They were given a legal court order for the data from the Swiss authorities, where they are based. What else would they do? It suck’s that this is the world we live in but if this person wanted to...
Exemplary
They were given a legal court order for the data from the Swiss authorities, where they are based. What else would they do?
It suck’s that this is the world we live in but if this person wanted to remain truly anonymous, they should have paid with cash (which Proton accepts).
Yup, protons response on reddit outlines it fairly well in my opinion. Of course, this coming from Proton themselves means you also don't need to take it at face value. But, the reality is that...
Yup, protons response on reddit outlines it fairly well in my opinion.
First, let's correct the headline: Proton did not provide information to the FBI. What happened is that the FBI submitted a Mutual Legal Assistance Treaty (MLAT) request, which was processed by the Swiss Federal Department of Justice and Police. Proton operates exclusively under Swiss law, and we only respond to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is an important distinction.
Second, let's talk about what this case actually involved. This wasn't a routine investigation. Swiss authorities determined that the legal threshold was met because a law enforcement officer was shot, and explosive devices were found during a protest in 2024. Switzerland has one of the strongest legal frameworks for privacy in the world, and its standard for granting international legal assistance is exceptionally high. This case met that standard.
Third, let's talk about what was actually disclosed. No emails were handed over. No message content. No metadata about who the user communicated with. The only information Proton could provide was a payment identifier because the user chose to pay with a credit card. This is information the user themselves provided to us through their choice of payment method. Proton also accepts cryptocurrency and cash payments, which would not have been linkable to an identity.
If anything, this case demonstrates exactly what we've always said: Proton holds very little user data by design. Even under the most serious legal circumstances, the only data that could be produced was a payment record. Our encryption means we simply cannot access email content even if ordered to.
We understand that stories like this can be alarming, and we take our users' trust seriously. We will continue to fight for privacy and challenge any legal order we believe does not meet the strict requirements of Swiss law. But we also want to be transparent: no service can operate outside the law entirely, and Swiss law requires compliance with valid legal orders in serious criminal cases. What we can promise is that the legal bar in Switzerland is among the highest in the world, and our architecture ensures we have as little data as possible to hand over.
For users who want maximum anonymity: use Proton VPN or Tor, pay with cash or cryptocurrency, and don't add a recovery email.
Of course, this coming from Proton themselves means you also don't need to take it at face value. But, the reality is that they are still operating under Swiss law which appears to have been followed.
Unless there's evidence to doubt any elements of their statement or significant omissions, it seems pretty straightforward and forthright enough for the circumstances to be taken at face value to...
Unless there's evidence to doubt any elements of their statement or significant omissions, it seems pretty straightforward and forthright enough for the circumstances to be taken at face value to me. I think it's significant they mentioned not to use a recovery email. Presumably it's just good general advice because covering the myriad of issues in having a recovery email would extend the statement and that level of technical detail isn't pertinent to the core message. I assume it's meant to cover something like using Gmail as a recovery email at which point Proton has no control over what data that recovery email will contain that leads back to you, but otherwise there would be no risk of using a recovery email if it's sufficiently anonymized to the degree of the primary Proton email itself.
There was a case a couple years ago where they had to hand over a recovery email under similar circumstances. That article also links to an older case I don't recall but seems to involve the IP...
There was a case a couple years ago where they had to hand over a recovery email under similar circumstances. That article also links to an older case I don't recall but seems to involve the IP address the account was created from, which would explain the mention of VPN/Tor.
It is becoming increasingly distressing to me that any time someone encounters well organized, coherently written text, someone will inevitably accuse it of being AI generated. How low has our...
It is becoming increasingly distressing to me that any time someone encounters well organized, coherently written text, someone will inevitably accuse it of being AI generated. How low has our expectation for human writing fallen?
It's an odd reversal of expectations. But we have people in the highest political positions who write like third graders (and think like toddlers, but that's a different story). These people also...
It's an odd reversal of expectations. But we have people in the highest political positions who write like third graders (and think like toddlers, but that's a different story). These people also despise education, science, and all higher forms of learning. To accuse a human's writing as sounding like an AI should not be a terrible thing, since clearly written articles are part of AIs' training.
Agree, it pretty much avoids long complex sentences and is very direct. It could have been hit by grammarly's AI or something but it was curated if so. Now legal, they absolutely reviewed it...
Agree, it pretty much avoids long complex sentences and is very direct. It could have been hit by grammarly's AI or something but it was curated if so. Now legal, they absolutely reviewed it heavily and so did marketing.
