People will never understand, Proton is a privacy based email server, it is not the dark web where you can do as you please without consequences.
Proton only has access to your IP and device ID, not your data.
With IP and device ID, you can easily track an user like finding the ISP, etc.
Do you wanna do naughty things?? Don't use such services do to so.
And ironically,this 404 Media is the only place I found covering this information and they require you to login to read the whole thing.
Hmmmmmmmmmmmmmmmmmmmmm red flag big time!!!!
Yes it does have access to your data, at least any email coming from or going to another mail provider. Because those are not end to end encrypted. Only encrypted in transit (and even that is optional). So they need to have the plaintext.
I really don't like this about proton, they're always going on about their encryption but most emails they've seen in plain text on their SMTP servers. Because that's just how SMTP works. And so has the provider of the other party.
Once they've put them in your mailbox they can't decrypt them again but I always consider a single exposure a loss of confidentiality. The only emails this doesn't apply to are those from people using PGP (yeah all three of them) and those on proton themselves.
In my view this Achilles heel makes most of their protections irrelevant. But they still market it as if it's the email equivalent of signal, which actually can't see what you say at any point of transit. And non technical people have no idea about the difference.
Ps I'm not blaming proton for not having a technical solution for this because interoperability makes it an unsolvable problem. But I do blame them for their marketing around it.
> Do you wanna do naughty things?? Don't use such services do to so.
Look at the numbers for number of people who die from interactions with police (both armed and unarmed) and then compare that to the extra violent deaths that happen because of defund the police polices and then let us know what you find. Only then can you make the claim you are implying. Otherwise you are doing the conspiracy theory thing where you present random data and then imply the idea you are pushing.
Proton isn't opsec, it's just the best available commercial clearweb host that still has to follow all the laws and comply with warrants, but won't be arbitrarily selling your metadata or engaging in the adtech garbage.
Kagi is to google as proton is to gmail.
You get web mail, custom domains, decent security, decent spam detection, solid features, and no PII being sold. Nice, clean, simple - I like paying them money. I feel good about doing business with them, and I don't run into that often these days.
Sounds like Fastmail, except Fastmail is less sketchy and has better deliverability.
What's sketchy about proton?
[deleted]
404 Media has an excellent track record and is very reputable, if you're saying the "red flag" applies to them.
Journalists should work for free. Which means that they are going to be paid by governments and corporations to spout propaganda because everyone has a mortgage to pay off...
this
I really don’t think 404 Media having a login gate is a red flag. They’re a business that needs to make money and the alternative to subscriptions is ads, which would be exponentially worse for user safety than what exists today.
That's 404 media's approach. That's why I only read their headlines.
In theory you could open up your protonmail account over tor and with bitcoin (or does that not work anymore?).
Its been a good while since I tried them out. Why I don't recommend them anymore is because when I didn't extend my subscription in time (expecting an account downgrade), my mail was locked and emails hold on to as random. Allowed to login only for payment.
That was one red flag from me, the second was when they shared IP address logs of a French protestor. E̶v̶e̶n̶ ̶t̶h̶o̶u̶g̶h̶ ̶a̶t̶ ̶t̶h̶e̶ ̶t̶i̶m̶e̶ ̶t̶h̶e̶y̶ ̶h̶a̶d̶ ̶a̶ ̶n̶o̶ ̶l̶o̶g̶s̶ ̶p̶o̶l̶i̶c̶y̶,̶ ̶i̶f̶ ̶I̶ ̶r̶e̶m̶e̶b̶e̶r̶ ̶c̶o̶r̶r̶e̶c̶t̶l̶y̶.̶ ̶O̶r̶ ̶i̶f̶ ̶I̶ ̶d̶o̶n̶'̶t̶.̶
I let my subscription expire and my account was never locked down or emailed held for ransom. I suspect there is another piece to the story you're either neglecting to mention or don't know.
>the second was when they shared IP address logs of a French protestor. Even though at the time they had a no logs policy, if I remeber correctly. Or if I don't.
You probably aren't remembering correctly given that specifically have a "login logs" option that can be toggled on/off.
Thanks for the update of the current state.
I think at the time there was confusion around their policies
"ProtonMail logged IP address of French activist after order by Swiss authorities"
last time i tried they asked for an email to link the account to. I don't think they provide anonymous accounts anymore, but you can probably create one with another anonymous email.
[deleted]
> Proton only has access to your IP and device ID, not your data.
