Indian Govt's Move to Ban ProtonMail

by
, posted

alt text

In a recent development that has sparked debates on digital privacy and security forums, the Indian government made headlines with its decision to block ProtonMail, a renowned end-to-end encrypted email service.

The HT reported that:

The IT ministry has decided to issue an order blocking end-to-end encrypted email service Proton Mail on Wednesday at the request of the Tamil Nadu police over a hoax bomb threat sent to at least thirteen private schools in Chennai on February 8

The News outlet could not ascertain if a blocking order will be issued to Apple and Google to block the Proton Mail app.

The final order to block the website has not yet been sent to the Department of Telecommunications (DoT) but the MeitY has flagged the issue with the DoT. All this is coming two days after the Skiff announced its shutdown.

My Thoughts

The decision was reached after the Tamil Nadu police failed to trace the IP address of the email sender. In response, they opted to block the email service from the region entirely, which is in no way an appropriate or well-thought-out solution.

Do criminals also use the internet and computers? Should we consider banning those as well…! What about the fact that they also breathe air?

Targeting services instead of addressing the root problem may provide a temporary fix but often does more harm than good. Decisions should be proportional to the issue at hand.

If implemented, this action would primarily affect regular users instead of bad actors who can easily resort to numerous other services for such activities. Moreover, there would be no real benefit if the offenders were based outside of India.

Solution

The privacy policy of ProtonMail states that due to the nature of the SMTP protocol, they have access to certain email metadata — including sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times.

The Proton have already received a request from Indian IT Ministry regarding it, and they are currently working to resolve this situation and are investigating how they can work together with the Indian authorities to do so.

In scenarios like this, ProtonMail can suspend the offender’s account, a measure they have taken before. However, concerns arise over the disclosure of Personally Identifiable Information as:

  1. The incident involved a hoax email, it will be disproportionate to take such an extreme step.
  2. Disclosure risks tarnishing ProtonMail’s reputation as a privacy-focused service, potentially impacting their business negatively.

Aftermath of a Potential Ban

While the ban has not been enforced yet, in the event that Proton and the Indian IT Ministry fail to reach a mutual understanding, here are the steps Proton and you, as a ProtonMail user, could consider as emergency measures:

With many users facing the prospect of being locked out of their services, switching providers all at once is impractical. Therefore, Proton should consider offering free email forwarding to all users.

This would allow users to continue receiving emails in their preferred inbox even if they are unable to access ProtonMail without a VPN 247. Such a measure could help Proton retain a portion of its user base, if not all of it.

However, implementing email forwarding may require ProtonMail to request a grace period of a day or two from the Indian Ministry to allow users to set up mail forwarding — a feasibility that remains uncertain. A way around would be to connect via VPN to enable it.

Furthermore, Proton could initiate negotiations with the Indian IT Ministry on alternative terms, ensuring that any discussions do not compromise the core principles of their privacy policy.

Closing Note

I sincerely hope that this potential ordeal remains just that — an unsettling possibility. As someone who heavily relies on ProtonMail, this situation has prompted me to consider transitioning to my custom mail domain permanently.

Currently my attention is drawn towards ZohoMail and Startmail.com which is another but paid option.

Regardless of the outcome of this uncertainty, I plan to continue using ProtonMail alongside a VPN. However, moving forward, I intend to shift my essential services to my custom email domain.


This is Day 17 of #100DaysToOffload

That is all for today. If you found this post useful consider sharing it with friends.

Your Signature