I don't get that at all... I wonder how often people are accusing people of being AI? Especially as AI gets better at acting like people, and people start accidentally acting like AI.
I don't get that at all... I wonder how often people are accusing people of being AI? Especially as AI gets better at acting like people, and people start accidentally acting like AI.
The court order was the real baffling issue here. The link of "this email is probably linked to the one protestor who vandalized the training center" is spurious.
The court order was the real baffling issue here. The link of "this email is probably linked to the one protestor who vandalized the training center" is spurious.
Yeah. And mobilizing an international police force because of some graffiti is a crazy overreaction. The police are losing their mind over this Cop City thing.
Yeah. And mobilizing an international police force because of some graffiti is a crazy overreaction. The police are losing their mind over this Cop City thing.
This wasn't a routine investigation. Swiss authorities determined that the legal threshold was met because a law enforcement officer was shot, and explosive devices were found during a protest in 2024.
For me, the issue isn't that Proton had to give up to a subpoena, but that they advertise itself as a privacy alternative for people in danger situations. It's misleading, to say the least, and...
For me, the issue isn't that Proton had to give up to a subpoena, but that they advertise itself as a privacy alternative for people in danger situations. It's misleading, to say the least, and extremely dangerous to people already in risk situations.
Thing is, no service in existence will be able to account for any and all user error. It's common sense, that if you pay someone with a credit card, this entity will have access to some pseudonym...
Thing is, no service in existence will be able to account for any and all user error. It's common sense, that if you pay someone with a credit card, this entity will have access to some pseudonym uniquely identifying the credit card due to the way credit cards work, and they will be legally required to keep this identifier for payment processing reasons. And due to banking laws there will always be a tracable link between a credit card and the legal entity owning it. So no matter how good your service is, if you choose to pay there via credit card it's just common sense that it is possible to identify you via this link.
Privacy is still maintained with regards to the actual usage of the service. Proton would not have been able to tell anyone what the mail address was used for, butin this case that is information that was already available from a different source.
If you are afraid of being linked to something, either use the basic free account for which no payment is required, or pay with a payment option that's not linked to your identity. It's not like these options weren't both available to the user. So the way I see it it's completely fair to advertise their service the way they do. It holds what it promises if you use it correctly.
Also not offering credit cards as a payment option would be stupid as well. Everyone has a personal e-mail adress that's publicly linked to their identity since they advertise it as 'their adress' to other people. So for this rather common usecase I might not particularly care that the adress is in some way linked to my real identity in a tracable manner, but I will still care wether the content of my communication can be read by or provided to others. There are absolutely valid usecases where you may need to protect your identity (i.e. as a whistleblower), but in these cases you can still chose to use the service in a way so that your legal identity is never provided to them in the first place. You just need to put some thought into how you use the service.
Wether swiss officials should have approved the US court order in the first place is a different topic, but Proton's not to blame for that either way.
I understand all of this. My issue with Proton isn't about what their practices, but their message. Don't advertise yourself as “encrypted super privacy email service” if you can't live up to this...
I understand all of this. My issue with Proton isn't about what their practices, but their message. Don't advertise yourself as “encrypted super privacy email service” if you can't live up to this to anyone but the savviest users.
As a counterexample, Signal can get away with subpoenas because its services is built-in with privacy as the main driver. When they can't resist the law, they're the first to publicize the situation. The same with Mullvad.
You are confusing privacy with anonymity. Privacy means nobody knows what's in your mailbox. Anonymity means nobody knows whose inbox that is. Proton advertises privacy, which they do well. You...
You are confusing privacy with anonymity.
Privacy means nobody knows what's in your mailbox. Anonymity means nobody knows whose inbox that is. Proton advertises privacy, which they do well. You are complaining that they are not absolutely anonymous without taking specific precautions, something that they do not claim to be.
Ok, maybe, but I still think Proton uses a slightly misleading promo of its email product. By advertising it as an “encrypted email”, some people may believe, incorrectly, that when they send a...
Privacy means nobody knows what's in your mailbox.
Ok, maybe, but I still think Proton uses a slightly misleading promo of its email product. By advertising it as an “encrypted email”, some people may believe, incorrectly, that when they send a message to someone using Gmail or Hotmail, their conversation is e2ee. Which it isn't on the other end (Gmail/Hotmail).
I agree that their messaging could be better, as emails outside of Proton-Proton or a recipient using PGP aren't e2ee, but that ends up cluttering marketing with details that will deter casual...
