In 2026, it is difficult to maintain privacy. Running privacy services within the EU, UK, Switzerland or other countries isn’t what it used to be (in past). There is a reason why the Gnoppix Project moved from EU/Germany once one of the “good” countries to Japan. I must admit, I am a bit jealous of the Japanese people. They have excellent laws regarding user privacy probably some of the best in the world for protecting their own citizens.
The Proton case is a good lesson; we must learn from the mistakes others have made. Our mission is education, transparency and documentation. No known email service in the world is 100% secure based on average technology alone. But what is 100% secure, privacy isn’t anonymity. What you need is not only the knowledge to build software, but you must also be a specialist in current global laws. You must be an excellent thinker. You have to keep this knowledge updated and you need a lot of helpful friends.
And just when you think you’re done, you need to train users. If a company tells you their email is secure, it doesn’t necessarily mean it is. Don’t misunderstand me, I love Proton, Tuta and all other. But isn’t it strange that on one hand, the German government supports them, while on the other, they want to establish so-called “Chat Control”? If you have worked for the government, it becomes much clearer what is going on 
Last but not least, if the government supports them, where is the full source code? How can I perform a Proof of Concept (PoC) on this? The weak points here are: where are the users’ encryption keys stored? And why not enforce users to generate their own keys with passwords better than “12345678”? Such stories help us, to optimizes our Gnoppix Processes and Services.
OVH Canada did well 
Enough from me enjoy the following text from Sam. Feel free to comment or share your own experiences.
Sam Ben - The Proton Problem:
#TOC:
- The Numbers They Published Themselves (40,389 orders and a 6% fight rate)
- “Zero-Access” Means Zero Access to Data at Rest, Not Zero Access to Your Emails (their privacy policy vs their marketing) 3. What Proton Can Actually See (it’s not a short list)|
- The IP Logging They Tried to Hide (Wayback Machine receipts)
- The Phrack Incident: Suspend First, Investigate Never (cluster-banning journalists on a tip)
- Swiss Privacy: The Brand, Not the Shield (six companies across five countries)
- Privacy Company Requires You to De-Anonymize Yourself to Sign Up (try Tor and see what happens)
- Proton Business VPN: The Quiet Admission (the logging infrastructure already exists)
- The Bitcoin Wallet from the Privacy Company That Wouldn’t Accept Monero (they built a wallet for the surveillance coin) 10. $100 Million and a CERN Pedigree (their lobbyist is APCO Worldwide out of DC)|}
- The Political Neutrality Question (the CEO picked a side)
- The Affiliate Machine (100% commission and a dedicated influencer contact)
- HideMyAss: We’ve Seen This Movie Before (same marketing, same ending)
- What Privacy Actually Looks Like (what actually works)
- Sources
- FAQ: The Counterarguments, Addressed (16 arguments, destroyed)
On March 5, 2026,
404 Media published an FBI affidavit
showing that Proton Mail handed over payment data that identified an anonymous Stop Cop City protester in Atlanta. The account, defendtheatlantaforest@protonmail.com, was listed on the Defend the Atlanta Forest Facebook page. The FBI submitted a request through the US-Switzerland Mutual Legal Assistance Treaty. Swiss authorities approved it. Proton provided a credit card payment identifier.
The FBI traced that identifier through the issuing bank to the cardholder. The person was arrested at Atlanta’s airport.
The charge was trespassing. The FBI affidavit was authored by a Domestic Terrorism squad special agent. Not a terrorism charge but rather, a trespassing charge, investigated by the domestic terrorism unit, using an international treaty to unmask someone who paid for encrypted email with a credit card.
What’s the issue in the picture?
https://x.com/ProtonSupport/status/2029863513695412597?s=20
Credit:
Proton’s response on X is already a case study in corporate doublespeak. Paragraph one: “Proton did not provide any information to the FBI.” Paragraph three of the same post: “only payment info was disclosed.”
Edward Shone, Proton’s head of communications, tried the same framing with 404 Media: “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT.” Whether you hand the gun to the guy who pulls the trigger or hand it to a guy who hands it to the guy, the result is the same. The data ended up in the FBI’s hands.
The protester got arrested.
Proton also characterized the case as involving “a police officer was shot, and explosives were found.” The FBI’s own search warrant affidavit doesn’t mention a shooting.
on X called them out: “the cop was shot by another cop. the fbi search warrant did not mention a shooting. explain the discrepancy because this seems to be a determination that you made on your own. and by ‘explosives’ do you mean fireworks?”
https://x.com/PplsCityCouncil/status/2030037623297749042?s=20
Credit:
Proton inflated the severity to justify their compliance. The actual arrest was for trespassing. The person apparently hasn’t been charged since.
