ProtonMail forced to release user’s IP address, but it had a good reason


ProtonMail is a service hailed for its commitment to privacy. It’s a particular favorite among journalists, as it can be used by whistleblowers and others safely without fear of revealing their identity. However, ProtonMail was recently forced by Swiss authorities to release a user’s IP address it had registered, despite having a good reason.

A few months ago, Ryanair flight FR4978 was traveling from Athens in Greece to Vilnius in Lithuania. However, the flight was diverted to Minsk airport in Belarus after a bomb threat was sent to Minsk national airport and Lithuanian state-owned airports. These emails were sent from a ProtonMail address according to ICAO investigative survey, and what is particularly interesting is that the IP address that was used to create the account was also reported to the authorities by ProtonMail.

ProtonMail published the IP address of the account used to send the emails

After the plane landed in Minsk, journalist Roman Protasevich and his girlfriend Sofia Sapega were arrested. Investigators in Lithuania opened a preliminary investigation in the case, which is why ProtonMail was compelled by a “mutual legal assistance mechanism” to release the IP address to the authorities. The United States also recently accused the Belarusian government of “air piracy” over the incident, indictment of four Belarusian government officials.

ProtonMail said in a report in May 2021 that he had been forced by an official request from the Swiss government to release the information he had, while specifying that the email itself had been published by investigative journalists. “We support the European authorities in their investigations, as we are legally obliged to do so based on an official request from the Swiss government.”

However, many might be surprised that ProtonMail was able to publish the account creator’s IP address in the first place. The company’s commitment to privacy (as evidenced by email and mailbox content being fully encrypted) would have led many to believe that it would have been unable to recover the IP address. I contacted ProtonMail to ask how this was possible, and was told the company does not comment on specific cases. However, I was given the following answer with general reference to the company privacy policy.

Data linked to the opening of an accountdetails the measures taken to prevent abuse and protect users. Specifically: “The IP addresses, email addresses and phone numbers provided are stored temporarily in order to send you a verification code and for anti-spam purposes

It seems that when the Lithuanian government realized the bomb threat was a hoax, ProtonMail was contacted. The Ryanair flight forced to land in Belarus flew on May 23, 2021, meaning the company kept a log of the IP address for just over a week at that time. It’s unclear how long ProtonMail retains IP addresses, email addresses, and phone numbers after they were last used.

What is clear, however, is that the company’s promise to encrypt email content has not been broken. All investigators were able to collect from ProtonMail the date and time the account was created, as well as the IP address used to create it. It’s also worth noting that it doesn’t appear that the email sender’s IP address was not logged, and only the IP address was used to create the account.


Comments are closed.