I like Proton. I use Proton.
However, the problem with proton is that if you access your email via a web browser, there's nothing stopping protonmail (to my knowledge) from reading your email from within their webapp via JS. This type of attack could be targeted at the behest of authorities.
So, actually, Proton COULD read your email (IFF you use webmail).
>So, actually, Proton COULD read your email (IFF you use webmail).
The authorities can also read your self-hosted email if they had a warrant to search your house. Even if you enable FDE they can do a cold boot attack.
Just out of curiosity, what is a cold boot attack?
tl;dr they pull the decryption keys from your computer while it's still running, which of course it is because your mail server has to be up 24/7.
What if you use encryption?
FDE stands for "Full Disk Encryption" in this context.
The only solution is blockchain
Is even that needed? Nothing e2ee about the emails you receive normally, they could just read them right away if they really wanted to. And that is to say nothing about the metadata.
What device identifier are you referring to, something like the MAC addresses of your network cards? How are they retrieving that via a browser?
Proton doesn't really protect anything email related unless the recipient is also using protonmail. The article also points out they sought payment data, not "IP and device ID" information.
> unless the recipient is also using protonmail
Or any similar service from another vendor? Or hosts their own email. If someone using Protonmail emails me, their data is also not getting sold for example, it's just stored on my laptop
Even if it's another self hosted service, proton still needs the plain text in order to send it to them with transit encryption only.
Proton does have interoperability with PGP/GPG but very few people use that because of its UX.
Proton = Privacy Theater. Always has been.
This should surprise exactly nobody after it was disclosed back in [checks notes] 2021 that ProtonMail gave up user data to law enforcement and also changed their TOS.
>after it was disclosed back in [checks notes] 2021 that ProtonMail gave up user data to law enforcement and also changed their TOS.
You shouldn't even need that. A warrant isn't a strongly worded letter that they can just turn down. It's the law. Therefore you should assume that if the police can get a warrant, they can get your data. Even for people who don't follow the law (criminals), there's no guarantee they won't snitch on you.
they used to claim that being Swiss based protected them from warrants like this
Source? We need the exact claim here, because there's a fine line between "we're in switzerland, so warrants aren't a thing!" (outright false) and "we're in switzerland, which have better privacy laws than other countries!" (debatable).
I’m not the person who made the claim, but I just did the most basic of web searches and found this page on their blog:
> Switzerland is a fundamentally different environment. Two of the things Switzerland is most famous for are also highly conducive to data protection: privacy and neutrality.
> When a law enforcement agency in the US requests user data from a Swiss company, it is illegal for that company to provide the data. At Proton, we reject all data requests from foreign agencies.
Keep reading. There’s more, but seems like too much to quote.
> The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties.
Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?
Although I guess the server location didn't matter in this case since all they wanted was the billing information and the credit card info to identify the person.
> Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?
They said they want to relocate to Germany which I would say in a polite way, is much worse in this regard.
In what sense? Germany has among the strongest judicial oversight for invasion of privacy in Europe. Due process is followed when securing search warrants that provide access to subscriber data (Germany does not have administrative subpoenas like in the US and other countries).
Former attempts at surveillance have been struck down in the Bundesverfassungsgericht, and the right to privacy has even been affirmed for foreigners (as opposed to other countries like the US that reserve that foreign nationals have zero due process rights for invasion of privacy).
Germany has strong privacy protections against businesses. But not against the state as they consider themselves above suspicion.
> prides itself both on its end-to-end encryption
Their end-to-end encryption is pointless because the vast majority of any recipients will just leak the plaintext emails via their own account providers anyway. It only works under very specific circumstances (all parties are using it). I think their marketing overstates what their secure private email actually means.
Man 404 Media is really crushing it lately. Thanks to the team!
Where are the stories about all the other mail providers who routinely cough up everything about your email account, including full content, metadata, and full payment details, on a daily basis?
Proton is one of the few services who accepts anonymous payment, and cannot themselves provide encrypted content in cleartext. They cannot save you from yourself, though.
They accept anonymous payment? I could've sworn they require an account...
Proton won’t lock me out of my email because I accidentally sang a copyrighted song in a Youtube video. That’s why I use it, not because it’s the pirate bay for email.
> Proton won’t lock me out of my email because I accidentally sang a copyrighted song in a Youtube video.
Is there a specific story you’re referring to? Mind sharing a link? I have no intention of disputing it, I just haven’t heard of that particular case.