And Proton processes payments through
, an American company. Your credit card data for your ‘Swiss privacy email’ goes through a US payment processor.
That’s the payment identifier the FBI traced.
Multiple people in the replies immediately pointed out that if this user had paid with Monero, there would have been no payment identifier to trace. Proton’s response says “for users who want maximum anonymity, we accept cash and crypto.” They accept Bitcoin — the one with a public traceable ledger that Chainalysis and the FBI follow routinely. They didn’t accept Monero at all until September 2025, and even then only through a third-party middleman, not natively.
The ‘privacy company’s’ answer to “you doxed a user through their payment info” is “you should have paid us with a method we barely support.”
This isn’t the first time. In 2021, Proton
logged and handed over the IP address of a French climate activist
to French authorities via Europol. You have to be living under a rock not to heard of that story. In 2024, they
gave Spanish authorities a recovery email address
that led to the identification of a Catalan independence activist. French climate activist. Catalan independence activist. Stop Cop City protester.
Three activists, three countries, three MLAT requests, three times Proton complied and someone got identified. It’s a pattern.
And none of this is ancient history or edge cases. This is the story of a company that has handed over user data in response to over 40,000 government orders since 2017, maintains a 94% compliance rate, markets “not even Proton” can access your data while their own privacy policy says they scan incoming emails before encrypting them, and just got caught helping the FBI identify a protester whose crime was standing on the wrong piece of dirt.
I pay for a Proton account. I’ve spent hours going back and forth with die hard Proton fans and Proton on X, including directly with their CEO. I’ve read every word of their
, their
, their
, their marketing pages, and their data processing agreement. This is NOT a “Proton is worse than Gmail” argument Gmail reads everything you send and sells profiles based on it.
What Proton does is market itself as a mathematical privacy guarantee while operating a compliance machine that rubber-stamps nine out of every ten government data requests it receives. The people using Proton aren’t switching from Outlook for better fonts. They’re switching because they were told their data would be untouchable even if not directly but through there marketing… I’ll explain, but it’s not.
The Numbers They Published Themselves
Proton’s own
, when you put it in a table instead of a press release:
From 2017 to 2025, Proton received 45,667 legal orders for user data. They complied with 40,389 of them. In 2017, they got 26 orders. In 2024, they got 11,023, and they complied with 10,368. That’s a 423x increase in seven years. The contest rate peaked at 21.2% in 2021 when the French activist case put them under public scrutiny, then collapsed to 5.9% by 2024 as order volume nearly doubled.
, a Swiss attorney who tracks Proton’s reports, attributes part of the 2024 spike to Switzerland switching from per-request billing to a flat-rate compensation model for law enforcement data requests at the start of that year. Less friction for cops to file requests means more requests get filed. Proton got bigger, the government made requests cheaper, and the contest rate cratered.
Protons own numbers, these are old it’s over 40,000 now.
A 6% contest rate means they rubber-stamp 94% of requests without a fight. If your lawyer won 6% of your cases you’d fire them. But when Proton does it, it’s “Swiss privacy.”
Legal Orders: Complied vs Contested
Do they fight, or bend over?
And before anyone says “they have to comply, it’s the law,” I need you to understand something. If compliance were mandatory, the rate would be 100%. It’s not. That 6% they do contest proves that fighting is legal, it’s an option, they just rarely use it. OVPN beat a Swedish court order back in 2021. Mullvad got raided by Swedish police who left empty-handed because there was nothing to find. The claim that resistance is impossible is cope for companies that choose cooperation.
Cumulative Users Affected vs Contestation Rate
Now compare that to Proton’s own VPN product, which denied 100% of all orders every single year from 2020 to 2025. Every one. Because Proton VPN actually has no logs to hand over. The architecture makes compliance impossible. Proton Mail’s architecture does not. And that gap between “can’t” and “won’t” is the entire story.
Yearly Data Set
Or compare it to
, operating under German law. Not Switzerland, not some privacy utopia, Germany. Tuta’s transparency report for the second half of 2025 shows they received 220 requests and complied with 58, a rejection rate of about 75%. In the first half of 2025, they received 227 requests and complied with 54. Tuta fights three out of four requests. Proton folds on nineteen out of twenty. And Tuta does it by lodging objections against requests based on the assumption that they’re a telecommunications service, which the Court of Justice of the European Union ruled they’re not. In other words, Tuta found a legal angle and uses it aggressively. Proton apparently hasn’t found one, or hasn’t looked.
