Proton Mail Discloses User Data Leading to Arrest in Spain (2024)

Table of Contents
The importance of good OPSEC Update: Statement from Proton and additional commentary Further reading FAQs
Proton Mail Discloses User Data Leading to Arrest in Spain (1)

Update: Proton has confirmed the key details of this case and provided RestorePrivacy with a comment.

Proton Mail has come under scrutiny for its role in a legal request involving the Spanish authorities and a member of the Catalan independence organization, Democratic Tsunami.

Proton Mail is a secure email service based in Switzerland, renowned for its commitment to privacy through end-to-end encryption and a strict no-logs policy. In 2021, Proton Mail faced controversy when it complied with a legal request that led to the arrest of a French climate activist. Under Swiss law, Proton Mail was compelled to collect and provide information on the individual’s IP address to Swiss authorities, who then shared it with French police.

The recent case involving the Spanish police this time, highlights privacy concerns and the limits of encrypted communication services under national security pretexts, and brings a long-debated subject to the forefront once again.

The core of the controversy stems from Proton Mail providing the Spanish police with the recovery email address associated with the Proton Mail account of an individual using the pseudonym ‘Xuxo Rondinaire.’ This individual is suspected of being a member of the Mossos d’Esquadra (Catalonia’s police force) and of using their internal knowledge to assist the Democratic Tsunami movement.

Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.

See Also
List of Websites Blocked in IndiaPros and Cons of Proton Mail 2024India VPN - Get an Indian IP address

This case is particularly noteworthy because it involves a series of requests across different jurisdictions and companies, highlighting the complex interplay between technology firms, user privacy, and law enforcement.

The requests were made under the guise of anti-terrorism laws, despite the primary activities of the Democratic Tsunami involving protests and roadblocks, which raises questions about the proportionality and justification of such measures.

Like before, Proton Mail’s compliance with these requests is bound by Swiss law, which mandates cooperation with international legal demands that are formalized through proper channels (Swiss court system).

Last year, when we noted that Proton Mail complied with nearly 6,000 data requests in 2022, Proton provided us with an explanation that inbox contents remain secure.

Please note that in all cases email content, attachments, files etc are always encrypted and cannot be read.

Proton statement to RestorePrivacy last year

Looking at Proton’s transparency report, we find that Proton Mail complied with 5,971 data requests last year alone, up slightly from the year before.

Proton Mail Discloses User Data Leading to Arrest in Spain (2)

With so many data requests going on in the background, it is all the more important to safeguard the data you share with various services.

The importance of good OPSEC

This situation serves as a critical reminder of the importance of maintaining stringent OPSEC (operational security). One should always be aware of the potential vulnerabilities that come with linking recovery information or secondary services (like Apple accounts) that may not have the same privacy safeguards as a primary encrypted email service.

For users concerned about privacy, particularly those involved in sensitive or political activities, OPSEC should be a top concern when using privacy tools. It’s advisable to:

  • Avoid linking recovery emails or phone numbers that can directly tie back to personal identities or primary business activities.
  • Consider using secondary, disposable emails or virtual phone numbers that offer an additional layer of anonymity.
  • Use a good VPN service to hide your IP address whenever possible. (Failure to do this is what compromised a Proton Mail user in France who was arrested after after police obtained IP logs.)
  • Consider purchasing services using an anonymous payment method.
  • Stay informed about the legal obligations and policies of communication service providers, especially regarding their compliance with international law enforcement requests.

While Proton Mail and similar services offer substantial protections and end-to-end encryption on their email platform, they are not immune to legal and governmental pressures. Users must navigate these waters carefully, balancing the need for security with the potential legal obligations of their service providers.

RestorePrivacy has reached out to Proton Mail for a comment on the case and their exact involvement, but a statement wasn’t immediately available. at the time of publication.

