[deleted]
Further context:
Posteo don't log IP address or user information, but can have their mailbox accessible dependent on settings and if there was a law enforcement order demanding that the mailbox be intercepted to receive this info.

Posteo during 2022
User info: 0
IP addresses: 0
Mailbox contents: 4
https://posteo.de/en/site/transparency_report

According to privacy ProtonMail can see IP temporarily but will have discretion in choosing to log for law enforcement or to combat abuse from the platform caused by the user's email.

They mention the limitations of Email protocols and information they can see from it: which is the same I have mentioned before (incoming messages and metadata):

2.2.2 Account Activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk. We do not possess the technical ability to scan the content of the messages after they have been encrypted. We also have access to the following records of Account activity: number of messages sent, amount of storage space used, total number of messages, last login time. User data is never used for advertising purposes.

As for the spam and virus protection, Posteo do it too: https://posteo.de/en/site/privacy_policy
https://proton.me/mail/privacy-policy

ProtonMail during 2022

  • Number of legal orders: 6,995
  • Contested orders: 1,038
  • Orders complied with: 5,957
    • [deleted]

    After reading your first message carefully I understand better. Thank you so much

    • [deleted]

    final "Orders complied with: 5,957"
    What was this ? Essentially IP addresses right ?

      [deleted] I thought this was more secure... The only reason why Proton can not do this is because they use their own app ?
      Why the fuck dooes posteo do not do an app...

      Email as a whole isn't a secure protocol, the only real solutions are to bake other software or features into it, like what Proton and Posteo do, it isn't fully possible to have a perfect email service.

      [deleted] I do not understand well. I find this complicated.
      But posteo has been clear and transparent about all this and they did not lie right ?

      Posteo have never lied about their service, in fact I think their service is good, it's just that Proton do some parts better. If Proton had a service that logged less of the other information like Posteo not logging IP address at all, then it would be perfect.

      [deleted] It is crazy that there is so few trustworthy secure email providers... Knowing this we only have Protonmail and Tutanota (maybe Startmail/mailbox)...

      Tutanota is pretty good, Posteo is good but has serious limitations, Proton is but can be costly. It's a matter of whats better or worse, I use Proton primarily because it supports DMARC and custom domain names, but Posteo's strong privacy policy can be advantageous in some positions.

      [deleted] "Orders complied with: 5,957"
      What was this ? Essentially IP addresses right ?

      They do not specify. Likely they provided all information they had stored in their systems at the time, which is all the information in their privacy policy. Information that is 'encrypted' would not be accessible.

      They specify more information on one case on where they had to surrender user info here: https://proton.me/blog/climate-activist-arrest - this case in particular was important as it reached press attention, but they had no choice in providing this info since it was requested by Swiss courts.

      • zzz replied to this.
      • zzz likes this.

        final
        My favorite quote from that blog post:

        No matter what service you use, unless it is based 15 miles offshore in international waters, the company will have to comply with the law. The Swiss legal system, while not perfect, does provide a number of checks and balances, and it’s worth noting that even in this case, approval from 3 authorities in 2 countries was required, and that’s a fairly high bar which prevents most (but obviously not all) abuse of the system. Under Swiss law, it is also obligatory for the suspect to be notified that their data was requested, which is not the case in most countries.

        Out of curiosity, does Posteo specify which country's jurisdiction they operate under?

          zzz
          Yes, it is Germany (hence the .de in Posteo's domain)

          • zzz likes this.
          • [deleted]

          • Edited

          How does Proton to be zero-access, unlike Posteo ? How do they manage to not be able to read the incoming messages in real-time ? Why doesn't Posteo upgrade to be zero-access ?
          Proton decrypt the emails client-side, unlike Posteo ?
          You said

          Posteo isn't transmitting the encrypted mailbox to you, why do you think using any email client Bworks?
          So this is not the case with Proton ?
          (Sorry @final I asked too much questions because I did not understand well becauae I was tired but your answers are insanely great. Thx.)

            • [deleted]

            It is because Proton's encryption works like Posteo's encryption on entry with PGP ? Activate it for Posteo provides the same level of privacy/security as Proton right ?

              [deleted] Why the fuck dooes posteo do not do an app...

              Because it's a cheap service.
              The saying "you get what you pay for" isn't always the case, but when it comes to Posteo vs. Protonmail, in my opinion, it is. Posteo will cost you a lot less money, but will provide you with a clunky third-party web interface that is rarely updated, and no end-to-end encryption. Last time I checked, and correct me if I'm wrong and if this has been improved, you can also buypass Posteo's 2fa simply by connecting it to a third-party client over IMAP.

