This is non-news, like all tech companies, they are bound by law to do this. It happens more than 6000 times per year for Proton. However, this user just had bad opsec. Proton emails are all encrypted and cannot be read unless law enforcement gets your password, which Proton does not have access to. Even if Proton hands over all data.
Email in transit is not encrypted. At least not encrypted by anything that the government can’t compel the company to hand over. Your password as best can only lockdown the mailbox itself. Not the receipt/sending of emails.
Edit: The point being is that if you’re a person of interest, the government can just watch your activity until they get what they want. And Proton doesn’t really have anything they can do about it other than a canary page I suppose.
Edit2: to make it even more clear, I’m talking about MTAs communicating with each other. Proton being one party would have the keys to their side of the communication which is sufficient to decode the whole lot.
This is non-news, like all tech companies, they are bound by law to do this. It happens more than 6000 times per year for Proton. However, this user just had bad opsec. Proton emails are all encrypted and cannot be read unless law enforcement gets your password, which Proton does not have access to. Even if Proton hands over all data.
Often they just need the user behavior data such as login date and time
Email in transit is not encrypted. At least not encrypted by anything that the government can’t compel the company to hand over. Your password as best can only lockdown the mailbox itself. Not the receipt/sending of emails.
Edit: The point being is that if you’re a person of interest, the government can just watch your activity until they get what they want. And Proton doesn’t really have anything they can do about it other than a canary page I suppose.
Edit2: to make it even more clear, I’m talking about MTAs communicating with each other. Proton being one party would have the keys to their side of the communication which is sufficient to decode the whole lot.
That there is what I call horse shite. SMTPS and STARTTLS are a thing and if you are using a provider who doesn’t use it you need to change.
That still requires the email to be in clear text before it gets re-encrypted by Proton mail. SMTPS gets terminated at your email provider’s boundary.