Blog

Why Proton is an Unethical Company

Marlow

Marlow

8 min read

I. What Is Proton

Proton AG is a Swiss company founded in 2014 by scientists from CERN. As Proton’s official site explains, it was “born in Switzerland in 2014” with the goal of “building a better internet where privacy is the default”. The project launched via a public crowdfunding campaign (over 10,000 people donated ~$500K) in mid-2014. Proton is majority-owned by the non-profit Proton Foundation (based in Geneva) and has no venture capital investors. The company explicitly vows to “put people before profits” – “our first and only obligation is always to the Proton community, not advertisers or other third parties,” and “we do not compromise your trust by selling your data”. Proton’s stated mission is to “protect activists, journalists, and ordinary people from online surveillance”, a legacy reflected in the company’s activism-focused branding and philanthropic donations. Over time Proton has expanded beyond encrypted email to a full suite of “privacy” products: in addition to ProtonMail (secure email), it now offers Proton VPNProton Drive (encrypted cloud storage), Proton CalendarProton Pass (password manager), and more. By 2022 Proton reported tens of millions of signups (70 million users worldwide), embodying its image as a “leading privacy company.”

II. How Proton Sells Trust

Proton tightly weaves privacy into its marketing. Its “DeGoogle your life” campaign and slogan emphasize that “with end-to-end encryption and no ads, your data stays in your hands — not Google’s”. Official messaging repeatedly contrasts Proton with “Big Tech”: for example, a Proton blog post complained that Google’s new “privacy” promises are nothing but a PR “smokescreen” and that Google “has no intention” of abandoning its ad-based data-harvesting model. In branding and ads, Proton often groups itself with other privacy-centric services (DuckDuckGo, Brave, Threema, etc.) and poses privacy as a moral crusade (“Who will save the internet?” ad, as noted by Digiday. The company also touts transparency and open source. It publishes annual transparency reports detailing how many legal requests and user data orders it processes (e.g. 2024: 11,023 orders, 10,368 complied). ProtonVPN’s code was made open-source in 2020, and the company proclaims that its software and protocols can be audited (its website links to GitHub repos and says “Everyone is welcome to inspect our code”. In short, Proton’s branding emphasizes “No Ads, No Trackers, Swiss-made,” with slogans like “privacy by default” and constant comparisons to Google or other data-gulpers. It highlights Swiss jurisdiction, publishes data-request stats, and stresses its non-profit ownership – all to signal trustworthiness and distance itself from companies like Google.

III. Why Proton Isn’t as Private as It Claims

In practice, however, Proton has significant limitations and caveats that users often misunderstand or never hear about. Technically, ProtonMail does encrypt stored emails with zero-access encryption, but standard email architecture leaks metadata. Crucially, subject lines and basic headers are not end-to-end encrypted. As Proton’s own help page admits: “subject lines in Proton Mail are not end-to-end encrypted, which means… we have the ability to turn over the subjects of your messages” under a court order. Likewise, sending an email to a non‑Proton recipient is only protected by TLS (HTTPS) by default, not end-to-end encryption. In Proton’s words: outbound emails to other services are “encrypted with TLS — the same security used by banks — which protects your email in transit, but it is not end-to-end encrypted,” meaning services like Gmail or Yahoo could read those messages and hand them over.

Beyond cryptographic limits, Proton still collects and retains some user data. For instance, it logs IP addresses and recovery emails when compelled by law. In fact, Proton has acknowledged that its earlier statement “we do not log IP addresses by default” was  “incomplete and unintentionally confusing”. The company clarifies that while Proton VPN truly keeps no logs, ProtonMail must still “prevent spam and block attacks,” so it does hold some temporary security logs and the IP used to create an account. Under Swiss law, Proton can be forced to record a user’s IP or other metadata if a court orders it in a criminal case. Its own transparency data bear this out: hundreds or thousands of user-specific requests are complied with each year (10,368 in 2024 alone).

The upshot is that only the content of messages and attachments remain safe from Proton itself or Swiss police. Other information – your account login IPs, the addresses of who you email, your subject lines, or any recovery email linked to your account – is visible and can be handed over under legal order. For example, in cases of arrested users, investigators did not need email contents to identify them: Proton confessed that “the data that exposed the users was the user’s IP address” and (in a U.S. case) “the recovery and associated email addresses”. In short, Proton’s marketing (“zero-access encryption,” “Switzerland-safe,” “no logs”) oversells how anonymous you are. Incomplete disclosures and misunderstood messages abound – even Proton admits it needs to clarify this. (As the company later pledged, it will update its site and policy to make clear that Swiss law can force it to log specific accounts.)

IV. Switzerland Isn't Magical for Privacy

Proton heavily markets its Swiss base as a unique privacy sanctuary. It notes that Swiss law forbids bulk surveillance and is not part of mass-spying alliances. Indeed, Switzerland is not in the Five Eyes/Nine Eyes intelligence pacts, and a Swiss court ruled that email services like ProtonMail are not telecommunications providers, exempting them from ordinary data-retention rules. Proton also points out that Swiss privacy laws explicitly protect end-to-end encryption and generally demand that any foreign legal demands meet Switzerland’s strict standards.