I’m no fan of Tuta (series in the works for them)
but the rates for them are night and day.
If size explains the problem, Proton’s business model is self-defeating. They take money to protect users, grow too big to protect them, and the advice becomes “use someone smaller.” Their contest rate dropped from 21% in 2021 to 6% in 2024 while order volume doubled. They got bigger and fought less.
“Zero-Access” Means Zero Access to Data at Rest, Not Zero Access to Your Emails
Proton’s marketing page, word for word: “Proton Mail’s zero-access architecture means we can never access your emails. As a result, we cannot hand your emails over to anyone.”
“Zero-Access”
Their homepage: “Our end-to-end encryption and zero-access encryption mean that no one (not even Proton) has the technical means to access your data without your permission. At Proton, privacy isn’t a promise, it’s mathematically ensured.”
Now their own
, also word for word: “unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses… Such inbound messages are scanned for spam in memory, and then encrypted and written to disk.”
Proton admitting they see email content before encrypting
They scan your incoming emails. In memory. Before encrypting them. Proton’s servers see the plaintext content of every email that comes from a non-Proton sender, which is the vast majority of email traffic, because most people don’t use Proton. When your bank sends you a statement, Proton reads it before they encrypt it. When your lawyer sends you privileged correspondence from their Gmail, Proton’s servers see it in cleartext before it ever touches “zero-access encryption.” When a source sends a journalist a tip, Proton sees it before the journalist does.
Proton themselves admitted this publicly. Their official account on X posted: “we briefly see the contents of the email before immediately and automatically encrypting it without ever being able to access it again.” They called it a “limitation imposed upon us by providers like Gmail who do not use PGP encryption by default.”
That’s a great excuse, except it demolishes your own marketing. You can’t say “not even Proton” can see your data and then admit you see every non-Proton email before encrypting it. Those two things are mutually exclusive.
And the “it’s only in memory” defense doesn’t hold up either. Whether you keep it for a millisecond or a millennium, access is access. Hiding behind “it’s only in memory” is like saying you didn’t rob the bank because you only held the money for a few seconds.
The marketing says “can’t.” The architecture says “can, but briefly.” Those aren’t the same thing.
chompie, the head of IBM X-Force Offensive Research, put it more directly in a tweet that got 1.1 million views: “Not only can Proton Mail read your emails, but they’re subject to the same subpoenas and lawful government requests as Google. Real privacy requires end-to-end encryption, which users have to actively adopt, and most don’t because it’s hard and annoying.”
They read it, they say it.
Credit:
Their spam filtering tells the same story. They claim they “do not possess the technical ability to scan the content of the messages after they have been encrypted.”
That’s true. But they explicitly do scan them before encryption. Proton runs body-level filtering for phishing links and content patterns, which means they’re reading your inbound mail before they encrypt it. Header analysis alone would let most spam through. Their spam filtering system literally requires reading message content to function, which proves they have routine access to user communications. You can’t run a content-level spam filter without reading the content. That’s how email works, moreover it’s how reading works, here read this invisible sentence to prove it:
What Proton Can Actually See
Their
lists everything they have access to, and it’s not short.
Email metadata, always accessible to Proton: 1. sender and recipient email addresses, 2. IP addresses of incoming messages, 3. attachment names, 4. message subjects, 5. message sent and 6. received timestamps, 7. number of messages sent, 8. storage space used, 9. total number of messages, and 10. last login time. Go ask an intelligence analyst if they would rather have that or the content of the message. (They will say the former)
Note that message subjects are not encrypted. Your subject lines, which often contain the most descriptive summary of what an email is about, are visible to Proton at all times. Every email you’ve ever sent or received through Proton, the subject line is accessible. “Re: Meeting with lawyer about divorce.” “Your prescription refill.” “Whistleblower submission.” All visible. All metadata they can hand over.
Account information: any recovery email address or phone number you provided, account creation date, and device identifiers.
Calendar metadata is also not encrypted: 1. event start and 2. end times, 3. time zones, 4. repetition rules, 5. event creation and 6. update times, 7. event status. Your schedule, unencrypted.
Drive metadata too: 1. file and folder creation and 2. modification times, 3. permissions, 4. the username that created or 5. uploaded files, and 6. for shared URLs, 7. the creation time, 8. last access time, 9. number of accesses, and 10. creator.
Sender addresses, recipient addresses, subjects, attachment names, timestamps, IPs of incoming messages, recovery emails, recovery phones, device IDs, login history, storage used, message counts. That’s what Proton “technically has.” That’s what 40,389 orders have requested since 2017. And that’s practically everything except email content, which, as we’ve established, they can access if the sender email isn’t a Proton one.
