this point, you might be wondering about ProtonMail’s no IP logging policy that it boldly advertised on its website’s home page so far. Well, that claim is no longer present now. The company has updated its home page to remove the mention of not keeping IP logs, which is one of the reasons why we got here.

Here’s what the old copy said, thanks to a backup on The Internet Archive: “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”

It’s also worth clarifying that ProtonMail doesn’t collect IP addresses by default. Instead, the monitoring/ logging starts after ProtonMail gets a legal request. “In extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities. Whether or not a case qualifies for these enhanced obligations is determined solely by Swiss authorities and not by ProtonMail,” reads the company’s transparency report.

Apart from ProtonMail, Proton Technologies has a popular VPN service that people often recommend as the best free VPN service. If you are a ProtonVPN user who’s questioning the company’s integrity after the IP logging incident, here’s what you should know. According to the company, their email and VPN services are subject to different terms under current Swiss law. Hence, the firm mentions that the law authorities can’t force them to log ProtonVPN user data.

How to Make ProtonMail Safer?

If you want an additional layer of privacy, ProtonMail has an onion site you can use from the Tor browser. It has been around since 2017, and ProtonMail highly recommends using this if you are actually conscious about your privacy. If you are not someone who’s at high risk, you could also consider investing in a good paid VPN.

So, what did ProtonMail get wrong in this incident? For starters, the lack of transparency about its features right on its front page. Claiming to be a secure email service, we expected the company to do better to disclose how it handles legal requests. The previous copy of the site’s home page claimed not to keep any IP logs by default, which is indeed misleading to the average customer. However, it’s worth mentioning that the company has now updated the wording to reflect reality better.

If you want to switch from ProtonMail, you can consider an alternative service like Tutanota or Posteo. You will find more such privacy-centric email services in our articles about the best Gmail alternatives and best free email service providers. If you ask me, Tutanota or Posteo is what you should be looking at if you value your privacy. However, even these services are not immune to local laws. So you are not gaining a lot if you make the switch.