No Data Retention, no logs, and more transparency.
Things that should have been here.
Protonmail needs to be more transparent in the same way as it is expressively transparent, when it says that its service is hosted in Switzerland.
Why?
There are things we should not ask to do as we do here on this list, ask for encrypted data where it should already have, major keys etc.
These things should already be in place and not be something on demand.
Protonmail has an easier to use interface, but that does not mean it's not as accurate in privacy as it should be.
*E-mail traffic log: Messages sent and received should be a maximum of 24 hours.
*No IP address should be stored, never. This should be the only option.
*All metadata must be logically encrypted: If metadata is not encrypted, privacy is shallow.
*Do not save browser fingerprints, never.
*Desktop Client: A desktop app to generate or import pgp keys locally off line in an easy way.
*POP/IMAP/SMTP+LTS: Ensure people have the right to choose to save their emails to their own hard disks with their personal settings. This will also make people living in countries where the internet is slow, they can access their emails offline.
*Save the minimum of necessary information: If it is privacy it has to be privacy.
"Active accounts will have retained indefinitely." What data are retained for undetermined time? More transparency here!
This is very serious, a dedicated attacker with powerful features like the ... government? They can break down poorly crafted passwords and discover gaps with accumulated data, and of course, with the metadata present, this becomes easier.
*Why use Amazon and Dupont de Nemours servers?
*Why are you still with Godaddy?

-
yauaw commented
Totally with you.
I am sure Proton do its best regarding privacy.
I rely on this privacy providing solution.
Beyond that I am convinced that privacy is a hot-burning issue to come.The moral/ethical debate reduces its field to one of the two moral/ethical option POV from a binary POV.
If the last spaces of freedom have to take security concerns into account, privacy no longer exists.
Using human nature as a point for security is like judging a weapon for the same reason.
Good and bad is a whole field of discussions and thoughts by themselves.To me Proton should follow an absolute neutral way to make sens to me.
Since privacy is what we pay for, then the best possible privacy is what we should get. -
Anonymous commented
Is it not also the case that there are legitimate reasons that accounts need to be handed over to authorities?
I am all for privacy and a better internet than we have, but I do not think it should be constructed in such a way that high tech criminals can vanish into legitimate privacy services.
No need to get explicit, I am sure everyone can think about a few examples of activities online that have to be able to be tracked and handed to authorities.
-
L commented
I think a lot of people forget data is needed to catch/find bugs and holes. Money is needed to be independent. People are needed to grow and people hate things that are too hard.
-
Anonymous commented
I like this conversation in general and glad it's happening. Also, props and respect to ProtonMail for having a go at this project.
RE: DNSSEC registrars - Not hating on waiting out registration time that has already been purchased, and DNSSEC is a legit requirement, but it seems like it would be pretty easy to get ethically better than hucksters like GoDaddy at least after the domain registration expires. For instance, I haven't seen or heard nonsense of any kind out of DreamHost, and they are a company that conspicuously supports and contributes to OSS, seems transparent, and are a registrar that supports DNSSEC. Why not use a registrar like that to distance ProtonMail from GoDaddy's baggage? Seemed like strange bedfellows to me too. (+ I'm not a DreamHost employee)
-
Anonymous commented
more transpearency is always welcome but the questions have been answered by "Anonymous commented · March 23, 2017 19:45 " right?
-
Anonymous commented
Even if you run the DNS infrastructure the traffic to the domain can be redirected by GoDaddy by pointing it to another set of DNS servers. It would be much better if it is any registrar with no presence in US.
-
The comment "Anonymous commented · March 23, 2017 14:45" has basically covered everything.
We will add that the reason Godaddy remains the registrar is because they are one of the few registrars to support DNSSEC. Using Godaddy as a registrar is not so problematic because we run our own DNS infrastructure.
-
Hej commented
I agree that these questions are important and even if the answers are what we expect, they should be easier to find or even be presented to the user in the welcome e-mail to educate the population on how and why it's private.
-
Anonymous commented
Why use Amazon and Dupont de Nemours servers? They just don't (IP Location Switzerland - Vaud - Lausanne - Proton Technologies Ag)
- *E-mail traffic log: How do you want to be able to read your mails if they are not stored?
- No IP address should be stored: it is the case, they are stored if you enable IP logging
- All metadata must be logically encrypted: they are, but not end-to-end because because it's not physically possible
- Save the minimum of necessary information: it's the case
- Why are you still with Godaddy? Godaddy is just the registar, not the hoster where do you want them to go? why?
- What data are retained for undetermined time: check the privacy policy maybe?
- Do not save browser fingerprints, never: they don'tAnd i'm not a staff member
-
Chris commented
There are valid questions tho
-
matunixe commented
You are absolutely right, please Protonmail team, take a look at this real issue!
-
J. commented
They use Amazon servers, and Godaddy? I thought their datacenters were all located inside a mountain?
-
Tony commented
Good questions