Back to posts

Check your expectations.

- Simon Müller

Recently, there has been a lot of fuss about a story where data by a Proton user (that was parttaking in illegal activities) was caught using some metadata (namely, their recovery E-Mail, which was their personal iCloud-Email) that Proton was required to share.

Of course, in response, the replies and comments all around the web went wild.

Except, as is usually the case… everything has been entirely misread. — The first thing that I have to point out is the obvious (hopefully): E-Mail is a flawed protocol when it comes to Privacy.

E-Mail was never designed with privacy of the modern age in mind. You cannot just add encryption to it in it's entirety without breaking some things. With what Proton did, they broke Third-Party Client Compatibility, opting to use their own API instead to facilitate Zero-Knowledge encryption (where feasible). As a little breakdown, the reason why you can't just end-to-end-encrypt EVERYTHING with E-Mail is because in an instant, you'd loose interoperability with any other mailserver.

Say you send a mail with everything except the intended recipient encrypted. What the hell kinda tags will it end up with? what folders does it go to? does it get filtered? whom is it from? do we put this in spam?

These are just questions that come up from a theoretical viewpoint in which the recipient mailserver has any idea what to do with it at all, but spoiler alert: it does not. Most mailservers would simply reject such a mail, or in the best case just error out.

As such, don't try to sound smart and go “but Proton is bad! They aren't 1000% end-to-end-encrypted!” (whatever that means…)

No, Tuta won't save you.

I've also seen people (as mentioned above) say that they're happy to use Tutanota instead. Sadly, Tuta cannot protect you either, and has even started using an entirely in-house messaging protocol for E2EE-Mails between Tuta users. Proton at least tries to use Mail Protocols.

To get you up to speed, Tuta also has handed over data plenty of times.

Just...please keep your OPSEC in check

Seriously, if you are concerned about this, I have a couple of points to offer you:

  • DON'T USE E-MAIL??? There are SO MANY better solutions
  • Don't link something as easily traceable as your damn Apple-ID / iCloud Mail to something you're using for activism

Please make sure your OPSEC is rock-solid, simply using a service in activism doesn't protect you. Maybe try getting a RiseUp Address.

as clarification: I didn't quite know the full story until this article by TechCrunch popped into my feed. As such, I at first thought (based on what others were saying around me) that it was probably going to be someone that just did something illegal and failed horribly because they put something identifying like their iCloud Mail Address as a backup. I now know that actually, this was an activist.

As such I've made some changes 'round here to clarify that. I am sorry.

git history can be seen here to see the changes I've done:

If you liked what you read, please consider donating:

Background: Emily Bernal