Enhancing protection and information for activists

Illstration using ProtonMail colors.

ProtonMail was founded in 2014 to build a better internet where privacy is the default, and to protect activists, journalists, and ordinary people from online surveillance. We are activists ourselves, and over the years we have supported movements around the world from Hong Kong to Belarus to Myanmar, both with our products and through direct advocacy. In the last three years, we’ve donated $500,000 to groups like EDRi, NOYB and the International Federation of Journalist’s Safety Fund in their fight for the right to free expression.

Proton operates from Switzerland, a country we have intentionally chosen due to its strong privacy laws and a sound legal framework that protects against enforcement from countries with human rights issues or questionable justice systems. Like many of you, we have been outraged at how governments are targeting citizens, and we will continue to fight for better privacy laws and against abusive persecutions. In 2020 alone, we fought 750 attempts by governments around the world to obtain user data. While Switzerland is far better than most other countries, no legal system is perfect, and there can be cases of injustice. As a law-abiding company, we’ll always have obligations to comply with legally binding orders from the Swiss government.

Our strong encryption technology is the best defense against government overreach, as your mailbox is protected with zero-access encryption. This means nobody can decrypt the messages in your mailbox. Messages exchanged between ProtonMail users are additionally protected with end-to-end encryption. As we don’t have access to these messages, they cannot be handed over to third parties. While ProtonMail provides strong privacy, if you are an activist that also needs anonymity, you have to use our Tor onion site or a VPN.

Our previous communications that stated we do not log IP addresses by default were incomplete and unintentionally confusing. We regret this and are fixing our communication processes to prevent this in the future. ProtonVPN, our VPN service, keeps no logs at all, and under current Swiss law, cannot be legally forced to start keeping logs. However, as an email service, ProtonMail has different legal obligations and different technical and security requirements (for example, we must prevent spam and block attacks). 

While ProtonMail does not store any permanent IP logs by default, we may have to comply with Swiss court orders to log specific users under Swiss criminal investigation. We do hold some temporary security and debug logs and we also temporarily retain the IP used to create an account. We will also log your IP if you decide to turn on advanced security logs. This is reflected in our privacy policy but we can go further than that to ensure everyone who uses ProtonMail understands how their data is used. In the last two weeks, we have done a thorough audit of our systems and can confirm that our actual practices match what is stated in our privacy policy.

We will be launching a brand-new onion site to bring the ProtonMail-over-Tor user experience up to the same level as our web app. To support this effort, we worked with Mozilla earlier this year to address an issue in Firefox that caused a compatibility issue between Tor Browser and the latest version of ProtonMail (Tor Browser is based on Firefox). We are now working with the Tor Project to get these improvements incorporated. We plan to launch our enhanced onion site before the end of the year. In the meantime, you can find our current onion site here.

We have been carefully listening to the feedback from our user community on the need to better explain privacy and security on the internet and for Proton to take a more proactive role in educating the users on this topic. We are going to launch a new educational series called “Privacy Decrypted” that will help debunk myths about privacy and help people everywhere protect themselves on the internet and take back control of how, and with whom, their data is shared. We will launch Privacy Decrypted next week; you can follow us on social media to get updates.

Thank you for speaking up on these challenges. Our initiatives are the first of many to enable freedom online and ensure the internet serves the interests of all people everywhere, every day.

About the Author

Andy Yen

Andy is the Founder and CEO of Proton, the company behind ProtonMail and ProtonVPN. He is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about our mission.