The IP Logging They Tried to Hide
I have the Wayback Machine for this one (they tried to erase it).
In January 2021, Proton’s homepage stated, and I’m quoting the
: “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”
Proton’s homepage, January 2021 Wayback Machine archive
Then in the summer of 2021, it came out that Proton had logged and handed over the IP address of a French climate activist to French authorities via Europol and Swiss legal assistance channels. The activist was part of Youth for Climate, an environmental group that occupied buildings in the Place Sainte Marthe area of Paris. Swiss authorities received the request, approved it, and Proton was compelled to start logging the IP address of that specific account going forward. That IP, combined with the recovery email Proton also provided, led to an Apple ID, which led to the activist’s identification and arrest.
After this became public in September 2021, Proton quietly scrubbed their website. The “we do not keep any IP logs” language vanished. In its place: “ProtonMail is email that respects privacy and puts people (not advertisers) first. Your data belongs to you, and our encryption ensures that.” No mention of IP logs. No mention of what happened. They just deleted the claim and hoped nobody noticed.
Proton’s homepage, October 2021 Wayback Machine archive
documented this with Wayback Machine comparisons.
, arguably the most respected cryptographer alive, wrote a blog post titled “ProtonMail Now Keeps IP Logs.” Proton’s updated privacy policy now says: “If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation.”
And buried on a
, not the homepage, not the privacy policy summary, not anywhere a normal user would look, Proton admits: email “is generally not no-logs and can require IP disclosure in the event of a Swiss criminal investigation. That’s why if your threat model requires hiding your IP from Swiss authorities when using Proton Mail, we recommend using a VPN or Tor.”
Proton is telling you, on their own website, that Proton Mail doesn’t protect your IP from Swiss authorities. Their solution? Buy their VPN too. The privacy product has a gap, and the fix is another purchase. But won’t your purchase still be recorded? Yes. But don’t worry, here are some buzzwords to make you feel safe: Swiss law, zero knowledge, privacy, transparency, open source, and full disk encryption. See? All better, now hit buy, and heart our stupid 1,000th post about Gmail.
The Phrack Incident: Suspend First, Investigate Never
In September 2025, Phrack Zine, one of the oldest and most respected hacking publications on the internet, had their Proton accounts suspended. Phrack has been publishing since 1985. It predates Google, it predates most of the people working at Proton, and it’s one of the foundational texts of the hacking and security research community. And Proton nuked their accounts because a CERT sent them a tip.
Not a court order or a subpoena, also not some legal order of any kind. A CERT advisory. CERTs are advisory bodies. They issue recommendations. They have ZERO LEGAL enforcement authority.
They are not law enforcement, they are not courts, and their tips carry exactly as much legal weight as a Reddit comment.
The Intercept broke the full story.
Two journalists publishing under the pseudonyms Saber and cyb0rg had their accounts suspended. They were reporting on a sophisticated hacking operation into South Korean government systems, including the Ministry of Foreign Affairs and the military’s Defense Counterintelligence Command, attributed to Kimsucy, a North Korean state-backed hacking group. They were doing responsible disclosure, they had notified KrCERT/CC (South Korea’s CERT), and they were using Proton specifically because they’re journalists working on sensitive national security reporting.
https://x.com/phrack/status/1965771989748220048?s=20
Proton suspended their dedicated disclosure email account. Then, the next day, suspended Saber’s personal Proton account too. On August 22nd, Phrack editors emailed Proton requesting restoration. No response. On September 6th, they sent a follow-up. Still nothing. On September 9th, Phrack went public on X, asking “why Proton was cancelling journalists and ghosting us.” Only then, on September 10th, did Proton respond.
Proton’s response: “We were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.”
https://x.com/ProtonPrivacy/status/1965701997304103394?s=20
A “cluster” of accounts. Proton didn’t verify which accounts were legitimate and which weren’t. They didn’t investigate before acting. They cluster-banned everyone in the vicinity of the CERT tip and called it enforcement. Phrack reported sending eight emails to Proton. Proton claimed they only received two. Appeals were rejected or ignored. Proton’s own appeal process failed, and the accounts were only restored after the story started getting attention on social media.
The Freedom of the Press Foundation’s deputy director stated that “journalists are among the users who need these and similar tools most.” Phrack requested assurance that “Proton does not disable accounts unless Proton has a court order or the crime (or ToS violation) is apparent.” They never got that assurance.