Let me guess .. they weren't going after a "protestor" like the headline would try to lead you to believe.
"Authorities were investigating [them] for their connection to arson, vandalism and doxing"
And there it is.
[deleted]
Does Proton store the payment information tied to an account for the duration of a potential chargeback period or indefinitely?
Whether they store such info for cryptocurrency payments as well (no chargeback risk) would be telling.
Thank you for sharing. I was trialing Proton Mail but I will move away from it because of this. This is some teenage level crime and legitimate protesting that it threw away its reputation for.
Wild that it says this on their site:
>Sign up with no phone number:
Get a private email account without handing over more personal data than necessary, making it harder for advertisers, data brokers, and other services to track you online.
I guess it doesn't mention law enforcement so ¯\_(ツ)_/¯
I'm not sure what you were expecting here. If you have data and the police shows up with a warrant, you can't just tell them "nah we don't feel like it".
They could have used a VPN to connect to Proton and paid for their account with bitcoin or cash and then law enforcement would have had a very tough time. Instead, they paid with a method connected to their identity. Of course Proton handed it over when law enforcement came knocking.
If you don't want info being given to law enforcement by third parties, your best bet is to make it so that nobody else has access to it in the first place. You might get away with third parties that are in a jurisdiction unfriendly to wherever you live. Definitely don't hand over your info to a company in fricken' Switzerland and then be surprised when they comply with law enforcement requests for it.
The article explains that the account was identified based on a credit card payment for a paid account, which does not invalidate the statement in question IMO. Perhaps we differ on the definition of "private" or something else, but unless all parties are using proton, email is inherently insecure and somebody can/will have a record of your communication regardless.
> unless all parties are using proton, email is inherently insecure and somebody can/will have a record of your communication regardless.
That the person you're exchanging messages with, has your messages, is hardly a surprise. Not everyone-but-Proton sells your data though so it's not quite that black-and-white
You're not wrong, but I think it just means you can never be 100% safe, as even the recipient of your message may be secretly working against you.
When a SWAT team drops in nobody's gonna take a bullet for your emails.
This is disappointing. I would pay up to $10/month for an email provider who would go to jail for me.
Well I guess Proton cannot be trusted. You know what they say, centralization corrupts absolutely
What Proton sell you is reduction of anxiety. But that's a lie.
The whole idea of encrypted email is pointless. There's absolutely no guarantee it's encrypted in transit or encrypted at rest on any machines it transits through unless you encapsulate the messages with PGP and then you still leave a trail of envelopes everywhere. Any government who wants your data will come round and beat it out of you or the provider as best as they can. And if you have the pay the provider, as evidenced here, they can point to you and then beat you for it. Beating being metaphorical or otherwise.
Use any old shitty email provider and make sure you can move off it quickly if you need to. Standard IMAP, not weird ass proprietary stuff like proton. Think carefully what you do and say. Use a side channel for anything that actually requires security.
As a long time Proton customer...I am fairly certain Proton has always been completely upfront that they will comply with lawful requests for information from the Swiss authorities, if response is obligated by Swiss law. Therefore this isn't especially surprising.
The key is and always has been to make sure that someone like Proton simply doesn't have the information so they can't give it away.
This is just impossible. If they're going to be sending your email to gmail then they need to see what's in it. So they will have the data at some point. You have to trust their brown eyes that they don't look at it while it's going through their inbound and outbound servers. But they're selling it as a technical protection, not a trust-based one.
Personally, if you want private Comms, just don't use email. The protocol is just not suitable.
Exactly, you can use bitcoin, even cash. You can even add credits with PayPal or a credit card, in which case Proton (I assume) won't remember your payment data. But if you attach credit card info permanently to your account then it can be retrieved.
It's wild to me that people are downvoting this. Nobody is going to jail for you...
I don't think any commercial entity can be trusted to break the law on behalf of customers who only pay a small fee each
In this case, it was Swiss courts who forced them to comply, not foreign courts.
And from what little I can tell from the article, it was account payment data, not content from the account.
Proton was never designed or advertised to resist this kind of threat.
Given they were praising Trump, Vance, and gang - I called it then.
I cancelled my Proton account when all of that hit Mastodon. Their VPN was good, but I dont support nazies and their toadies.
I wasn't even aware of anything around Proton and specific US political parties. Thank you for your post, as it led me to some searching.