              What I don't like about Protonmail is that it requires you to upgrade to the most expensive plan to get more than one custom domain. The Unlimited plan is expensive if you simply want their mail service, and not their VPN etc. in addition.

              (Apparently I don't have permission to edit my own posts).
              Edit: If you do go with Posteo, I recommend using it with a third-party app with good spam filtering. This is because their own filter is complete and utter crap: if one of your email addresses gets leaked in a beach or something, expect spam to appear regularly in your inbox. Posteo does not even provide you with a spam folder, so if you suspect a legitimate email has been stopped by their filter, you have to contact customer support to get them to check.

              I realize this is a lot of ranting about Posteo's negatives. But I do believe that for their price they offer an OK experience. It just doesn't cut it for me personality.

                • [deleted]

                Thanks. I never had any problem with spam with Posteo. I just had to to block one email address in 2years

                  [deleted] How does Proton to be zero-access, unlike Posteo ? How do they manage to not be able to read the incoming messages in real-time ? Why doesn't Posteo upgrade to be zero-access ?
                  Proton decrypt the emails client-side, unlike Posteo ?
                  You said

                  Posteo decrypts the mailbox on their servers when they are used and accessed by an authenticated user. When you use ProtonMail the mailbox is sent to you as encrypted and then decrypted on your machine, this means that Proton cannot see the contents of your mailbox at all even when you are authenticated

                  This is also why ProtonMail and Tutanota which do zero-access require it's own special apps and cannot use a normal mail app. They need their own app to allow support decrypting the mailbox after downloading it. If you are wondering how it would work for Webmail, ProtonMail decrypts the mailbox via JavaScript run on your browser to my knowledge.

                  Relaks I realize this is a lot of ranting about Posteo's negatives. But I do believe that for their price they offer an OK experience. It just doesn't cut it for me personality.

                  I would love Posteo more if they provided DMARC policy, considering the only limits on Posteo otherwise would be the interception issue, but that is outside of even my own threat model. To fix it they'd have to cut support for third-party clients, which can be useful to some. Their price is very good and the privacy policy is extremely solid (payment information is handled way better than Proton is, imo) but that's what drops it down for me. I find Posteo to work a lot better for a Tor network user not involved in suspicious activities or who wanted an email to register accounts but not communicate through it... but thats about all I can think with it.

                  I mainly use Proton for the custom domain support, better email policies and because I use their VPN.

                  [deleted] It is because Proton's encryption works like Posteo's encryption on entry with PGP ? Activate it for Posteo provides the same level of privacy/security as Proton right ?

                  ProtonMail stores the mailbox with standard encryption (AES??) set-up so that Proton cannot let the contents be decrypted on their systems, nor would they ever know the keys to decrypt said mailbox. Posteo also store the mailbox this way, but decrypt the contents on their systems when accessed by the user (this is the flaw).

                  The PGP in Posteo and ProtonMail is used for end-to-end encryption between emailing one user to another. Using PGP or another end to end encryption method for emails will make Posteo unable to read the contents during an interception, and would make Proton unable to see incoming emails from services that aren't Proton's. Posteo makes you do it manually in all cases, while ProtonMail automates the PGP encryption for you on their service, this is why emailing another ProtonMail user is automatically end-to-end encrypted.

                  Big issue with PGP is it isn't well designed, you have to manually do the key transfers between others before communicating on the Email platform. PGP encryption has to be done with consent of both parties, which is practically impossible for emails from a company, and is less possible since most people just won't spend their time learning how to make a key and do it themselves. This is again going back to where there is a big flaw with email not being end to end encrypted.

                  While ProtonMail mitigates this by automating the PGP encryption/decryption process, it is only just a small patch fix for a variety of issues email has entirely, since not everybody uses ProtonMail or PGP

                    [deleted] It's important to note that Proton is only "zero-access" or "zero-knowledge" so long as they want to be. It's technically possible for them to change their client code (the code loaded into your browser or app and used to decrypt your private key using your password) at any time to make it exfiltrate your key, and then use your stolen key to decrypt any messages in your mailbox which have been encrypted with the corresponding public key. In a typical setup where the user has only generated and used one key pair, this probably means all of them.

