ProtonMail and WhatsApp under pressure over user privacy failings

A couple of investigations have revealed that some services that pride themselves on user privacy might not be nearly as secure as they claim.

TechCrunch has done a great job of summarising the case against Switzerland-based ProtonMail, which positions itself as one of the most secure email platforms available. Apparently, having been requested to do so by Europol, the Swiss authorities revealed the IP address of the person who created the ProtonMail account of a French activist to the French police, who was subsequently arrested.

ProtonMail itself has written a blog addressing the matter. “In this case, Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request,” it says. The most awkward part of this story, which isn’t really addressed in the blog, is the fact that ProtonMail was even logging user IP addresses in the first place.

Meanwhile ProPublica has published an investigation that alleges Facebook-owned WhatsApp has teams of contractors that sift through the private messages of its users and that it regularly shares such information with prosecutors. If true, this contradicts claims that WhatsApp messages are subject to strict end-to-end encryption that prevents anyone being able to intercept messages.

‘WhatsApp’s director of communications, Carl Woog, acknowledged that teams of contractors in Austin and elsewhere review WhatsApp messages to identify and remove “the worst” abusers,” says the accompanying article. ‘But Woog told ProPublica that the company does not consider this work to be content moderation, saying: “We actually don’t typically use the term for WhatsApp.”’

Sounds like mere semantics to us. These revelations come on the back of Apple deciding not to spy on its users photos after significant backlash. This is unlikely to be a coincidence and there is a growing body of evidence that digital service providers are under increasing pressure from governments around the world to help them spy on their citizens. If even ProtonMail can’t be trusted then it’s not clear where privacy-conscious consumers can turn.