And no, on windows not "everything" is removed by most uninstallers. At least it wasn't back when I was using windows 7. Though I doubt it's really changed, unless you count those "windows store apps", but that's also equivalently available on mac. Both are a poor imitation of a proper linux package manager.

> Is there anything preventing Proton from disclosing the email content or metadata?

Also please link me to the source code of Proton's server-side code, so I can audit their scanning of all incoming and outgoing mail, to verify it's not logging them. What you linked above is just the clients.

They also admit to scanning all mail to and from non-Proton accounts "for spam". So what's stopping them from one day adding a small if statement that just writes that data to disk, for specific "interesting" users?

Regarding metadata, I sure hope you have nothing to hide in the below emphasized:

> Account Activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: *sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times*. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk. We do not possess the technical ability to scan the content of the messages after they have been encrypted. We also have access to the following records of Account activity: number of messages sent, amount of storage space used, total number of messages, last login time. User data is never used for advertising purposes.

Edit: A reply to your misunderstanding and accusation below:

What do you mean? By "provide your emails to others" I obviously mean the email *contents*, not the email *address*. (Which I also clarified with "the storage of your emails on their servers"). You know, the very thing that is almost the whole selling point of Proton: that they keep the contents of your emails encrypted so "only you" can access them.

> Proton Mail protects the contents of all your messages with zero-access encryption, meaning no one can read them except you and your recipients. Messages you send to other Proton Mail accounts are always end-to-end encrypted, as are emails sent to non-Proton Mail accounts when you use Password-protected Emails.

https://proton.me/security/end-to-end-encryption

Also, what in the SMTP protocol requires Proton to *store* that metadata? Could they not simply delete it after using it (or, crazy idea, encrypt it in the same way the message contents are encrypted in storage), so they would be unable to respond to law enforcement requests the next week, say? They did also previously claim that they didn't log user's IP addresses. Why would they claim something like that, if it's "obvious to anyone who knows" that it's a false claim? Marketing aimed towards their not so technically savvy userbase?

https://www.theregister.com/2021/09/07/protonmail_hands_user...

Let me also remind you that I was replying to a question about "how would it technically even be possible" to "offer loads of your private data when ordered". My reply was, it's easily possible for them to offer your metadata, and you still need to trust their claims about heir implementation of E2EE to believe they won't offer your message contents.

You're very quick to accuse people of spreading misinformation. Let me hit back with an accusation of my own, which is that Proton's PR team have a habit of regularly trying to discredit any critique as "misinformation". Perhaps you've just read too many of their rebuttals?

So that probably has happened. Whether they've even provided other private data I don't know, but

> how would it technically even be possible

Well, it's not possible if you trust their claims about E2EE, but that is just a claim. How's that any different from a non-encrypted email provider saying they won't provide your emails to others? It all comes down to trust in the end.

> Third, let's talk about what was actually disclosed. No emails were handed over. No message content. No metadata about who the user communicated with. The only information Proton could provide [...]

Yes, paying by crypto prevents Proton from disclosing your identity that way. Is there anything preventing Proton from disclosing the email content or metadata? Do they claim they won't disclose that? Clearly they do allow themselves to disclose metadata [1]

> For example, in ransomware cases, we can preserve information about which victims contacted the suspect, so that victims can be notified.

So, "just don't pay with a credit card" comes with the additional caveat of "don't email somebody you don't want the FBI to know you emailed". Whether you also need to "don't write anything you don't want the FBI to know", I haven't investigated further, but you could perhaps look that up yourself. I will just assume that to be the case based on what I've seen.

[0] https://www.reddit.com/r/privacy/comments/1rltej7/comment/o8... [1] https://proton.me/legal/law-enforcement

> First, let's correct the headline: Proton did not provide information to the FBI. What happened is that the FBI submitted a Mutual Legal Assistance Treaty (MLAT) request, which was processed by the Swiss Federal Department of Justice and Police. Proton operates exclusively under Swiss law, and we only respond to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is an important distinction.

> [...]

> The only information Proton could provide was a payment identifier because the user chose to pay with a credit card. This is information the user themselves provided to us through their choice of payment method. Proton also accepts cryptocurrency and cash payments, which would not have been linkable to an identity.

So basically, don't trust Proton with information unless you want the FBI to know it.

It's quite hypocritical of Proton to claim that they protect against government surveillance when they do things like this though [0]. Their legal team has probably ensured they don't claim anything strictly false, but the implication and the reality are wildly different.

[0] https://freedom.press/digisec/blog/proton-mail-is-not-for-an...

Yes they are, quoting that very page:

> Your browser fingerprint appears to be unique among the 312,935 tested in the past 45 days

So clearly they store the information for at least 45 days. This raises the question what they actually mean by unique. If I change my IP and re-test, I get the same

> Your browser fingerprint appears to be unique among the 312,941 tested in the past 45 days

So does that mean that my fingerprint changed, and they can't track me anymore? Or do they mean to tell me that they still track me and I'm still as uniquely identified.

Their methodology and linked articles does not seem to answer this [0] [1]

It's all very complicated, because the fingerprinting needs to be unique enough to identify you while still being "persistent" enough not to identify you as somebody else if you change just one bit of it.

[0] https://www.eff.org/deeplinks/2010/01/primer-information-the...

[1] https://coveryourtracks.eff.org/about

> It may be a lie, but the fact I believed it speaks volumes about my enemies, and not me

> Not "store chess moves in a database." Not "track game state in a table." Actually render a chess board. With pieces. That you can move around. In your browser. Using nothing but SELECT, UPDATE, and a bit of creative thinking.

Please, just write like a person.

I guess that would involve admitting something about the morality of what the USA has been doing since the end of WWII though...

Um, have you actually verified that those are actual exploits then? Vague and technical sounds exactly like a description of AI slop...

What's the distinction? A proof of concept is just something that demonstrates that a bug is possible to exploit, by doing so.

I asked ChatGPT and it claimed "all three". Any linux wizards who can confirm or deny?

Anyway, in my experience using mainly the Claude chat to do some basic (not security) bug hunting, it usually fixates on one specific hypothesis, and it takes some effort to get it off that wrong track, even when I already know it's barking up the wrong tree.