The single most useful link I found was this Reddit thread:
In trying to check this claim (I thought Proton did sensible things), I found that the submitted news article is not new at all:
> [Proton's] homepage touts that “With Proton, your data belongs to you, not tech companies, governments, or hackers.” However, [...] Proton previously handed over an IP address at the request of French authorities made via Europol to Swiss police. Yen wrote a Twitter post at the time, stating, “Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities.” ---https://theintercept.com/2025/01/28/proton-mail-andy-yen-tru...
Big surprise: swiss company complies with swiss law!
And the same happened now, quoting the part of the submission that you can read without signing up:
> privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
Anyway, regarding your claim, it's a whole rabbit hole of statements they made but broadly speaking it sounds like you're right: Vance supported legislation which Proton campaigned for and, subsequently (as of 2025-01), Proton loves the US Republican Party, believing they would stand up for 'the little guy'. To be fair, they bring some evidence that sound like it can be verified and back this opinion up somewhat, but even if it's a correct opinion on this sub-topic, it's still supporting authoritarianism. Anyway, this is where I'm going to stop trying to politically analyze their situation and just not recommend Proton anymore...
[flagged]
We do care. Someone's gotta stand up to it.
They’ll still be in business in 20 years. So much for all that standing up.
Well I care. I am more informed because of their comment. I now know that I must avoid Proton.
More informed by that comment, really? Did you read this[0]? As someone disinterested in the topic, the controversy seems very overblown and a knee jerk response. His position seems to have been pretty consistent over time.
I don't know what Proton did regarding Trump, but if you follow this principle to the end you might as well ditch technology and live in the forest. I'm not being hyperbole, everyone does business with or endorses someone on either side who does stupid shit.
Based on the response it seems like a fair number of people found it interesting, but essentially nobody found your emotionally fragile whinging interesting.
[flagged]
> The only whinging I see is people using terms like Nazi for everyone they disagree with
People will never understand, Proton is a privacy based email server, it is not the dark web where you can do as you please without consequences.
Proton only has access to your IP and device ID, not your data. With IP and device ID, you can easily track an user like finding the ISP, etc.
Do you wanna do naughty things?? Don't use such services do to so.
And ironically,this 404 Media is the only place I found covering this information and they require you to login to read the whole thing.
Hmmmmmmmmmmmmmmmmmmmmm red flag big time!!!!
Yes it does have access to your data, at least any email coming from or going to another mail provider. Because those are not end to end encrypted. Only encrypted in transit (and even that is optional). So they need to have the plaintext.
I really don't like this about proton, they're always going on about their encryption but most emails they've seen in plain text on their SMTP servers. Because that's just how SMTP works. And so has the provider of the other party.
Once they've put them in your mailbox they can't decrypt them again but I always consider a single exposure a loss of confidentiality. The only emails this doesn't apply to are those from people using PGP (yeah all three of them) and those on proton themselves.
In my view this Achilles heel makes most of their protections irrelevant. But they still market it as if it's the email equivalent of signal, which actually can't see what you say at any point of transit. And non technical people have no idea about the difference.
Ps I'm not blaming proton for not having a technical solution for this because interoperability makes it an unsolvable problem. But I do blame them for their marketing around it.
> Do you wanna do naughty things?? Don't use such services do to so.
Is that really what happened here?
https://en.wikipedia.org/wiki/Stop_Cop_City
Look at the numbers for number of people who die from interactions with police (both armed and unarmed) and then compare that to the extra violent deaths that happen because of defund the police polices and then let us know what you find. Only then can you make the claim you are implying. Otherwise you are doing the conspiracy theory thing where you present random data and then imply the idea you are pushing.
Proton isn't opsec, it's just the best available commercial clearweb host that still has to follow all the laws and comply with warrants, but won't be arbitrarily selling your metadata or engaging in the adtech garbage.
Kagi is to google as proton is to gmail.
You get web mail, custom domains, decent security, decent spam detection, solid features, and no PII being sold. Nice, clean, simple - I like paying them money. I feel good about doing business with them, and I don't run into that often these days.
Sounds like Fastmail, except Fastmail is less sketchy and has better deliverability.
What's sketchy about proton?
404 Media has an excellent track record and is very reputable, if you're saying the "red flag" applies to them.
Journalists should work for free. Which means that they are going to be paid by governments and corporations to spout propaganda because everyone has a mortgage to pay off...
this
I really don’t think 404 Media having a login gate is a red flag. They’re a business that needs to make money and the alternative to subscriptions is ads, which would be exponentially worse for user safety than what exists today.
