"Thank you for reaching out and sharing your concern. We understand why this story is alarming, and we want to give you a clear picture of what actually happened.

First, Proton did not provide any information to the FBI. The data was obtained by the Swiss Federal Department of Justice through a Mutual Legal Assistance Treaty (MLAT) process. Proton operates exclusively under Swiss law and only responds to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is clearly stated in our TOS and Privacy Policy.

In this specific case, Swiss authorities determined that the legal bar was met because a law enforcement officer had been shot, and explosive devices were involved during an incident in 2024. Switzerland has one of the strictest privacy frameworks in the world, and legal assistance is only granted in cases involving serious criminal matters.

Importantly, the only information that could be disclosed was a payment identifier because the user chose to pay by credit card although Proton accepts gift cards, cryptocurrency and cash. No emails, no message content, and no communications metadata were handed over. This actually demonstrates how little data Proton holds by design, our end-to-end encryption means we cannot access email content even if ordered to.

We hope this provides some reassurance. Please don't hesitate to reach out if you have any further questions.

Best Regards, The Proton Mail Team"

The Proton user had bad opsec by using a credit card to pay for the account.

Had Proton just turned data over to an out of jurisdiction LEA, then it's more of a complaint. But they followed their policy and law here.

Proton offers a Tor address for accounts requiring anonymity rather than just privacy. The crux of this is on the account user

Didn't Proton already say that they were physically relocating their servers outside of Switzerland because the Swiss government couldn't be trusted?

Although I guess the server location didn't matter in this case since all they wanted was the billing information and the credit card info to identify the person.

You want to be anonymous? Don't use your credit card! Don't connect from your home internet connection. (I don't know whether this person did because I can't read the story due to login-requirement). Either way, total non-story. Anyone whose potential adversary is a powerful government should already know this stuff.

Either way, Proton didn't help the FBI. The article title is deceptive and implies a degree of insidiousness or dishonesty that has not been demonstrated by Proton in this case.

Whether they store such info for cryptocurrency payments as well (no chargeback risk) would be telling.

If you don't want to receive the punishment for thought crimes, which is being threatened outright more loudly every day, it's increasingly difficult to actually have a dissenting voice online. Don't believe me? Set up a linux VM, Mullvad VPN with a killswitch, then run Tor browser. You MAY be able to get a TutaMail account, which requires a backup e-mail that disappears after a short period of time (allegedly), and then a Proton account with the TutaMail account as your required backup there, but all of the privacy-first "anonymous" services require some form of verification. Then, if the social media network isn't blocking you from signing up via a Tor exit nodes outright, you are immediately shadow banned.

I remain very annoyed with the massive number of engineers that are making it possible for people who can't figure out how to check their e-mail to utilize advanced technology to spy on us, steal our tax money, pervert the technologies we build, and indiscriminately murder innocent people.

We are a community of greedy ladder pullers and that's so disappointing.

Proton is one of the few services who accepts anonymous payment, and cannot themselves provide encrypted content in cleartext. They cannot save you from yourself, though.

What is horrifying are big corporations giving access to all user data without recourse. That my data in Europe is send to the USA and accessed without limits by their goverment is a crime and a very dangerous situation.

- Fighting crime in an open criminal case with judge oversight is a very good thing and part of keeping the rule of law.

- Collecting data from all users without probable cause is a crime and will have nefarious consequences for all of us.

Know the difference.

Privacy and anonymity are a gradient. If I needed real opsec from government threats I wouldn't tie a credit card to a service.

Not really, that's a minute procedural distinction without a difference.

> can only happen after all Swiss legal checks are passed.

Oh, don't worry, US also has some "checks", just as useful!

> we understood that a law enforcement officer was shot and explosive devices were involved

And now you're just compounding your fail by siding with the notorious liars against your own customers.

"Authorities were investigating [them] for their connection to arson, vandalism and doxing"

And there it is.

Proton only has access to your IP and device ID, not your data. With IP and device ID, you can easily track an user like finding the ISP, etc.

Do you wanna do naughty things?? Don't use such services do to so.

And ironically,this 404 Media is the only place I found covering this information and they require you to login to read the whole thing.

Hmmmmmmmmmmmmmmmmmmmmm red flag big time!!!!

>Sign up with no phone number: Get a private email account without handing over more personal data than necessary, making it harder for advertisers, data brokers, and other services to track you online.

I guess it doesn't mention law enforcement so ¯\_(ツ)_/¯