ProtonMail is a secure email service that assures end-to-end encryption and data confidentiality.
A recent report highlights that the company is under fire for sharing user data with the Spanish police.
The authorities were after the user because of his ties to a terrorist group named Democratic Tsunami.
ProtonMail shared the account recovery email address with the authorities which was an Apple account, using which they learned everything about the individual who bears the pseudonym ‘Xuxo Rondinaire.’
But Isn’t ProtonMail Privacy-Focused?
ProtonMail is renowned for its encrypted email service and the guarantee of not snooping in on your conversations.
But this is a peculiar case in which the company didn’t share any e-mails with the Spanish authorities.
It only shared the recovery email address added by the user while creating the ProtonMail account.
A recovery email address comes in handy when you forget your email address and password combination and helps restore access to the account.
However, the recovery email address added by the user turned out to be an Apple account.
After learning this information, the authorities contacted Apple to extract all the details about the account.
So, ProtonMail didn’t entirely break their promise, but this incident will make users who crave anonymity think twice before adding a recovery email. Rather than using a popular but regulated email service, you can opt for an anonymous email service.
Even the company advised the users to practice better OpSec, such as not adding their Apple account as an optional recovery method in a statement.
It further clarified, “Proton does not require adding a recovery address as this information can, in theory, be turned over under Swiss court order, as terrorism is against the law in Switzerland.”
Revisit Company Policies
It is essential to read between the lines before signing up for any service that claims to be anonymous and privacy-focused.
An excerpt from Proton’s official website reads, “Under Swiss law, we’re required to cooperate with law enforcement agencies on criminal investigations within the framework of Swiss laws and privacy regulations.”
ProtonMail isn’t entirely at fault because the suspect has ties with a terrorist group. It is a good reason to investigate, and the account details of the individual would help authorities capture them faster.
Users are divided on this incident, with some supporting the company’s decision only to share information that’s not end-to-end encrypted. While others openly criticized the service for deceiving its users as to what data is encrypted and what’s not.
