- Lie: “Protonmail obeys the law”
- In 2017 Protonmail seems to have used illegal cyber warfare capabilities to unlawfully break into a suspected phishing server. You can see the tweet and read about it here. They soon deleted the tweet and said: “We cannot confirm nor deny if anything happened.” In 2013 the European Union parliament voted to make hacking a crime that carried a prison sentence of 2 years. “Hacking back” is also illegal under Swiss law.
- Lie : Protonmail offers “Zero Access” or “End to End Encryption”
- A professor who teaches computer science and cryptography Nadim Kobeissi proved that Protonmail does not provide End to End Encryption. Protonmail has since publicly acknowledged that they can decrypt anyone’s encrypted content by obtaining their password/passphrase.
- Lie: Protonmail protects free speech
- Protonmail has stated on Reddit that they are “controlled by the politics of the community that dominates the ProtonMail userbase”. So if a majority of their users wanted to ban an innocent minority group, Protonmail has stated they would “yield to community pressure” and ban all those users from their platform even if their terms of service are not broken. So Protonmail protects free speech as long as it agrees with the majority of their users. Protonmail is not safe for any minority group including Jews, activists or missionaries. If Protonmail has a majority group ask them to ban a minority group of users then Protonmail has stated explicitly that they will do it even if no terms of service are broken. Read Protonmail’s statements here.
- Lie: “Protonmail is open source code.”
- Their front end code is open source. Their back end code and mobile code is kept private. This can be confirmed by reviewing their open-source code here
- Lie: “By default, we do not keep any IP logs”
- Lie: ProtonMail does not require any personally identifiable information to register.
- If a user tries to signup without personal information, via VPN or TOR, they detect it and require a “donation” with a credit/debit card or a confirmation with your personal phone.
- Lie: “When a ProtonMail account is closed, data and emails are immediately deleted from production servers”
- By Swiss law, Protonmail is required to record all data for 6 months. When a user deletes an email, the email and all meta-data must legally be retained for 6 months
- Protonmail Claims to be “Independently Audited”.
- There is only 1 company listed as conducting an Audit of Protonmail, Cyberkov.com. Cyberkov’s website says it’s connected to Harvard, MIT & CERN. And their team is full of Harvard and MIT grads, exactly like Protonmail. So Protonmail’s audit was probably done by Protonmail’s college friends or colleagues. Protonmail also shows a list of people who’ve audited their code, but anyone can email Protonmail to add their name to the list. Years later Professor Kobeissi did a real independent audit and proved Protonmail doesn’t provide “end to end encryption
Contact me via Email or Reddit