ProtonMail

ProtonMail is probably the most popular “private” email providers out there, but is it really cares about your privacy?

Let’s start with the signup process. Creating an account you need to solve a CAPTCHA to prove that you are human, but if you try signup with TOR or VPN, the option disappears. And it appears this:



They must want your email address for verification if you want to be anonymous using a VPN! Their claim “ProtonMail does not require any personally identifiable information to register” - what a joke.

Okay, that’s only the sign up process, I can still deal with them if the actual mail service is okay, but is it?

From their privacy policy, let’s see what they collect and how long they store the data:

“''We have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. [...] We also have access to the following records of account activity: number of messages sent, amount of storage space used, total number of messages, last login time. '' ”

And here’s how long they store these datas:

“''When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.'' ”

See, accounts will have data retained permanently by this “Private” ProtonMail! They also store IP logs forever even you deleted the account: “and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions”. And the Terms and conditions: “You agree to not use this Service for any unlawful or prohibited activities. ”, which can mean absolutely everything for prohibited activities as the definition is defined by them.

By taking a look of their [ transparency report, you can see that there are quite a lot of requests from governments around the world, asking ProtonMail to give out a particular user's data, and it is keep increasing - from 336 compiled requests in 2018 to 3017 compiled requests in 2020. They also admitted that they would monitor...l

One of the reason you may use ProtonMail is because of their advertised "End to end encryption", but that's also a paper tiger.