A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
Proton didn’t “expose” the user by breaking encryption. According to the reporting, the identification came from payment information, which any company legally has to keep and can be compelled to provide under a court order. The email content remained encrypted.
This isn’t unique to Proton — any service operating under a legal jurisdiction is a potential middleman if it stores identifiable data. That’s exactly why anonymity requires Tor, anonymous payments, and strict OPSEC, not just encrypted email.
So the real lesson isn’t that encryption is fake; it’s that privacy tools don’t automatically give anonymity, and many people expect them to.
Proton, if it cared, could have taken any number of steps to mitigate this problem. Like I said, they created a false image of what they provided to the public and have been back peddling ever since. I get it you don’t see it that way and that you don’t view yourself as a shill.
You’re still confusing two completely different things: privacy and anonymity. Encryption protects the content of messages, not every piece of metadata around an account. Proton has always been clear about that.
In the 404 Media case, the identification came from payment information, not from Proton breaking encryption. If someone pays with a credit card, their identity is already tied to the account. That would happen with any provider under legal jurisdiction.
Honestly, the way you’re framing this suggests you don’t really understand how encryption, metadata, and OPSEC work. Encryption ≠ anonymity. Anyone who actually works in security knows that.
I’m not shilling for Proton. I’m pointing out a basic distinction you keep ignoring: encryption protects message content, not identity.
Calling Proton’s encryption a “lie” just shows you’re arguing emotionally rather than technically. Anyone who actually understands the space knows encrypted email was never meant to guarantee anonymity.
I read it just fine. What you’re doing is calling it a “lie” because you expected anonymity from a tool that advertises encrypted email. Those aren’t the same thing.
Anyone who actually understands the basics of privacy tools knows that. Your argument sounds more like frustration than a technical point.
Please, they changed their marketing and had to make several clarifications. They were deceptive to begin with. It was always dumb considering they only ever followed the law. It was never like they went above and beyond.
Hey we are company that follows the law pick us just doesn’t have the vibe that got them their business.
I criticize the company for their practices you are playing shill pretending to “inform” me about technical issues.
I’m not pretending anything. You’re criticizing their marketing, I’m pointing out the technical reality behind the claims. Those are two different discussions.
Proton’s core claim has always been encrypted email content, not immunity from legal orders. No company operating in a country can ignore the law.
If your argument is that their marketing created unrealistic expectations, that’s a fair criticism. But calling it a “lie” and ignoring how the technology actually works doesn’t make the argument stronger.
Proton didn’t “expose” the user by breaking encryption. According to the reporting, the identification came from payment information, which any company legally has to keep and can be compelled to provide under a court order. The email content remained encrypted.
This isn’t unique to Proton — any service operating under a legal jurisdiction is a potential middleman if it stores identifiable data. That’s exactly why anonymity requires Tor, anonymous payments, and strict OPSEC, not just encrypted email.
So the real lesson isn’t that encryption is fake; it’s that privacy tools don’t automatically give anonymity, and many people expect them to.
Proton, if it cared, could have taken any number of steps to mitigate this problem. Like I said, they created a false image of what they provided to the public and have been back peddling ever since. I get it you don’t see it that way and that you don’t view yourself as a shill.
You’re still confusing two completely different things: privacy and anonymity. Encryption protects the content of messages, not every piece of metadata around an account. Proton has always been clear about that.
In the 404 Media case, the identification came from payment information, not from Proton breaking encryption. If someone pays with a credit card, their identity is already tied to the account. That would happen with any provider under legal jurisdiction.
Honestly, the way you’re framing this suggests you don’t really understand how encryption, metadata, and OPSEC work. Encryption ≠ anonymity. Anyone who actually works in security knows that.
I was never confused about the issue. Honestly you are just shilling for Proton.
I’m not shilling for Proton. I’m pointing out a basic distinction you keep ignoring: encryption protects message content, not identity.
Calling Proton’s encryption a “lie” just shows you’re arguing emotionally rather than technically. Anyone who actually understands the space knows encrypted email was never meant to guarantee anonymity.
I said their marketing was a lie. Hey I get it, reading is hard.
I read it just fine. What you’re doing is calling it a “lie” because you expected anonymity from a tool that advertises encrypted email. Those aren’t the same thing.
Anyone who actually understands the basics of privacy tools knows that. Your argument sounds more like frustration than a technical point.
Please, they changed their marketing and had to make several clarifications. They were deceptive to begin with. It was always dumb considering they only ever followed the law. It was never like they went above and beyond.
Hey we are company that follows the law pick us just doesn’t have the vibe that got them their business.
I criticize the company for their practices you are playing shill pretending to “inform” me about technical issues.
I’m not pretending anything. You’re criticizing their marketing, I’m pointing out the technical reality behind the claims. Those are two different discussions.
Proton’s core claim has always been encrypted email content, not immunity from legal orders. No company operating in a country can ignore the law.
If your argument is that their marketing created unrealistic expectations, that’s a fair criticism. But calling it a “lie” and ignoring how the technology actually works doesn’t make the argument stronger.