Proton AG, the Swiss company responsible for Proton Mail, a popular encrypted email service, faced criticism in April for complying with a request from Spanish authorities for user information regarding a Catalan pro-independence activist. Many people were disappointed by Proton’s decision, feeling betrayed by a company that promised privacy. However, those who are upset with Proton for complying with legal requests need to reevaluate their expectations of privacy technology.
While encryption and its principles are widely embraced, it is important to recognize that encryption alone is not a cure-all solution. As encryption usage increases, the significance of metadata also grows. When it comes to privacy, minimizing metadata is crucial, but centralized services have limitations on how much they can minimize their metadata collection.
Proton has done an impressive job of limiting access to user metadata. They deserve credit for building a system where they can only provide an optional recovery email. In the case at hand, Proton supplied the user’s recovery email address, which led the police to their Apple account. However, instead of acknowledging this accomplishment, Proton has faced criticism from online users threatening to cancel their subscriptions and headlines questioning the company’s integrity.
The idealistic perception of privacy technology involves a privacy-focused company receiving a legal request, defiantly refusing to comply, and triumphantly announcing their victory to the cheers of their supporters. This expectation has emerged multiple times in the past, including a previous case involving ProtonMail. However, this fantasy is unrealistic and self-destructive.
If Proton were to take such a defiant stance, they would face overwhelming legal pressure that could quickly lead to the demise of the entire company. Ultimately, this outcome would not benefit Proton, its users, or privacy as a whole. Proton is well aware of this reality, which is why they complied with nearly 6,000 legal requests in 2023 alone. Once the initial shock subsided, level-headed individuals like SethForPrivacy defended Proton Mail, emphasizing that their architecture minimizes the amount of data they retain on any user.
As the controversy cooled down, Proton’s defenders pointed out that deanonymization was only possible in this case because the user had provided an opt-in recovery email. Some argued that it was the activist’s fault for having inadequate operational security. However, blaming the individual for their operational security (opsec) is an unproductive approach. Instead, we should focus on how we can improve the system as a whole.
Encryption serves as the foundation of privacy technology, and we should continue to use it and advocate for its protection. Proton’s minimal metadata collection is another positive aspect of their service. To enhance privacy, experts advise accessing Proton with a VPN or Tor and paying for a subscription using cryptocurrency. While this advice has circulated widely, it is not new, and incidents like the Catalan activist’s deanonymization continue to occur. It is crucial to ensure that services do not rely solely on manual user hardening, as this may leave vulnerable individuals behind.
In the Catalan case, the combination of an email used for signing up for an end-to-end encrypted messaging app, a recovery email provided to a secure email service, and an iCloud email created a trail of metadata that facilitated deanonymization. These mistakes may seem small individually, but together, they create a breadcrumb trail that is relatively easy to follow.
To limit metadata collection, decentralization could be a valuable solution. By building applications on decentralized networks capable of storing and routing data, centralized companies can reduce the amount of data they need to process. For example, in the case of an email service, the decentralized network would store and forward the mail itself, including vulnerable metadata like subject lines and timestamps. These networks could employ advanced privacy-preserving techniques such as onion routing, providing better protection for a user’s IP address even without a VPN. Existing networks like Tor already offer some of these features, and blockchain-based networks like the Nym mixnet provide additional security and incentives.
Although a fully decentralized email service may not be practical due to limitations in storage and spam filters, there are opportunities to implement decentralization in other communication tools like messaging, video conferencing, voice conferencing, and team communication platforms.
Legal requests will continue to be issued, and companies will continue to comply. However, in cases where safety and security are crucial, purposeful decentralization can offer an extra layer of protection, particularly for at-risk individuals. Proton Mail has the opportunity to leverage existing solutions that have been designed and built to enhance privacy and security. They need only reach out for assistance.
Alexander Linton, the director of the encrypted messaging app Session and its nonprofit foundation OPTF, holds an undergraduate degree in journalism from RMIT University and attended the University of Melbourne for graduate school.
This article is intended for general information purposes and should not be considered legal or investment advice. The views expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.