Hello,
I remember reading in a prtivacy report from proton that legaly, they could be forced to give protonmail data, but the vpn was secure because there is no data and you cant be forced to have data. I also read other posts here and there, but I need to ask
In a french subreddit dedicated to law I was mentioning Proton VPN as a safe way to anonimize even for what could be considered criminal or terroriste activies in my country ( even if retroactivly the gov change is minds, nowadays ecologist activist or whistlblowers are considered terror )
A jurist was telling me that no, if servers are in EU and said something I kinda always believed true wich made me wonder again :
“No log is a myth.”
her argument was this
Let’s distinguish the obligations of services like Proton, Monero etc. Wherever they are, they are subject to data retention obligations. In Europe (whether the service is based there or the service is accessible there), they are subject to a data retention obligation, for the judicial authority (which is 12 months). No-log means that the company does not have access to it, especially for solicitation purposes. But the justice system obviously has access upon requisition. This is the DSA and in France LCEN. In the USA, the Patriot Act also imposes 12 months of retention, under similar conditions. Services like Proton then transmit either clear or encrypted data.
ProtonVPN servers are in Netherlands, japan and USA, I wonder how thoses countries couldnt apply theyre law on theyrs teritory ? and about all tyhat jurist said ?
thanks
Note that the servers in the EU countries (as well as all of our servers), utilize full-disk encryption so that no third-party can extract data off of them even if they have physical access to the hardware. So, Proton VPN is truly no-logs.
ok thx for your answer,
so it means autorities have easily acces to encrypted data ? do you know / comunicate how many time this happened ? Do you know if they have been ever decerypted ? the same jurist argued that thoses encryptions are easily broken by legal services when necessary, its was her conclusion .
And I wonder, if the drives are encrypted how do you ensure that the rest of the chain (what is going in and out of that disk) is and with phisical access to running servers someone couldnt somehow at some level monitor traffic , do you comunicate publicaly about the full-disk encryption you use ?
thx again
Guys please post this in all Social Media, for a lot of Americans this would mean A LOT!
You can find all attempts from authorities to get any info from Proton VPN on our Transparency report: https://protonvpn.com/blog/transparency-report
They don’t get the access even to the encrypted data, because we don’t store it, as you can see in the text above.
Encryption is actually extremely difficult to break, as you can read here: https://proton.me/blog/can-encryption-be-broken
We communicate about what kind of encryption we use - our cryptography is open source: https://proton.me/community/open-source
ok thank you very much, would you consdider publishing this post ? I think it could be usefull for further people doing research maybe.
and because I have an autistic side I need this last one sorry : to be extremly clear if I was to expose let say the NSA ( hello ^^) , there is no way as long as I respect your guidelines that I am exposed by any mean ?
anyway thx again .