That's 404 media's approach. That's why I only read their headlines.
In theory you could open up your protonmail account over tor and with bitcoin (or does that not work anymore?).
Its been a good while since I tried them out. Why I don't recommend them anymore is because when I didn't extend my subscription in time (expecting an account downgrade), my mail was locked and emails hold on to as random. Allowed to login only for payment.
That was one red flag from me, the second was when they shared IP address logs of a French protestor. E̶v̶e̶n̶ ̶t̶h̶o̶u̶g̶h̶ ̶a̶t̶ ̶t̶h̶e̶ ̶t̶i̶m̶e̶ ̶t̶h̶e̶y̶ ̶h̶a̶d̶ ̶a̶ ̶n̶o̶ ̶l̶o̶g̶s̶ ̶p̶o̶l̶i̶c̶y̶,̶ ̶i̶f̶ ̶I̶ ̶r̶e̶m̶e̶b̶e̶r̶ ̶c̶o̶r̶r̶e̶c̶t̶l̶y̶.̶ ̶O̶r̶ ̶i̶f̶ ̶I̶ ̶d̶o̶n̶'̶t̶.̶
I let my subscription expire and my account was never locked down or emailed held for ransom. I suspect there is another piece to the story you're either neglecting to mention or don't know.
>the second was when they shared IP address logs of a French protestor. Even though at the time they had a no logs policy, if I remeber correctly. Or if I don't.
You probably aren't remembering correctly given that specifically have a "login logs" option that can be toggled on/off.
Thanks for the update of the current state.
I think at the time there was confusion around their policies
"ProtonMail logged IP address of French activist after order by Swiss authorities"
https://techcrunch.com/2021/09/06/protonmail-logged-ip-addre...
You can still pay with cash!
last time i tried they asked for an email to link the account to. I don't think they provide anonymous accounts anymore, but you can probably create one with another anonymous email.
> Proton only has access to your IP and device ID, not your data.
I like Proton. I use Proton.
However, the problem with proton is that if you access your email via a web browser, there's nothing stopping protonmail (to my knowledge) from reading your email from within their webapp via JS. This type of attack could be targeted at the behest of authorities.
So, actually, Proton COULD read your email (IFF you use webmail).
>So, actually, Proton COULD read your email (IFF you use webmail).
The authorities can also read your self-hosted email if they had a warrant to search your house. Even if you enable FDE they can do a cold boot attack.
Just out of curiosity, what is a cold boot attack?
https://en.wikipedia.org/wiki/Cold_boot_attack
tl;dr they pull the decryption keys from your computer while it's still running, which of course it is because your mail server has to be up 24/7.
What if you use encryption?
FDE stands for "Full Disk Encryption" in this context.
The only solution is blockchain
Is even that needed? Nothing e2ee about the emails you receive normally, they could just read them right away if they really wanted to. And that is to say nothing about the metadata.
What device identifier are you referring to, something like the MAC addresses of your network cards? How are they retrieving that via a browser?
Here you are: https://archive.ph/Zvw3O
Proton doesn't really protect anything email related unless the recipient is also using protonmail. The article also points out they sought payment data, not "IP and device ID" information.
> unless the recipient is also using protonmail
Or any similar service from another vendor? Or hosts their own email. If someone using Protonmail emails me, their data is also not getting sold for example, it's just stored on my laptop
Even if it's another self hosted service, proton still needs the plain text in order to send it to them with transit encryption only.
Proton does have interoperability with PGP/GPG but very few people use that because of its UX.
Proton = Privacy Theater. Always has been.
This should surprise exactly nobody after it was disclosed back in [checks notes] 2021 that ProtonMail gave up user data to law enforcement and also changed their TOS.
>after it was disclosed back in [checks notes] 2021 that ProtonMail gave up user data to law enforcement and also changed their TOS.
You shouldn't even need that. A warrant isn't a strongly worded letter that they can just turn down. It's the law. Therefore you should assume that if the police can get a warrant, they can get your data. Even for people who don't follow the law (criminals), there's no guarantee they won't snitch on you.
they used to claim that being Swiss based protected them from warrants like this
Source? We need the exact claim here, because there's a fine line between "we're in switzerland, so warrants aren't a thing!" (outright false) and "we're in switzerland, which have better privacy laws than other countries!" (debatable).
