Once again - Proton is legally obligated to comply with the laws of the country in which they are based. This isn't specific to Proton, and they are not going behind your back to do this. In case it's not clear, this data is directly from Proton.
this post was submitted on 22 Dec 2025
298 points (92.6% liked)
Privacy
3464 readers
229 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 2 years ago
MODERATORS
Yeah, this is not really an own against Proton... There's other actual issues with the services and leadership that are more serious
The one comment by one person on the 5-person board who was supportive of one singular person that Trump had picked? That one?
I'm not a fanboy here. I just hate misinformation.
And thanked Trump for their effort against BigTech.
You hate misinformation but you sure know how to cherry pick.
If this government deregulated big tech any harder we'd be living in Cyberpunk
load more comments
(5 replies)
It contradicts all of Proton's advertising... They continue to convey a different impression; even though they provide such data, they still advertise with certainty, etc...
Edit: I almost forgot... Back when this kind of thing was leaked (yes, leaked, not shared by them), I exchanged a few words with them (I am a customer, after all), and they denied everything and demanded proof... Nevertheless, I'm still with them because they're still among the least bad.
I just want a low cost VPN to get around in-state censorship and the occasional bit of piracy. I'm not running a Wikileaks fork or trying to do OpSec for The Revolution.
If you're spinning up your own version of Silk Road, maybe consider a home lab instead of relying on untrusted third parties.
Mullvad
No it doesn't contradict their advertising. They've been completely open about this the entire time.
And they're not providing anything other than account details per the infographic. Account data remains encrypted
It's on you if you thought a business would break the law for you.
load more comments
(3 replies)
load more comments
(4 replies)
Imagine the Orange government demanding some delicate data for some political or p~~r~~etty reason - should provider still comply? What if Chinese government does the same? Also I might be mistaken, but doesn't US force providers not to disclose the request to affected party, at least they can?
Imagine the Orange government demanding some delicate data for some political or pretty reason - should provider still comply?
Believe it or not - when legally obligated, even providers like Google and Apple can and do comply.
What if Chinese government does the same?
See above. If a company is operating in China, that company (or branch) has to comply with the local laws. There are no ifs, ands, or buts about it.
Also I might be mistaken, but doesn’t US force providers not to disclose the request to affected party, at least they can?
I wouldn't be surprised in the slightest if that was the case.
Proton is only required to provide the data if Swiss authorities request it.
load more comments
(4 replies)
I don’t think that’s bad on Proton’s part. They are obeying the law they are obliged to obey.
Yeah, more important is what data was it
Most data is encrypted, so the government wouldn't be able to use it anyway.
There is some metadata though. I believe in the past they used Proton to be able to link a criminal to a back-up e-mail address he entered.
Privacy is not anonymity. In this case they were required to supply IP addresses of users logging into a certain account in an active investigation.
As usual, the devil is in the details—ProtonMail’s original policy simply said that the service does not keep IP logs “by default.” However, as a Swiss company itself, ProtonMail was obliged to comply with a Swiss court’s injunction demanding that it begin logging IP address and browser fingerprint information for a particular ProtonMail account.
load more comments
(1 replies)
Well I'm certainly not a fan.
load more comments
(3 replies)
"From time to time, Proton may be legally compelled to disclose certain user information to Swiss authorities, as detailed in our Privacy Policy. This can happen if Swiss law is broken. As stated in our Privacy Policy, all emails, files and invites are encrypted and we have no means to decrypt them. "
Before 2021, it was claimed that there were no logs, no IP addresses, etc. So can you trust them they not able decrypt your mails..? Use pgp..
load more comments
(2 replies)
load more comments
(14 replies)
Proton threads are where the leftists equivalents to sovereign citizens pop up. Learn the technology a bit and about legal systems. That's what you have to operate within. If you want to feel more in control, encrypt everything yourself and only communicate/share in encrypted channels. At least then the primary sources of leaks is you and the receiver. If not, you're whining about streamlined performant services that will never be perfect enough for your standards because they operate legally rather than the user unfriendly solutions that you aren't willing to operate yourself for your life (maybe to be passed on) and/or won't run/can't afford to operate the illegal operation
load more comments
(1 replies)
I using proton more as a middle finger to google than anything else and at that it works fine.
load more comments
(13 replies)
Um...obviously, yeah? The alternative to complying with the authorities is to challenge it in court, which is extremely expensive. The important question is not how much information they do hand over, but how much information they have themselves. For example, if your keys are private, proton has nothing useful to share. This is why end-to-end encryption matters, the only avenue to real privacy is to make sure Proton has nothing useful to share. They're not going to host their servers on international waters.
Granted, it’s been awhile since I read this, but don’t their subpoenas driven info essentially say yes, this is so and so’s email account with no discourse content due to encryption?
If you want encrypted mail, go the GnuPG route, everything else is only cosplaying security.
This holds true for any kind of secure communication you want to do.
Manually handling keys and encryption with GPG is the core of good opsec, and also a reason why 99% of "crime prevention" backdoors are probably not going to do much. But people are lazy, been a while since I saw a drug dealer hand out public GPG keys, ever since Telegram and the like got popular.
load more comments
(1 replies)
Yeah this isn't good at all especially when they market themselves as secure but just have full access to all the data.
There's gotta be something out there better than these crappy systems ready to throw you under a bus under barely any pressure.
load more comments
(11 replies)
view more: next ›