No. With on-demand logging, they can find the owner of the account (assuming he doesn't take further measures), but you can't retroactively prove someone used that account to do something at a specific time. For example, you could not prove that the individual was logged in at internet cafe xy near the time of the crime. Also, an opsec mishap (such as logging in without protection) will not be fatal unless you're already under surveillance.
I'm not taking sides on privacy or the threat of govt (or other sourced) tyranny, I'm just explaining the logic to answer your question:
Let's say you engaged in a long history of using protonmail innocently, then one day you decided to start commiting crimes for the first time and attract police interest. You would know that your historical logs were not kept, and it was only after you started attracting police attention that you would be at risk of incriminating yourself through proton mail. Maybe, on the run from the law, it would be safe for you to hide at your old friends house because there was no log to link you to him.
Yes, it is also the case that you may not have realized that ordinary behavior had been criminalized by an evil govt all along blah blah blah... I'm just pointing out that there is a difference where you saw none.
No history of when you logged in from where and, possibly, plausible deniability about about you being the only user of that account (through you'd probably need to prepare for this to be believable).
I mean it's either this or traffic analysis. If you use your clearnet IP address to do illegal things, it's nothing more than reasonable that you can get in trouble for it.
This is also why I don't get protonmail in the first place. Unless you use pgp or equivalent, you'll always be subject to law enforcement. Just that protonmail cares more and caters more to activists and so might not give it out without checking that the asker is really legit and then give the minimal amount possible. But they'll always be able to turn over your emails and log IPs, it's not protonmail's fault the laws were voted into action like this.
They tout that off-by-default statement on their homepage, underneath the header of "Anonymous Email," with the closing sentence of "Your privacy comes first."
So why even market that? It provides no meaningful security.
Were _you_ mislead by this? Did you really expect a Switzerland-based company not to comply with law of the land?
There is a difference between "available to police, not retroactively, and only with a valid warrant" and "available to any government agency constantly and in bulk, as well as to data-collecting commercial entities, Russian and Chinese hackers, and their dogs".
Don't you agree?
Really solid explanation of what you’re paying for as a proton customer - and despite this unfortunate situation for the French advocate is why myself and others will continue their paid ProtonMail plans
Fair point. I still don't think they've worded that well enough. I would probably not have read "By default" to have the context of "Unless asked to do so by authorities."
They're not being as transparent as possible in their marketing, which is at odds with their allure of security.
As far as I know, Swiss law does not allow for "secret data collecting orders", unlike US after "Patriot Act".
This is the benefit if being located in Switzerland, where banking is one of the main pillars of the economy and which historically has been much more supportive of personal privacy than most other countries.
They eventually caved under US pressure on some things, so it's not such a "haven" as it used to be, but I believe it is still the country that respects individuals' rights the most.
Not perfect by any means, just better than most others.
