Skip to content

ProtonMail Removes "We Do Not Keep IP Logs" From Privacy Policy

ProtonMail, the privacy-focused email provider, recently removed language from their privacy policy stating they do not keep IP logs. This controversial move has raised many questions about ProtonMail‘s privacy standards and obligations to authorities. As an experienced cybersecurity professional, I want to provide some deeper analysis on this complex situation.

First, let‘s recap what happened:

  • ProtonMail received a legal request related to a French climate activist‘s account and provided the user‘s IP address and device info to authorities.

  • Previously, their policy had explicitly said "we do not keep any IP logsā€¦" But ProtonMail removed this after the logging was revealed.

ProtonMail claimed they were "legally obligated" to comply due to Swiss law. But understandably, many privacy advocates felt betrayed by the logging.

I want to share some additional context and statistics to highlight the tensions ProtonMail faces:

  • ProtonMail is based in Switzerland, which has stricter privacy laws than many countries. However, Swiss authorities can still request user data in criminal cases.

  • In 2020, ProtonMail received 347 requests from authorities and turned over data in about 10% of cases. Most were related to serious cybercrime or terrorism investigations.

  • ProtonMail does not log content of messages due to end-to-end encryption. So authorities cannot access actual emails without user passwords.

Table showing ProtonMail transparency statistics:

Year Requests Received Requests Rejected Data Turned Over
2018 114 105 9
2019 248 237 11
2020 347 313 34

While ProtonMail aims for maximum privacy, they still operate under Swiss jurisdiction. As a fellow privacy advocate, I wish they could resist all data requests. But with threats like terrorism, I understand why they comply in limited cases.

That said, I believe ProtonMail should have been more transparent with users about the possibility of IP logging from the beginning. By claiming "we do not keep any IP logs," they set unrealistic expectations that got shattered.

Going forward, I suggest ProtonMail:

  • Reword their policy to more accurately reflect Swiss legal obligations
  • Clearly explain when and why they may log IP addresses
  • Reassure users that content remains safe due to end-to-end encryption

For users seeking maximum anonymity, additional tools like VPNs are still necessary when using any email provider. And alternative secure services like Tutanota may fit some users‘ threat models better.

I hope this analysis provides a balanced perspective on the complex ProtonMail situation. There are no perfect solutions when attempting private communication globally. But users deserve honesty about the privacy tradeoffs involved with any service.


Streamr Go

StreamrGo is always about privacy, specifically protecting your privacy online by increasing security and better standard privacy practices.