Update: Statement from Proton and additional commentary

Proton has now confirmed the key details of this case and provided RestorePrivacy with the following comment:

We are aware of the Spanish terrorism case involving alleged threats to the King of Spain, but as a general rule we do not comment on specific cases. Proton has minimal user information, as illustrated by the fact that in this case data obtained from Apple was used to identify the terrorism suspect. Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method. Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order, as terrorism is against the law in Switzerland.

Spokesperson for Proton

In an email to RestorePrivacy, Proton also pointed out that adding a recovery email is optional. While this is true, we have also observed Proton Mail requiring a verification email address for account creation. As tested today, Proton required a verification email when signing up through a VPN service and also Tor.

Proton Mail Discloses User Data Leading to Arrest in Spain (3)

In the verification box, Proton states that the email address “will only be used for this one-time verification.” Unlike a recovery email, this verification email presumably does not stay connected to the account.

Further reading

  • ProtonMail Complied with 5,957 Data Requests in 2022 – Still Secure and Private?
  • Proton Mail Review
  • 10 Best Private and Secure Email Services

This article was updated on May 7, 2024 with the statement form Proton Mail and further discussion on the verification methods.

Proton Mail Discloses User Data Leading to Arrest in Spain (2024)

FAQs

What is the Proton Mail controversy? ›

Proton AG — the Swiss company behind Proton Mail, the popular encrypted email service — came under fire in April for complying with a request from Spanish police for information about one of its users — a Catalan pro-independence activist. It's obvious why that was a controversial move.

Read On
Can police trace Proton Mail? ›

This is known as metadata, and these details include recovery email addresses, phone numbers linked to a Proton account, and even IP addresses. Law enforcement can force companies to hand these details over as part of ongoing investigations.

Discover More Details
Does Proton Mail share data? ›

Our overriding policy is to collect as little user information (personal data included) as possible to ensure a private user experience when using the Services. We do not have the technical means to access the content of your encrypted emails, files, calendar events, passwords, or notes.

Continue Reading
Does Proton Mail cooperate with law enforcement? ›

Under Swiss law, we're required to cooperate with law enforcement agencies on criminal investigations within the framework of Swiss laws and privacy regulations.

See Details
Is Proton Mail safe anymore? ›

Do you know a safer service? Yes, ProtonMail is the safest email service. E2EE means fewer parties have access to your unencrypted data. All messages on our servers are either end-to-end encrypted or stored with zero-access encryption, which means we have no way to read them.

Find Out More
Can I trust Proton Mail? ›

Proton believes your data belongs to you. That's why we use end-to-end encryption and zero-access encryption to ensure that only you can read your emails. We cannot read or give anyone else access to your emails.

Tell Me More
Can I be traced using Proton Mail? ›

Proton Mail protects you from tracking pixels by default, but advertisers have more tools they can use to track you. After spy pixels, tracking links embedded in an email or newsletter are one of the most common ways companies try to spy on you.

Show Me More
Can FBI access Proton Mail? ›

Proton AG of ProtonMail can provide FBI with your account recovery email | Hacker News. Of course they can, why is this news? If you intend to use it anonymously why would you set a recovery email to something that identifies you? It's “news” because someone wanted to share it.

Explore More
Is Proton Mail safer than Gmail? ›

Still deciding between Proton Mail vs. Gmail? While Gmail scans your emails and lets third parties into your inbox, Proton Mail blocks all trackers and encrypts your messages so only you can read them. We believe you should be the one who chooses what happens to your data.

Continue Reading
Can police track ProtonVPN? ›

All Proton VPN servers are protected by full-disk encryption, meaning no one can access their encryption keys.

Show Me More

Do lawyers use Proton Mail? ›

Like all services, Proton Mail can be used both legally or illegally, but there is nothing out of the ordinary with possessing an account. Millions of people use Proton Mail, including journalists, activists, doctors, lawyers, businessmen, and people from all walks of life.

Read The Full Story
Can Proton Mail be subpoenaed? ›

The email provider only holds onto the encrypted gibberish, and in the event of a warrant or subpoena, this gibberish would be the only content it could hand over. (Metadata is another story, but that's a whole other post!)

