They never advertised that they don’t keep logs they just said they aren’t permanent, in fact you can view your own connection logs if you enable it in which case they are maintained forever.
And even on their English website, the marketing is misleading. They say that the service is "anonymous" and also: "By default, we do not keep any IP logs which can be linked to your anonymous email account".
The CEO's position on Twitter is that "by default" (from the sentence you're quoting) means when there is no criminal investigation, but when there is a legal order in place, Protonmail will collect the IP...
"As described in the link above, under Swiss law, we can be forced to collect info on accounts belonging to users under criminal investigation. This is obviously not done by default, but only if we get a legal order."
If you thought that Protonmail (or any other company) was going to go to break the law in order to avoid keeping logs on you despite a Swiss-backed warrant saying they had to do so, then you had the wrong impression. But I never got the impression Protonmail was saying that.
I have never used the service and don't know or care a thing about it. But their advertising is laughably inconsistent with the reality of the service provided.
If it's illegal to provide a completely anonymous email service, then you should not claim to provide a completely anonymous email service.
Once again: if you can't see their server software, you should assume they are FOS, and are capable of recording anything.
Also:
One more reason NAT was a good thing over IPv6. The closer we get to the platonic ideal of "UUID per person" the more likely justice systems will use it that way.
The day everyone learns how to self-host mail on ephemeral compute instances is the day law enforcement starts requiring MX domain logs to be maintained in a historical manner. Work around that magically, and some law'll go on the books to try to tame the super spooky criminal communicators hiding from law enforcement.
Theoretically yes but if your ISP assigns your home a /64 you can use 2^64 different addresses to access the internet.
This still doesn’t protect your privacy because your ISP knows what prefix they gave you and will likely provide that to the authorities if you broke the law while using that address. Just like they would even if you used NAT and ipv4 so I don’t get where the parent comment thinks that is protecting their privacy at all.
Plausible deniability. My NAT and DHCP leases can be shortened, and not logged. At best you know something came from my network, and I may have many users on my network. For nodes, VPN, etc...
IP's address Internet endpoints, not people using them, yet States, prosecutors, and law enforcement regularly try to create the illusion that an IP has anything to do with who uses something.
IPv6 makes that temptation worse. IPv4 forces you to realize IP's can be ambiguous. IPv6, through having more addresses than people on Earth, checks off the Institutional checkbox for "raw material to contribute to a UUID identity scheme". Just look at China's proposals for a more governable international Telecom network, and the intention to use device persistent addressing as a control mechanism becomes obvious.
Where IPv4 creates enough decentralization and localized namespace unscrambling to provide enough friction via statefulness to thwart these types of efforts, I'm not at all confident IPv6 will do the same. I believe it is just what the Doctor ordered for laying the foundation of coupling IP's and net addresses in the minds of the masses to personal identifiers.
Which is not by any stretch the way we want things to go.
If your location is assigned a /48 you can then set up over 65,000 subnets with 2^64 possible endpoints in each.
My iPhone spoofs the MAC address each time it connects to WiFi, so support for changing your /64 is not going to be a challenge even with consumer devices. Whether we lose this ability or not is another question (but they could easily make the same requirements of “hard device uuid” on IPv4 if they wanted. These are laws and regulations after all, not technical limitations).
If anything IPv6 gives you an even greater amount of plausible deniability because like you said you could be running a vpn with a billion different devices connecting to it.
IPv6 just means your laptop could have an internet routable IP associated with it. You can easily change to one of the billions upon billions of possible addresses that your assigned prefix will give you (just like you could have something like 10.0.0.0/8 with millions and millions of addresses behind your internet routable IPv4 address. Your ISP will turn you over all the same if the authorities ask who that address belongs to.
> But https://protonmail.com/security-details page says “No tracking or logging of personally identifiable information. Unlike competing services, we do not save any tracking information. We do not record metadata such as the IP addresses used to log into accounts.” So, now it turns to be that you introduced tracking and logging? Is this data encrypted as well?
> Admin, October 17, 2015 at 9:14 PM
> We don’t save any of this data by default, the user must explicitly turn it on for us to save it.
There should be a reasonable assumption that given they have end-to-end encryption for the service, they just encrypt the logging for the user and store it encrypted without the key themselves like they do the emails.
Also to note, they at least have an onion link to use their email service.
> No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.
https://protonmail.com/privacy-policy
They also provide a report of all warrants received https://protonmail.com/blog/transparency-report/