Oddbean new post about | logout
 Proton is awesome. This kind of notice only happens when your email is tied in with "serious crime". If you a suspected of breaking Swiss law, no business is going to jail over a $13 a month user if the the gov gives them a legally binding order to freeze the account.

It's not just Proton...even the most liberal of domain hosts will not go to jail for their users. They can provide a safe harbor for freedom of speech, free press and whistle-blower projects, but when served a legal mandate to shut down a site, they must comply. If you signed up over Tor and paid with an untraceable coin like Monero, your site may be taken down, but they will still not know who the owner is.

This is not a Proton issue. This is a government law issue.

Proton has said time and time again, when forced, they must comply with Swiss law. They have repeatedly stated publicly recovery emails and recovery phone numbers are not e2ee and can be used to identify you. They recommend setting a recovery phrase instead so they will not be able to hand over any identifying information if forced to under Swiss law.

If the OP has truly don't nothing wrong, and practiced good OPSEC, they should be fine. They should be using a free burner account (signed up and accessed only over Tor) for anything that could potentially get an account frozen. 

The content of their frozen account is e2ee. If they are suspected of doing illegal stuff under Swiss law and they opted to give a backup email or phone number, paid with their debit card, or enabled the dark web monitoring service, that volunteered information can be used to associate their identify, then that's bad OPSEC.

Proton has been very vocal about this, saying they will comply with government law when forced. Don't give them any data and they will have nothing to hand over.

I agree that all-in-one services can be risky. I also know it depends on your threat model and how they are signed up for and used. 

No tool can replace good OPSEC or ultimately save you from bad OPSEC, or a situation like what happened with Skiff.

I use Proton in a compartmentalized way and I recommend it to most of my clients. I use it and recommend it for business domain email as well for most people.

IMO Proton is the best service of its kind out there for most people.

Proton Drive helps people ditch Google drive. That's a huge win for privacy for most people. 

Yes, you can run your own server and email but if you don't do and sustain it just right, it can make you far less secure from attack.

Extreme cases call for extreme measures. In those cases, I wouldn't advise putting any data on anyone else's servers, only communicating through SimpleX or Signal, not using any kind of social media at all, wiping the web of any trace of identity, only connecting to the internet from outside the house, never using clearnet, only using Tor, etc etc.

Without sharing my client guide here, the gist is that I recommend Proton be used in a compartmentalized way, with your "official" main front-facing account using your real name and/or personal domain "business" email for official purposes. This is a huge win over using Google for most people.

There are 15 @protonmail.com etc addresses that can be used for forwarding old email (to a pseudonym email) another for purchases, another for banking, an anonymous email with just random numbers for other purposes etc.

One can then use the unlimited simplelogin aliases (they have the ability to send mail from the alias, not just receive...unlike the current built-in proton aliases) to avoid spam/breaches.

It is best in class for these purposes.

You can then sign up with another account for just VPN, another account for your Bitcoin wallet, another account for anonymous email not associated with your identity etc.

Just make sure you sign up for the other free accounts separate from your main account OVER TOR using their onion site and make sure it's a free account.

If you try to pay for an account at sign up you will have to use a debit card initially. If you upgrade from a free account, you can use cash or Bitcoin!

Sign up over Tor on the PROTON PASS page and you don't have to give an emal.

There is an option when doing it this way (on the Proton Pass page to create a free account and they will automatically create an email for you.

Then, upgrade using Bitcoin or cash and there is no worry of "having all your eggs in one basket".