@emacsen

Their whole marketing has been built on no logging and no data release "because Switzerland".

@cjd

#Switzerland's reputation of being a privacy haven is unjustified.

I visited Switzerland last week, and *all* public wifi hotspots require SMS verification. Apparently, it's a legal requirement.

Come on, even Italy stopped doing that long time ago!

@kravietz @emacsen @cjd

@kravietz @emacsen @cjd Did they really said so, or people wanted to think that? "No email or phone number required to create your account." - that is probably true. "No IP logs which can be tied to your username." - that may not be true, depends what was tied. https://protonmail.com/why-protonmail
"We respect your right to privacy. " - that's probably true.

Also: https://protonmail.com/blog/climate-activist-arrest/

@rozie @emacsen @cjd

That's what they say:

> By default, we do not keep any IP logs which can be linked to your anonymous email account

And then they shared not only the IP but also fingerprint of the browser.

If we were lawyers, we could certainly argue that "by default" creates a clever loophole that allows them to store IPs for specific clients 🤷

Fortunately, we aren't (at least not me) which saves our right to judge them from subjective and moral point of view 😄

@emacsen

And then there's the whole "unbreakable encryption" line of marketing — also false.

I wrote about it in 2014:

https://ipsec.pl/protonmail-security-promise.html

Kobeisi did in-depth analysis in 2018:

https://eprint.iacr.org/2018/1121.pdf

@cjd