Proton AG, the Swiss company known for its popular encrypted email service Proton Mail, faced criticism in April when it complied with a request from Spanish police for user information related to a Catalan pro-independence activist. Many people were outraged by this move, feeling betrayed by a company that promises privacy. However, those who are angry at Proton for complying with legal requests need to reevaluate their expectations of privacy technology.
While encryption is widely admired for its ideals, it is not a cure-all solution. The more we rely on encryption, the more important metadata becomes. When it comes to privacy, minimizing metadata is crucial, but centralized services have limitations in reducing the amount of metadata they collect.
Proton has made significant efforts to limit access to user metadata, and they should be commended for their system that only provides an optional recovery email. In this particular case, Proton disclosed the user’s recovery email address, which led the police to their Apple account. However, instead of acknowledging Proton’s efforts, some online users have called for canceling their subscriptions and questioned the company’s integrity.
The ideal fantasy for privacy technology goes like this: a privacy company receives a legal request, defiantly rejects it, and then proudly announces their victory to the applause of their supporters. This expectation has surfaced multiple times, including in a previous ProtonMail case. However, this fantasy is unrealistic and self-destructive.
If Proton were to take this approach, they would face overwhelming legal pressure that could quickly bring down the entire company. This outcome is not beneficial for Proton, its users, or privacy in general. Proton is well aware of this, which is why they complied with nearly 6,000 legal requests in 2023 alone. Once the initial shock wore off and experts like SethForPrivacy spoke up, more people realized that the outrage was unwarranted and unhelpful.
Blaming the activist’s operational security (opsec) for the deanonymization in this case is a copout. Simply saying that one needs better opsec is not a sufficient ending to the story. The real question is: Can we do better?
Encryption should be our starting point, and we should promote and protect it. Proton offers encryption and minimal metadata collection, which provides a solid foundation. Additionally, using a VPN/Tor (not ProtonVPN) and paying for subscriptions with cryptocurrency are recommended. However, this advice is not new, and we continue to see cases like the Catalan activist’s. People will get left behind if services require extensive manual user hardening, especially those who are at risk and in need of protection.
In the case of the Catalan activist, the combination of an email provided for an end-to-end encrypted messaging app, a recovery email provided to a secure email service, and an iCloud email led to deanonymization. These are small mistakes that anyone could make, but together they create a breadcrumb trail of metadata that can be easily followed.
To limit metadata collection, we should explore the potential of decentralization. By building applications on decentralized networks capable of storing and routing data, we can reduce the amount of data centralized companies need to process. For email services, this means storing and forwarding the mail itself, including vulnerable metadata like subject lines and timestamps. These decentralized networks would employ advanced privacy-preserving techniques like onion routing, providing better protection even without a VPN. Networks like Tor already exist, but there are also blockchain-based networks like Nym mixnet that offer security and incentives.
While decentralized solutions may not be practical for email services due to limitations in storage and spam filters, they can work for other communication tools like messaging, video conferencing, voice conferencing, and team communication platforms.
Legal requests will continue to come, and companies will comply. That’s the reality. But in cases where safety and security are critical, purposeful decentralization can offer an additional layer of protection for at-risk individuals.
Proton, solutions have already been designed and built that could be useful for you and your users. We are here to help, all you have to do is reach out.
Alexander Linton is a director at the encrypted messaging app Session and its nonprofit foundation OPTF. He holds an undergraduate degree in journalism from RMIT University and attended the University of Melbourne for graduate school.
This article provides general information and should not be construed as legal or investment advice. The views expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.