Proton a few years ago disclosed the IP address of the user of a certain mailbox upon request by LEA. That was enough to get the person found and arrested (I don’t remember what the case was about). They HAVE to comply with these requests, but they DON’T need to log/retain those info ETA: and I was wrong, thanks @Cheradenine@sh.itjust.works to set me straight. But I think the point still stands. I don’t want to be ALWAYS be tied to a VPN, there are some scenarios where I can’t use a VPN.
That was the moment I decided to selfhost my email server.
Posteo doesn’t have to retain IPs and doesn’t, it also doesn’t retain payment info (though if you transfer by wire there’s still a window where a payment can be traced AFAIU).
They will also absolutely forward any and all traffic for a particular account to law enforcement when given a court order. What’s it with criminals thinking that they can outsource opsec to legitimate businesses. Defending against a state-level actor actively hunting you down, watching closely and pouncing on any and every mistake, is a vastly different beast than making sure google doesn’t know about the butt plug you just bought.
Proton a few years ago disclosed the IP address of the user of a certain mailbox upon request by LEA. That was enough to get the person found and arrested (I don’t remember what the case was about). They HAVE to comply with these requests,
but they DON’T need to log/retain those infoETA: and I was wrong, thanks @Cheradenine@sh.itjust.works to set me straight. But I think the point still stands. I don’t want to be ALWAYS be tied to a VPN, there are some scenarios where I can’t use a VPN.That was the moment I decided to selfhost my email server.
Posteo doesn’t have to retain IPs and doesn’t, it also doesn’t retain payment info (though if you transfer by wire there’s still a window where a payment can be traced AFAIU).
They will also absolutely forward any and all traffic for a particular account to law enforcement when given a court order. What’s it with criminals thinking that they can outsource opsec to legitimate businesses. Defending against a state-level actor actively hunting you down, watching closely and pouncing on any and every mistake, is a vastly different beast than making sure google doesn’t know about the butt plug you just bought.
Agree with you, that’s why I buy my butt plugs (and similar toys) with my gmail account! 😁
“If law enforcement is going to look at my data, I’ll give them something to look at” lmao
So now the hosting you use will share the same(or likely much more) data if some government requests it.
They can get my encrypted drive. My domain name is registered to me so that’s clear it’s my email. But no content.