I’m not the person who made the claim, but I just did the most basic of web searches and found this page on their blog:
https://proton.me/blog/data-privacy-abortion
Quote (emphasis theirs, in bold):
> Switzerland is a fundamentally different environment. Two of the things Switzerland is most famous for are also highly conducive to data protection: privacy and neutrality.
> When a law enforcement agency in the US requests user data from a Swiss company, it is illegal for that company to provide the data. At Proton, we reject all data requests from foreign agencies.
Keep reading. There’s more, but seems like too much to quote.
> The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties.
Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?
Although I guess the server location didn't matter in this case since all they wanted was the billing information and the credit card info to identify the person.
> Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?
They said they want to relocate to Germany which I would say in a polite way, is much worse in this regard.
In what sense? Germany has among the strongest judicial oversight for invasion of privacy in Europe. Due process is followed when securing search warrants that provide access to subscriber data (Germany does not have administrative subpoenas like in the US and other countries).
Former attempts at surveillance have been struck down in the Bundesverfassungsgericht, and the right to privacy has even been affirmed for foreigners (as opposed to other countries like the US that reserve that foreign nationals have zero due process rights for invasion of privacy).
Germany has strong privacy protections against businesses. But not against the state as they consider themselves above suspicion.
> prides itself both on its end-to-end encryption
Their end-to-end encryption is pointless because the vast majority of any recipients will just leak the plaintext emails via their own account providers anyway. It only works under very specific circumstances (all parties are using it). I think their marketing overstates what their secure private email actually means.
Man 404 Media is really crushing it lately. Thanks to the team!
Where are the stories about all the other mail providers who routinely cough up everything about your email account, including full content, metadata, and full payment details, on a daily basis?
Proton is one of the few services who accepts anonymous payment, and cannot themselves provide encrypted content in cleartext. They cannot save you from yourself, though.
They accept anonymous payment? I could've sworn they require an account...
Proton won’t lock me out of my email because I accidentally sang a copyrighted song in a Youtube video. That’s why I use it, not because it’s the pirate bay for email.
> Proton won’t lock me out of my email because I accidentally sang a copyrighted song in a Youtube video.
Is there a specific story you’re referring to? Mind sharing a link? I have no intention of disputing it, I just haven’t heard of that particular case.
Let me guess .. they weren't going after a "protestor" like the headline would try to lead you to believe.
"Authorities were investigating [them] for their connection to arson, vandalism and doxing"
And there it is.
Does Proton store the payment information tied to an account for the duration of a potential chargeback period or indefinitely?
Whether they store such info for cryptocurrency payments as well (no chargeback risk) would be telling.
Thank you for sharing. I was trialing Proton Mail but I will move away from it because of this. This is some teenage level crime and legitimate protesting that it threw away its reputation for.
Wild that it says this on their site:
>Sign up with no phone number: Get a private email account without handing over more personal data than necessary, making it harder for advertisers, data brokers, and other services to track you online.
I guess it doesn't mention law enforcement so ¯\_(ツ)_/¯
I'm not sure what you were expecting here. If you have data and the police shows up with a warrant, you can't just tell them "nah we don't feel like it".
They could have used a VPN to connect to Proton and paid for their account with bitcoin or cash and then law enforcement would have had a very tough time. Instead, they paid with a method connected to their identity. Of course Proton handed it over when law enforcement came knocking.
If you don't want info being given to law enforcement by third parties, your best bet is to make it so that nobody else has access to it in the first place. You might get away with third parties that are in a jurisdiction unfriendly to wherever you live. Definitely don't hand over your info to a company in fricken' Switzerland and then be surprised when they comply with law enforcement requests for it.
The article explains that the account was identified based on a credit card payment for a paid account, which does not invalidate the statement in question IMO. Perhaps we differ on the definition of "private" or something else, but unless all parties are using proton, email is inherently insecure and somebody can/will have a record of your communication regardless.
> unless all parties are using proton, email is inherently insecure and somebody can/will have a record of your communication regardless.
That the person you're exchanging messages with, has your messages, is hardly a surprise. Not everyone-but-Proton sells your data though so it's not quite that black-and-white
You're not wrong, but I think it just means you can never be 100% safe, as even the recipient of your message may be secretly working against you.
When a SWAT team drops in nobody's gonna take a bullet for your emails.
