That’s a misleading way to frame it. Proton doesn’t “unmask customers for the FBI.” They respond to legal requests through Swiss authorities, like any company operating under a jurisdiction.
And in the reported cases what was provided was account or payment metadata, not decrypted email content. If someone ties their real identity to an account through payments, no provider can magically make that anonymous.
A good comparison is Mullvad VPN. When Swedish police searched their offices in 2023, they left empty-handed because Mullvad doesn’t keep user identities and accounts aren’t tied to emails. If a user registers without identifiable payment, there simply isn’t much data to hand over.
The real issue isn’t “betrayal,” it’s what data exists in the first place.
No, lol. That would have to go through a Swiss court first. Also, the only info the FBI is going to get is “Yes, this person is a ProtonVPN customer.” Your data is end-to-end encrypted, so Proton cannot decrypt it.
Check the news. Proton literally unmasked the identity of a paying customer to the FBI. Delivering someone’s identity is as bad if not worse than delivering messages: at that point it matters not if your data is encrypted because now the FBI can target you for $5-wrench torture.
The reporting doesn’t say Proton “literally unmasked a user to the FBI.” What happened is that Proton was legally compelled by Swiss authorities to provide payment data they already had, and those authorities later shared it with the FBI through a legal assistance treaty.
The email content remained encrypted. What identified the user was the credit-card payment tied to the account, which is inherently traceable.
The uncomfortable reality is that people often deanonymize themselves: they create accounts without Tor, pay with identifiable cards, and link real-world data to the account. At that point the provider doesn’t need to “break” anything — the identifying information already exists.
Slice it how you dice it, Proton aided in the process, and they gave out information that the FBI would have reasonably not have had at that point, or else they’d have acted upon it. Slice it how you dice it, Proton unmasked a customer to the FBI.
You can repeat that framing, but it’s still inaccurate. Proton didn’t “unmask a user for the FBI.” They complied with a legal order from Swiss authorities for data they already had, and that information was later shared through legal channels.
What identified the user was their own payment data tied to the account. If you pay with a credit card and create the account without anonymity tools, your identity is already linked — no provider has to “break” anything.
That’s the uncomfortable reality: people often de-anonymize themselves by using identifiable payments and normal connections instead of Tor and anonymous methods when creating the account.
This post is about VPN. And Proton VPN is still safe.
Your info/news is on Proton Mail. In this case Proton was legally obliged (Swiss law) to give out identifying data for the owner of a known email address.
The owner used a credit card and they had to give up the credit card info.
The content and communications inside their email account is still private and was not given out.
If they had used cash or crypto for paying, proton might have had no information to give out to the authorities.
And again, they were obliged by law.
If the only defense a company has for giving away information about (paying!) customers to an agency of a fascist country known for disappearing people is “I was just obeying orders!”, may I remind you of the Nuremberg Trials. But, well, I guess there’s nothing better to expect from Proton on that end. The Swiss were, after all, well-known for taking all that Nazi gold without any complaints.
why, what should have they done? close shop and go to jail for not complying?
you have unrealistic expectations. if you are high risk, you should only access their services over their onion site and only pay in crypto or gift cards. they give all the tools one needs to stay truly anonymous.
In the least, fight it more in court. Isn’t that the entire point of the thing, to keep things looping around via lawyers? Maybe notify the user beforehand, as well.
In the most, not have hosted that data in the first place. No need to keep subscription data if you implement one-time lifetime plans, for example.
Proton is known to unmask paying customers to agencies like the FBI, just so you know.
That’s a misleading way to frame it. Proton doesn’t “unmask customers for the FBI.” They respond to legal requests through Swiss authorities, like any company operating under a jurisdiction.
And in the reported cases what was provided was account or payment metadata, not decrypted email content. If someone ties their real identity to an account through payments, no provider can magically make that anonymous.
A good comparison is Mullvad VPN. When Swedish police searched their offices in 2023, they left empty-handed because Mullvad doesn’t keep user identities and accounts aren’t tied to emails. If a user registers without identifiable payment, there simply isn’t much data to hand over.
The real issue isn’t “betrayal,” it’s what data exists in the first place.
No, lol. That would have to go through a Swiss court first. Also, the only info the FBI is going to get is “Yes, this person is a ProtonVPN customer.” Your data is end-to-end encrypted, so Proton cannot decrypt it.
Check the news. Proton literally unmasked the identity of a paying customer to the FBI. Delivering someone’s identity is as bad if not worse than delivering messages: at that point it matters not if your data is encrypted because now the FBI can target you for $5-wrench torture.
The reporting doesn’t say Proton “literally unmasked a user to the FBI.” What happened is that Proton was legally compelled by Swiss authorities to provide payment data they already had, and those authorities later shared it with the FBI through a legal assistance treaty.
The email content remained encrypted. What identified the user was the credit-card payment tied to the account, which is inherently traceable.
The uncomfortable reality is that people often deanonymize themselves: they create accounts without Tor, pay with identifiable cards, and link real-world data to the account. At that point the provider doesn’t need to “break” anything — the identifying information already exists.
Slice it how you dice it, Proton aided in the process, and they gave out information that the FBI would have reasonably not have had at that point, or else they’d have acted upon it. Slice it how you dice it, Proton unmasked a customer to the FBI.
You can repeat that framing, but it’s still inaccurate. Proton didn’t “unmask a user for the FBI.” They complied with a legal order from Swiss authorities for data they already had, and that information was later shared through legal channels.
What identified the user was their own payment data tied to the account. If you pay with a credit card and create the account without anonymity tools, your identity is already linked — no provider has to “break” anything.
That’s the uncomfortable reality: people often de-anonymize themselves by using identifiable payments and normal connections instead of Tor and anonymous methods when creating the account.
Half true.
This post is about VPN. And Proton VPN is still safe.
Your info/news is on Proton Mail. In this case Proton was legally obliged (Swiss law) to give out identifying data for the owner of a known email address. The owner used a credit card and they had to give up the credit card info. The content and communications inside their email account is still private and was not given out. If they had used cash or crypto for paying, proton might have had no information to give out to the authorities. And again, they were obliged by law.
If the only defense a company has for giving away information about (paying!) customers to an agency of a fascist country known for disappearing people is “I was just obeying orders!”, may I remind you of the Nuremberg Trials. But, well, I guess there’s nothing better to expect from Proton on that end. The Swiss were, after all, well-known for taking all that Nazi gold without any complaints.
Just follow orders, like a good soldier.
why, what should have they done? close shop and go to jail for not complying?
you have unrealistic expectations. if you are high risk, you should only access their services over their onion site and only pay in crypto or gift cards. they give all the tools one needs to stay truly anonymous.
In the least, fight it more in court. Isn’t that the entire point of the thing, to keep things looping around via lawyers? Maybe notify the user beforehand, as well.
In the most, not have hosted that data in the first place. No need to keep subscription data if you implement one-time lifetime plans, for example.
that can be done in questionable cases, but not all is like that. often the law is very clear about what do they need to comply with, isn’t it?
I am not a lawyer but I doubt they are allowed to do that
as I said in my previous comment, they accept payments in crypto. but I think they also accept payments in cash over mail
Are you OK? You didn’t hurt yourself with that ridiculous stretch, did you?