See Details
What's the deal with Proton Mail? ›

An email message sent from one Proton Mail account to another is automatically encrypted with the public key of the recipient. Once encrypted, only the private key of the recipient can decrypt the message. When the recipient logs in, their mailbox password decrypts their private key and unlocks their inbox.

Get More Info Here
Why Proton Mail is not accepted? ›

Why sites block Proton Mail. Proton Mail can sometimes be blocked by accident because we're not yet as well known as some of the largest email providers. For example, to reduce spam, some forums only allow registration from well-known email providers like Yahoo, Outlook, Gmail, etc.

Continue Reading
What is the downside of Proton Mail? ›

One slight downside is that it requires you to provide an email upon sign-up. You'll have to enter either a current email address or a phone number. I never had to submit any of these when I signed up for other secure mail services like Hushmail or Tutanota. TRY UP TO 38% OFF PROTONMAIL HERE!

View More
Why would someone use Proton Mail? ›

Email trackers tell senders and advertisers what you read and click on, and can follow you around the web. Proton Mail protects you from these digital spies and prevents companies from monitoring you.

View Details
Top Articles
Top 10 Best Math Competitions for High School Students
Symptoms & Causes of Food Poisoning - NIDDK
Golden Abyss - Chapter 5 - Lunar_Angel
Unit 30 Quiz: Idioms And Pronunciation
Housing near Juneau, WI - craigslist
Algebra Calculator Mathway
Arkansas Gazette Sudoku
Unitedhealthcare Hwp
Zitobox 5000 Free Coins 2023
Mail Healthcare Uiowa
Roblox Character Added
Lima Crime Stoppers
Craigslist Jobs Phoenix
Best Suv In 2010
Condogames Xyz Discord
Letter F Logos - 178+ Best Letter F Logo Ideas. Free Letter F Logo Maker. | 99designs
Chastity Brainwash
Mflwer
Nevermore: What Doesn't Kill
Long Island Jobs Craigslist
Titanic Soap2Day
8005607994
Teekay Vop
Caring Hearts For Canines Aberdeen Nc
Surplus property Definition: 397 Samples | Law Insider
Accuweather Minneapolis Radar
Urbfsdreamgirl
Accuradio Unblocked
O'reilly's In Mathis Texas
Enduring Word John 15
Jailfunds Send Message
Tracking every 2024 Trade Deadline deal
Tu Housing Portal
Tripcheck Oregon Map
Planned re-opening of Interchange welcomed - but questions still remain
R/Orangetheory
Goodwill Thrift Store & Donation Center Marietta Photos
The Best Carry-On Suitcases 2024, Tested and Reviewed by Travel Editors | SmarterTravel
Police Academy Butler Tech
AsROck Q1900B ITX und Ramverträglichkeit
Natashas Bedroom - Slave Commands
Dynavax Technologies Corp (DVAX)
2700 Yen To Usd
Qlima© Petroleumofen Elektronischer Laserofen SRE 9046 TC mit 4,7 KW CO2 Wächter • EUR 425,95
Setx Sports
Doe Infohub
Tableaux, mobilier et objets d'art
Quaally.shop
Random Animal Hybrid Generator Wheel
Terrell Buckley Net Worth
San Pedro Sula To Miami Google Flights
Latest Posts
Guide on Charges for Stock Pledging and Unpledging at Angel One
Apple iPad Pro vs MacBook Air: Which should you buy?
Article information

Author: Dr. Pierre Goyette

Last Updated:

Views: 6015

Rating: 5 / 5 (50 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Dr. Pierre Goyette

Birthday: 1998-01-29

Address: Apt. 611 3357 Yong Plain, West Audra, IL 70053

Phone: +5819954278378

Job: Construction Director

Hobby: Embroidery, Creative writing, Shopping, Driving, Stand-up comedy, Coffee roasting, Scrapbooking

Introduction: My name is Dr. Pierre Goyette, I am a enchanting, powerful, jolly, rich, graceful, colorful, zany person who loves writing and wants to share my knowledge and understanding with you.