Nonetheless, “Switzerland is far better than most countries, no legal system is perfect,” as Proton itself concedes. Swiss law does allow targeted surveillance: under the 2017 Intelligence Service Act, Swiss agencies can monitor emails and other communications without a typical court warrant if national-security laws are invoked. Switzerland also participates in mutual legal assistance: foreign police can apply through Swiss courts. The net result is that Proton cannot legally refuse a Swiss court order – even if it originates abroad, it must satisfy Swiss legal standards first. In practice, this means a French or U.S. request must be vetted by Swiss authorities before Proton can comply. In short, storing data in Switzerland gives more privacy protection than, say, the U.S. or EU, but it is not absolute. Proton itself notes that Switzerland’s privacy framework, though strong, still requires compliance when “Swiss law is broken,” and it must hand data to Swiss courts as directed.

V. They Do Work with Law Enforcement

Contrary to some expectations, Proton has complied with several high-profile law-enforcement requests – always via Swiss legal channels. Notable cases include:

  • French climate activist (2021) – As reported by TechRadar, Proton “provided law enforcement with the IP address of the individual” after a Swiss court order. Proton later stated it had no choice under Swiss law (“no possibility to appeal this request”)).
  • U.S. harassment suspect (2023) – U.S. authorities obtained Proton data by submitting an international legal request. Cybersecurity blogs explain that Proton “provided the FBI with the ‘recovery and associated email addresses’” of a suspect, which helped the FBI identify the user.
  • Catalan protester (2024) – Spanish police investigating Catalan independence activists went to Proton via Swiss prosecutors. According to court documents, Proton “responded providing the recovery email for that ProtonMail account, which was an iCloud email address”. Spanish authorities then contacted Apple to get the user’s name and location. (This case was treated under Spanish anti‑terror laws despite involving street protests.)
  • German campaigner (2023) – German police reportedly secured a Swiss letter rogatory to make Proton log a user’s IP (similar to the French case). (This illustrates that Swiss prosecutors do occasionally honor foreign requests.)

By contrast, some privacy-focused email services collect even less user data. For example, Tutanota explicitly says it “does not log IP addresses when you log in or send an email” and strips IP headers from outgoing mail. Thus if asked, Tutanota genuinely has no IP log to hand over. Proton, however, has admitted it can and does log when required. In fact, after these law-enforcement cases came to light, Proton posted a blog apologizing and promising to clarify its legal obligations. This incident triggered community backlash, highlighting that many Proton users had assumed it would never cooperate with police – a misunderstanding proven incorrect.

VI. How They Use “Not Google” to Defend Themselves

When confronted with criticism, Proton’s rhetoric often circles back to comparing itself to bigger actors. Its PR and support forums frequently point out that “Google is worse.” For example, Proton’s own blog accuses Google of running a “fake privacy” campaign to distract regulators while secretly mining user data. In the context of any privacy lapse, Proton representatives will remind critics that any service (including free ones) must comply with law. In the French activist case, CEO Andy Yen emphasized that “no matter what service you use… the company will have to comply with the law.” Proton then noted (and celebrated) that at least its encryption remained intact, implying that other providers would have given up more. Indeed, Proton stated that because it could not hand over message contents even under order, “if they had been using any other email provider, the outcome would have been very different”. In other words, Proton deflects by saying “See? We’re not Google/Yahoo; others are far worse.”

This defensive posture sometimes leads to awkward reversals. After the Catalan case, Proton’s blog initially echoed Spanish authorities’ language about terrorism, but when critics complained, the messaging was quietly softened. And under user pressure, Proton explicitly changed some of its own public statements: e.g. it has promised to amend its website to “better clarify obligations". In sum, Proton often leans on an appeal to lesser-evil: it will acknowledge mistakes or clarifications only belatedly, and always underscores that big tech is far less privacy-respecting. Users who point out contradictions sometimes find Proton responding with a shrug (“we’re Swiss and legal orders are how it works”) rather than transparent fixes.

VII. Why It Even Matters

The stakes behind these claims are very high. Proton positions itself as a safe haven for activists, journalists, and privacy-conscious citizens. Many people (e.g. dissidents, whistleblowers, or victims of stalking) may entrust Proton with their most sensitive data expecting near-absolute protection. But if users misunderstand Proton’s limits, they could be caught off-guard: an IP address or recovery email can expose their identity, leading to arrests or reprisals. Indeed, in the cited cases above, it wasn’t encrypted content that revealed the suspects – it was the metadata Proton retained.

For those reasons, accountability and education are crucial. Proton’s own founders recall starting the service to defend “an internet that serves the interests of all people,” especially the vulnerable. Critics argue that Proton must now live up to that ideal by being far more transparent about what data it does log, and by pushing back harder (publicly) when privacy is at risk. Everyday users should also be aware that encrypted email is not a silver bullet: tools like VPNs or Tor may still be needed to hide IPs, and operational security (e.g. using anonymous recoveries) matters.

In the end, activists and journalists who rely on Proton need to know exactly what it can and cannot do. This means demanding more detailed disclosures and better user guidance from Proton (as the company itself has pledged), and not taking marketing slogans at face value. Proton’s mission to protect privacy is laudable, but it can only fulfill it through continued honesty, careful scrutiny, and ongoing education of its user base.

Read more

Mastodon