News report on tracking of assumed protonmail users using an IP address by government entities

[Kreyren]

DISCLAIMER: I am not justifying what the charged Mr. Connally did and i am not aware of being related to the case or the person in question itself. I am a concerned protonmail user about my own online privacy which is the main reason for me to pay for protonmail and care about this report.

David Shuster from the TYT news network (among others) reports on Thomas Patrick Connally, Jr. who allegedly used switzerland-based encrypted e-mail service (assuming Protonmail as i am not aware of any other service that would fit that description) was arrested by authorities in West Virginia after sending a death threats to Dr. Anthony Fauci using his IP address. -- https://www.youtube.com/watch?v=lyAOLQes7Bo&t=118s -- https://www.washingtonpost.com/local/public-safety/man-charged-threatening-anthony-fauci/2021/07/27/39be6bb4-ef15-11eb-81d2-ffae0f931b8f_story.html -- https://baltimore.cbslocal.com/2021/07/27/greenbelt-man-thomas-connally-charged-for-threatening-life-of-dr-anthony-fauci-dr-francis-collins/

I am not aware of this network intentionally sharing missleading informations so i don't see a reason to doubt the report thus i assume that there is a privacy issue(s) in the ProtonMail that should be investigated as neither the bridge (that is pain to set up to work with onion routing) or the web client should be able to report the user's IP address.

[Kreyren]

FWIW TYT reports emails sent in Dec 2020 ~ July 2021 where the transparency report that is anywhere near this mentions 2015

In the 4th quarter of 2015, we received an order from the Swiss Federal Police to retain data for an account that was the subject of a criminal investigation. The data preservation order was made by the US Federal Bureau of Investigation via MLAT agreement. After consultation with counsel, Proton Technologies AG decided to comply with the order and preserve the relevant account data. No data was handed over as we have yet to receive a binding court order for this data. -- https://protonmail.com/blog/transparency-report/

[bartbutler]

Thanks for reaching out to us. Please note that:

1. Any limited data we collect and their purposes can be found in our privacy policy: https://protonmail.com/privacy-policy
2. ProtonMail cannot be used for illegal or criminal activities (see our Terms & Conditions: https://protonmail.com/terms-and-conditions), and
3. As a Swiss company, if we receive a valid legal order from Swiss authorities, we are obligated by law to assist to the extent possible (this is applicable to any company, who must legally comply with the laws of its jurisdiction).

It should not be possible for any of our email clients or the bridge to pass along IP information in email headers, and our internal tests confirm that.

[Kreyren]

So if I understand correctly you provided the IP address to the authorities?

Or do you say that the report is inaccurate in authorities tracking the invidual using an IP ?