I don't think this is solely the issue that users don't understand that the companies are obliged to provide the data requested by the authorities.
The whole controversy surrounding Proton started when they marketed themselves as "secure and private email", promising they would NEVER give away their users' data, until they did. I had a similar discussion with my friends today about this topic and the issue I have with it is that Proton tries to market itself as an email which will never snitch your data to the authorities. And we've seen countless times (they have provided data to almost 6k requests last year) that this isn't the case.
The problem as I see it is that Proton is not even trying to challenge the requests anymore. It's not like Tuta, who you can read on the news that they keep challenging almost every order they get from the authorities, even if they lose the battle in court: https://techcrunch.com/2020/12/08/german-secure-email-provid...
As I read on a website comparing "private email services", the question here is not whether a service provider will or will not abide by the court requests. It's whether it will do anything to challenge it or just giveaway the data without questions asked.
I disagree, while the marketing is carefully worded, it doesn't say that and both Proton's privacy policy and their transparency report detail what kinds of information they gather and how often they hand over that data.
But didn't this prove the opposite? An optional email recovery.. I think other companies would have been obligated to provide far more information, including emails etc..
Tangent: Been looking to switch email providers for a while, and hadn’t heard of Tuta. Looked good enough I just went ahead and signed up… only to find out apparently they provide no real data portability whatsoever.
The only option for getting your email _out_ of their systems is to select small batches of them one-by-one in their app and export them.
There have been many requests for something similar to Proton’s bridge functionality that haven’t gone anywhere. A more useful export function has been near the top of their public roadmap[0] for half a decade now it looks like.[1]
Guess I’ll go find out what their refund process is like.
The one good way forward I can see for any such privacy-conscious service provider is to let the user see exactly what data is stored about them (and purge it where feasible).
You store my access times and IP addresses? I should see that.
The whole controversy surrounding Proton started when they marketed themselves as "secure and private email", promising they would NEVER give away their users' data, until they did. I had a similar discussion with my friends today about this topic and the issue I have with it is that Proton tries to market itself as an email which will never snitch your data to the authorities. And we've seen countless times (they have provided data to almost 6k requests last year) that this isn't the case.
The problem as I see it is that Proton is not even trying to challenge the requests anymore. It's not like Tuta, who you can read on the news that they keep challenging almost every order they get from the authorities, even if they lose the battle in court: https://techcrunch.com/2020/12/08/german-secure-email-provid...
As I read on a website comparing "private email services", the question here is not whether a service provider will or will not abide by the court requests. It's whether it will do anything to challenge it or just giveaway the data without questions asked.