                    An attack like this was recently used on a Tutanota user, where law enforcement compelled Tutanota to modify the client code served to a particular user suspected of being involved in criminal activity, and they were able to retrieve the key and subsequently access the user's messages. Proton claims this type of attack is not permitted under Swiss law, but if you're an at-risk person trying to use strong encryption, you probably shouldn't rely on one company's interpretation of the law to keep you safe.

                    Proton is not a magical vault for your email like their marketing might suggest; they use PGP under the hood and their implementation suffers from all of the same security drawbacks as using PGP in an ordinary mail client: Subject lines, attachment names, sender, receiver and date metadata are not encrypted, there's no forward secrecy (stolen key = access to all messages), and worse, you can't store and manage the keys offline on a trusted machine. You have to trust the JS code loaded from a Proton server each time you want to access your mailbox.

                    Posteo does server-side encryption of individual mailboxes, which means the key can be more easily stolen while you're logged in, but data is still protected from passive attack while you're logged out.

                    Overall, both companies likely do more harm than good: They promote the idea that email can be made secure and private by bolting bad cryptography and cruft onto an ancient system, and this hinders our ability to move away from said system.

                      final Sorry, but this is misinformation. Proton uses only PGP to encrypt your messages at rest, there is no additional "standard encryption" other than the same volume encryption used by other mail services. When you create your account you generate a public/private key pair client-side, your password is used to encrypt the private key, and both are stored on a Proton server. Incoming messages are encrypted with the public key and stored on a Proton server in a similar structure to PGP email in a local client. When you log in, your password is used to decrypt the private key so you can access your mail, and the confidentiality of the key depends on the trustworthiness of the decryption code they serve to your browser or app. This means that they can't steal your password and decrypt the contents of your mailbox only if they don't want to or haven't been compelled to.

                      End-to-end encryption within ProtonMail also depends on the same trust in their JS code which can be surreptitiously changed by them. In all cases, Proton or an attacker can at any time access various unencrypted data and metadata such as subject lines, sender, receiver and date headers, and attachment names. Only the message body and any attached files are encrypted.

                      The fact that so many people hold these misconceptions is evidence that their marketing is working well and giving users a false sense of security, and they should be condemned for that IMO.

                        418357 Can't edit the above post anymore, but there is some ambiguity I'd like to correct. Where it reads "When you create your account you generate a public/private key pair client-side, your password is used to encrypt the private key, and both are stored on a Proton server." it should read "When you create your account you generate a public/private key pair client-side, your password is used to encrypt the private key, and both the public key and encrypted private key are stored on a Proton server.". My previous post may suggest to readers that the password is stored on a Proton server, but this is not the case. The password is intended to be known only by you, and used for client-side encryption and decryption, never being transmitted to Proton severs.

                          418357 Sorry, but this is misinformation. Proton uses only PGP to encrypt your messages at rest, there is no additional "standard encryption" other than the same volume encryption used by other mail services

                          Was aware of Proton using an encryption for the mailbox, I was aware of PGP being used for messaging between other Proton users but also did not know that the mailbox was encrypted with the same way, since Proton's website is mainly advertising and less technical details its hard for me to discern - big thanks for this, was not an intentional error by any means.

                          418357 In all cases, Proton or an attacker can at any time access various unencrypted data and metadata such as subject lines, sender, receiver and date headers, and attachment names. Only the message body and any attached files are encrypted.

                          I mentioned this in a reply about privacy policies (post #12) although with how Proton phrases and advertises their product, it gives some people the foolish impression that everything isn't accessible when that isn't sadly the case and you have to read the privacy policy just to get the bigger picture.

                          As for the previous post 418357 (too long, wont quote) - sadly this just shows true but also sad examples that if you are using something tied to an online service, there will always be a chance you will be given up. When it comes to threat models where you are at risk of any service giving you in like this, IMO the best bet would just be to avoid everything capable of collecting identifiable information, or use something where your information wouldn't be at risk and with preparation to cover up if that service ever became hostile.

                          Same also can apply to app developers as for the case in the second paragraph of that post, one bad update or exploitation of the Proton app and you're toast...

                          As for the last parts of the last message, it's agreeable. I've constantly mentioned even in this thread that email is a completely flawed system. It would need to either be redone or replaced with something else entirely. For the most of us, these services are more or less just harm reductive alternatives rather than secure alternatives. I would still rather choose Proton over a standard Email provider and do so in about 95% of my emails. While it is condemnable it's also backed partially by the excuse of the terrible design Email is built onto. Business is business and their advertising is likely what made them successful and able to stay afloat in the first place.

                          418357 Edit was seen only after I posted, thanks and noted