I agree that their messaging could be better, as emails outside of Proton-Proton or a recipient using PGP aren't e2ee, but that ends up cluttering marketing with details that will deter casual users. Maybe they should remove e2ee from the marketing and just mention "encryption at rest", then bring up e2ee in the details later on.
Regardless, that's a whole other topic, and bringing it up (especially 10 days later) feels like a nitpick that's just trying to find a point to score against Proton.
The Mullvad situation is no different though. If you pay Mullvad via Credit Card, the same link to your identity will exist as in Proton's case. You need to put exactly as much thought into using...
The same with Mullvad.
The Mullvad situation is no different though. If you pay Mullvad via Credit Card, the same link to your identity will exist as in Proton's case. You need to put exactly as much thought into using Mullvad anonymously as you have to if you want to do so with Proton.
Both Proton and Mullvad are transparent about what data they have to keep and you can draw your conclusions from that. Feel free to correct me, but I have yet to see a case where an explicit privacy guarantee Proton has promised to uphold is broken.
Payments are kind of the weak link in any privacy-focused operation I've seen. Like whatever precautions you take; no logging, E2EE, etc your users will eventually need to pay money, and that will...
Payments are kind of the weak link in any privacy-focused operation I've seen. Like whatever precautions you take; no logging, E2EE, etc your users will eventually need to pay money, and that will typically be done through the most auditable system in existence.
Wouldn't a government authority still be able to at least track the actual bill back to your general area through their serial numbers? It obviously doesn't go straight back to you but it's something
Wouldn't a government authority still be able to at least track the actual bill back to your general area through their serial numbers? It obviously doesn't go straight back to you but it's something
I worked at the branch level at a bank a while back and the bill serials were basically folly unless somebody's spending them all at one time or in nearby one another. Maybe things have changed,...
I worked at the branch level at a bank a while back and the bill serials were basically folly unless somebody's spending them all at one time or in nearby one another. Maybe things have changed, but the rate at which bills are scanned for their serials is likely too low to make tracing effective.
At the bank, it was those exploding dye packs that really nailed the perps ;).
I have no clue how much they track about where each batch of bills go, but bills can travel all over the country thanks to people taking them on trips. If they get cash via cashback at stores, it...
I have no clue how much they track about where each batch of bills go, but bills can travel all over the country thanks to people taking them on trips. If they get cash via cashback at stores, it could originate from quite literally anywhere. And extra paranoid people can always make a point to only pick up cash from ATMs far away from their home. I mainly hear about serial numbers being useful in identifying bills from bank heists or other high-stakes crimes like the D.B. Cooper plane hijacking, since they'd KNOW the most recent step of the bill's history was the theft.
I was thinking this too, but apparently Signal has a way to handle this: So, if I'm interpreting this correctly, Signal and your payment processor know that you paid money to Signal, but that...
Is my payment information linked to my Signal account?
No. Your payment information is not associated with your Signal account. Using the anonymous credential scheme that we introduced for Signal private groups, clients make payments and then associate a badge to their profile such that the server can authenticate the client is in the set of people who made a payment, but doesn’t know specifically which payment it corresponds to.
So, if I'm interpreting this correctly, Signal and your payment processor know that you paid money to Signal, but that payment (and thus any identifying information associated with it) is not linked to your Signal account in any way. It does make me wonder why Proton hasn't implemented something similar.
To my knowledge, most post carriers don't take cash. Both for anti-money laundering purposes, and because of the envelopes mysteriously going missing on the way.
To my knowledge, most post carriers don't take cash. Both for anti-money laundering purposes, and because of the envelopes mysteriously going missing on the way.
I've received and sent birthday cards with cash. I think the only thing is you can't make a claim if it is lost. Maybe large amounts of cash are different, but a Proton subscription is around...
I've received and sent birthday cards with cash. I think the only thing is you can't make a claim if it is lost. Maybe large amounts of cash are different, but a Proton subscription is around 50-100 usd, so not a fat envelope of cash.
And it's definitely a crime of opportunity; a situation where the cash can be seen or guessed at from the outside makes it easy for someone to pocket it. In a stiffer envelope that doesn't give...
And it's definitely a crime of opportunity; a situation where the cash can be seen or guessed at from the outside makes it easy for someone to pocket it. In a stiffer envelope that doesn't give away its contents? No one would think twice.