This is disappointing. I would pay up to $10/month for an email provider who would go to jail for me.
https://en.wikipedia.org/wiki/Bulletproof_hosting
Actually neat. No mail deliverable issues?
Well I guess Proton cannot be trusted. You know what they say, centralization corrupts absolutely
What Proton sell you is reduction of anxiety. But that's a lie.
The whole idea of encrypted email is pointless. There's absolutely no guarantee it's encrypted in transit or encrypted at rest on any machines it transits through unless you encapsulate the messages with PGP and then you still leave a trail of envelopes everywhere. Any government who wants your data will come round and beat it out of you or the provider as best as they can. And if you have the pay the provider, as evidenced here, they can point to you and then beat you for it. Beating being metaphorical or otherwise.
Use any old shitty email provider and make sure you can move off it quickly if you need to. Standard IMAP, not weird ass proprietary stuff like proton. Think carefully what you do and say. Use a side channel for anything that actually requires security.
As a long time Proton customer...I am fairly certain Proton has always been completely upfront that they will comply with lawful requests for information from the Swiss authorities, if response is obligated by Swiss law. Therefore this isn't especially surprising.
The key is and always has been to make sure that someone like Proton simply doesn't have the information so they can't give it away.
This is just impossible. If they're going to be sending your email to gmail then they need to see what's in it. So they will have the data at some point. You have to trust their brown eyes that they don't look at it while it's going through their inbound and outbound servers. But they're selling it as a technical protection, not a trust-based one.
Personally, if you want private Comms, just don't use email. The protocol is just not suitable.
Exactly, you can use bitcoin, even cash. You can even add credits with PayPal or a credit card, in which case Proton (I assume) won't remember your payment data. But if you attach credit card info permanently to your account then it can be retrieved.
It's wild to me that people are downvoting this. Nobody is going to jail for you...
I don't think any commercial entity can be trusted to break the law on behalf of customers who only pay a small fee each
In this case, it was Swiss courts who forced them to comply, not foreign courts.
And from what little I can tell from the article, it was account payment data, not content from the account.
Proton was never designed or advertised to resist this kind of threat.
Given they were praising Trump, Vance, and gang - I called it then.
I cancelled my Proton account when all of that hit Mastodon. Their VPN was good, but I dont support nazies and their toadies.
I wasn't even aware of anything around Proton and specific US political parties. Thank you for your post, as it led me to some searching.
The single most useful link I found was this Reddit thread:
https://www.reddit.com/r/ProtonMail/comments/1i2nz9v/on_poli...
In trying to check this claim (I thought Proton did sensible things), I found that the submitted news article is not new at all:
> [Proton's] homepage touts that “With Proton, your data belongs to you, not tech companies, governments, or hackers.” However, [...] Proton previously handed over an IP address at the request of French authorities made via Europol to Swiss police. Yen wrote a Twitter post at the time, stating, “Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities.” ---https://theintercept.com/2025/01/28/proton-mail-andy-yen-tru...
Big surprise: swiss company complies with swiss law!
And the same happened now, quoting the part of the submission that you can read without signing up:
> privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
Anyway, regarding your claim, it's a whole rabbit hole of statements they made but broadly speaking it sounds like you're right: Vance supported legislation which Proton campaigned for and, subsequently (as of 2025-01), Proton loves the US Republican Party, believing they would stand up for 'the little guy'. To be fair, they bring some evidence that sound like it can be verified and back this opinion up somewhat, but even if it's a correct opinion on this sub-topic, it's still supporting authoritarianism. Anyway, this is where I'm going to stop trying to politically analyze their situation and just not recommend Proton anymore...
[flagged]
We do care. Someone's gotta stand up to it.
They’ll still be in business in 20 years. So much for all that standing up.
Well I care. I am more informed because of their comment. I now know that I must avoid Proton.
More informed by that comment, really? Did you read this[0]? As someone disinterested in the topic, the controversy seems very overblown and a knee jerk response. His position seems to have been pretty consistent over time.
[0]: https://medium.com/@ovenplayer/does-proton-really-support-tr...
I don't know what Proton did regarding Trump, but if you follow this principle to the end you might as well ditch technology and live in the forest. I'm not being hyperbole, everyone does business with or endorses someone on either side who does stupid shit.
Based on the response it seems like a fair number of people found it interesting, but essentially nobody found your emotionally fragile whinging interesting.
[flagged]
> The only whinging I see is people using terms like Nazi for everyone they disagree with
what an oddly specific example