I think mail carriers will generally take any envelopes in a mailbox without closely checking it. I once mailed $40 cash to a hobbyist doll maker who didn't have digital payment options. Just put...
I think mail carriers will generally take any envelopes in a mailbox without closely checking it. I once mailed $40 cash to a hobbyist doll maker who didn't have digital payment options. Just put it in an envelope with their address in our mailbox. We may have used a stiff envelope or had a letter wrapped around it so it wasn't obviously just cash (this was ten years ago, so can't remember if we did anything special), but in any event, there were no problems.
They were given a legal court order for the data from the Swiss authorities, where they are based. What else would they do?
It suck’s that this is the world we live in but if this person wanted to remain truly anonymous, they should have paid with cash (which Proton accepts).
Yup, protons response on reddit outlines it fairly well in my opinion.
Of course, this coming from Proton themselves means you also don't need to take it at face value. But, the reality is that they are still operating under Swiss law which appears to have been followed.
Unless there's evidence to doubt any elements of their statement or significant omissions, it seems pretty straightforward and forthright enough for the circumstances to be taken at face value to me. I think it's significant they mentioned not to use a recovery email. Presumably it's just good general advice because covering the myriad of issues in having a recovery email would extend the statement and that level of technical detail isn't pertinent to the core message. I assume it's meant to cover something like using Gmail as a recovery email at which point Proton has no control over what data that recovery email will contain that leads back to you, but otherwise there would be no risk of using a recovery email if it's sufficiently anonymized to the degree of the primary Proton email itself.
There was a case a couple years ago where they had to hand over a recovery email under similar circumstances. That article also links to an older case I don't recall but seems to involve the IP address the account was created from, which would explain the mention of VPN/Tor.
https://www.techradar.com/computing/cyber-security/proton-mail-hands-data-to-police-again-is-it-still-safe-for-activists
Tangential but the above quoted text reads, to me at least, to have been written by AI.
It is becoming increasingly distressing to me that any time someone encounters well organized, coherently written text, someone will inevitably accuse it of being AI generated. How low has our expectation for human writing fallen?
It's an odd reversal of expectations. But we have people in the highest political positions who write like third graders (and think like toddlers, but that's a different story). These people also despise education, science, and all higher forms of learning. To accuse a human's writing as sounding like an AI should not be a terrible thing, since clearly written articles are part of AIs' training.
I am a vehement AI hater but I don't get that sense from it at all
Agree, it pretty much avoids long complex sentences and is very direct. It could have been hit by grammarly's AI or something but it was curated if so. Now legal, they absolutely reviewed it heavily and so did marketing.
I don't get that at all... I wonder how often people are accusing people of being AI? Especially as AI gets better at acting like people, and people start accidentally acting like AI.
The court order was the real baffling issue here. The link of "this email is probably linked to the one protestor who vandalized the training center" is spurious.
Yeah. And mobilizing an international police force because of some graffiti is a crazy overreaction. The police are losing their mind over this Cop City thing.
According to proton it was a bit more than that.
For me, the issue isn't that Proton had to give up to a subpoena, but that they advertise itself as a privacy alternative for people in danger situations. It's misleading, to say the least, and extremely dangerous to people already in risk situations.
Thing is, no service in existence will be able to account for any and all user error. It's common sense, that if you pay someone with a credit card, this entity will have access to some pseudonym uniquely identifying the credit card due to the way credit cards work, and they will be legally required to keep this identifier for payment processing reasons. And due to banking laws there will always be a tracable link between a credit card and the legal entity owning it. So no matter how good your service is, if you choose to pay there via credit card it's just common sense that it is possible to identify you via this link.
Privacy is still maintained with regards to the actual usage of the service. Proton would not have been able to tell anyone what the mail address was used for, butin this case that is information that was already available from a different source.
If you are afraid of being linked to something, either use the basic free account for which no payment is required, or pay with a payment option that's not linked to your identity. It's not like these options weren't both available to the user. So the way I see it it's completely fair to advertise their service the way they do. It holds what it promises if you use it correctly.
Also not offering credit cards as a payment option would be stupid as well. Everyone has a personal e-mail adress that's publicly linked to their identity since they advertise it as 'their adress' to other people. So for this rather common usecase I might not particularly care that the adress is in some way linked to my real identity in a tracable manner, but I will still care wether the content of my communication can be read by or provided to others. There are absolutely valid usecases where you may need to protect your identity (i.e. as a whistleblower), but in these cases you can still chose to use the service in a way so that your legal identity is never provided to them in the first place. You just need to put some thought into how you use the service.
Wether swiss officials should have approved the US court order in the first place is a different topic, but Proton's not to blame for that either way.
I understand all of this. My issue with Proton isn't about what their practices, but their message. Don't advertise yourself as “encrypted super privacy email service” if you can't live up to this to anyone but the savviest users.
As a counterexample, Signal can get away with subpoenas because its services is built-in with privacy as the main driver. When they can't resist the law, they're the first to publicize the situation. The same with Mullvad.
You are confusing privacy with anonymity.
Privacy means nobody knows what's in your mailbox. Anonymity means nobody knows whose inbox that is. Proton advertises privacy, which they do well. You are complaining that they are not absolutely anonymous without taking specific precautions, something that they do not claim to be.
Ok, maybe, but I still think Proton uses a slightly misleading promo of its email product. By advertising it as an “encrypted email”, some people may believe, incorrectly, that when they send a message to someone using Gmail or Hotmail, their conversation is e2ee. Which it isn't on the other end (Gmail/Hotmail).
I agree that their messaging could be better, as emails outside of Proton-Proton or a recipient using PGP aren't e2ee, but that ends up cluttering marketing with details that will deter casual users. Maybe they should remove e2ee from the marketing and just mention "encryption at rest", then bring up e2ee in the details later on.
Regardless, that's a whole other topic, and bringing it up (especially 10 days later) feels like a nitpick that's just trying to find a point to score against Proton.
The Mullvad situation is no different though. If you pay Mullvad via Credit Card, the same link to your identity will exist as in Proton's case. You need to put exactly as much thought into using Mullvad anonymously as you have to if you want to do so with Proton.
Both Proton and Mullvad are transparent about what data they have to keep and you can draw your conclusions from that. Feel free to correct me, but I have yet to see a case where an explicit privacy guarantee Proton has promised to uphold is broken.
Payments are kind of the weak link in any privacy-focused operation I've seen. Like whatever precautions you take; no logging, E2EE, etc your users will eventually need to pay money, and that will typically be done through the most auditable system in existence.
Mullvad accepts envelopes of cash with just your account number on them.
Protonmail accepts cach too.
Wouldn't a government authority still be able to at least track the actual bill back to your general area through their serial numbers? It obviously doesn't go straight back to you but it's something
You can use bitcoin as well. But I really doubt bill serials would do much.
I worked at the branch level at a bank a while back and the bill serials were basically folly unless somebody's spending them all at one time or in nearby one another. Maybe things have changed, but the rate at which bills are scanned for their serials is likely too low to make tracing effective.
At the bank, it was those exploding dye packs that really nailed the perps ;).
Maybe they should accept Target gift cards as payment.
I have no clue how much they track about where each batch of bills go, but bills can travel all over the country thanks to people taking them on trips. If they get cash via cashback at stores, it could originate from quite literally anywhere. And extra paranoid people can always make a point to only pick up cash from ATMs far away from their home. I mainly hear about serial numbers being useful in identifying bills from bank heists or other high-stakes crimes like the D.B. Cooper plane hijacking, since they'd KNOW the most recent step of the bill's history was the theft.
Posteo created a very privacy-preserving system for this: https://posteo.de/en/site/payment (<- see "The Posteo Code System")
I was thinking this too, but apparently Signal has a way to handle this:
So, if I'm interpreting this correctly, Signal and your payment processor know that you paid money to Signal, but that payment (and thus any identifying information associated with it) is not linked to your Signal account in any way. It does make me wonder why Proton hasn't implemented something similar.
https://archive.is/cGvKG
To my knowledge, most post carriers don't take cash. Both for anti-money laundering purposes, and because of the envelopes mysteriously going missing on the way.
I've received and sent birthday cards with cash. I think the only thing is you can't make a claim if it is lost. Maybe large amounts of cash are different, but a Proton subscription is around 50-100 usd, so not a fat envelope of cash.
And it's definitely a crime of opportunity; a situation where the cash can be seen or guessed at from the outside makes it easy for someone to pocket it. In a stiffer envelope that doesn't give away its contents? No one would think twice.
I think mail carriers will generally take any envelopes in a mailbox without closely checking it. I once mailed $40 cash to a hobbyist doll maker who didn't have digital payment options. Just put it in an envelope with their address in our mailbox. We may have used a stiff envelope or had a letter wrapped around it so it wasn't obviously just cash (this was ten years ago, so can't remember if we did anything special), but in any event, there were no problems.