Infomaniak breaks rank and comes out in support of controversial Swiss encryption law

I just read this bombshell article on Tom’s Guide:

As a French speaker, I went to verify the TV and radio interviews mentioned in Tom’s Guide and it’s truly shocking. Everyone should immediately dump Infomaniak.

Here are some quotes from Infomaniak’s spokesperson, on Swiss national TV and Radio:

“Today’s Internet is not yesterday’s Internet, and we still have companies offering free services that enable people to be completely anonymous, to encrypt their content and to be completely opaque when it comes to the law. This poses a problem, and it’s only right that the Swiss justice department should do its job.”

“Anonymity is a no-no, because if there’s a legal problem, we can’t do the job…. We’re not talking about accessing the contents of emails, but tracking exchanges, just to be able to track people down, …it’s necessary.”

“We speak about metadata, it doesn’t threaten encryption, and what the revision of the law is asking for is simply to make it impossible to create a completely anonymous identity to do unlawful activities that could not be prosecuted. Somehow, in “real life”, we would not accept this: as evidence, when we create a phone number with a SIM card, it is mandatory to provide an ID card and it’s exactly for the same reason.”

Infomaniak, a company that positions itself as “ethical”, and one who built a brand based on user security and privacy, is now publicly supporting the Swiss government’s move to force VPN and email providers to log user data and collect PII. I think the quotes speak for themselves, but TLDR they are explicitly calling for:

• Mandatory metadata retention
• A blanket ban on anonymity online
• Making free & encrypted services subservient to the Swiss justice department

This is completely disqualifying, and it’s important to spread the word, because there are posts where Infomaniak is recommended as a good option for activists and privacy sensitive people.

IMO they should never be recommended because unlike other service providers talked about here (i.e. Proton), they don’t use end-to-end encryption, so they have access to all of your data, and now it seems they are apparently eager to hand it over to the government.

Just to clarify how insane this is, the legal change they want to see in Switzerland would:

• Require MANDATORY retention of all metadata & last connection info.
• Outright ban no-logs VPNs
• Require ID for all cloud services when registering
• Require companies to automatically hand over data to the govt. with no chance to appeal, no court order needed.

You can read more in-depth on this topic itself here (it’s in Swiss German but you can translate): https://www.republik.ch/2025/05/07/die-schweiz-ist-drauf-und-dran-autoritaere-ueberwachungsstaaten-zu-kopieren

Infomaniak is, in effect, calling for a police state and elimination of all personal privacy rights online. Outrageous.

As the TG article suggests, Proton & others are on the right side of this and fighting the proposal Infomaniak supports.

They are resisting, have rejected the proposal, and stated that they will leave Switzerland if this passes: Surveillance: le géant des mails cryptés Proton prêt à quitter Genève | Tribune de Genève

I think it is clear who can be trusted and who cannot be trusted. Looking forward to your thoughts on this also, especially if anyone here is using the kSuite.

Terrifying. Thanks for sharing to the forum and offering your insights from the French-language articles.

How widespread is infomaniak anyways? Are their user-facing services, such as K Mail and KSuite, even worth discussion at the first place? I haven’t heard of them before but curious to hear your thoughts on their products.

I’m surprised you haven’t heard of them – they do get mentioned on here from time to time, and some forum members have recommended them, despite not being E2EE. Their suite is a lot more ‘complete’ I’d say, especially thanks to kMeet/kChat. Still, I would say lately they have been benefiting a lot on the Mail and Cloud Storage front when it comes to user-facing products, which is especially obvious when you lurk mainstream subreddits or even recently growing ones like deGoogle.

I particularly find it mindblowing that a Swiss company would go against the grain of so many of their competitors, like Threema/Proton, and so on, when the signals have been so loud that people don’t want this, and the companies themselves don’t want it either.

It’s appalling how he doesn’t understand that a backdoor is for everyone and not only for the good guy. They say that “swiss and european citizens don’t want to bear responsibility for justice issues, such as the r*pe of a girl, because [investigators] cannot track the network”.

Yet, he also claims that should China ask for information to Swiss trough Interpol, infomaniak would then protect users that are climate, humanitarian or democratic activists.

So you think that because you are advocating for the law now, swiss courts would say “Oh, this request for information on an activist is to infomaniak, so we will go soft on them”? No, you will have to comply, and with all the metadata you will have to store, many info will be known of those activists.

Naive all around

They’re basically saying anonymity are for criminals. Yep people should dump them and shouldn’t be recommending them for just that absurd notion alone.

Personally i used to thought they’re an okay-ish provider. Obviously not on par with proton or tuta since theres no e2e but also not as obvious horrible as google or microsoft. Their storage offerings are dirt cheap, useable for clientside manual encryption via cryptomator and such. Their privacy policy while mentioned they do collect PII are understandable considering they’re a domain registrar bound with icann contract for kyc-ing domain registrant but this call of support mandatory metadata retention is really bad faith. Way to shoot yourself in the foot distancing yourself from your original userbase target with the self proclaimed “ethical”. Disgusting people.

There was a comment on Linkedin of someone saying he felt betrayed for recommending infoManiak to his customers

I have 10+ domains and VPS there, someone knows a valid privacy respecting alternative to migrate? Possibly Swiss and not Njalla

I am highly unconvinced, but they did post a response:

“The company defends a responsible digital model: no total anonymity”

ok, bye?

I can also agree with them that they don’t want anonymous users, but demanding that anonymous users shouldn’t exist is a strong opinion that in my view has no “excuses.”

Despite that being a direct quote, they actually doubled down and accused Andy Yen of spreading false information. Unbelievable.

Thread on Twitter https://xcancel.com/infomaniak/status/1931658700743135261#m

Since its founding, Infomaniak has always committed to retaining only the data our clients consciously choose to store with us — in full respect of their privacy

So do they really allow user to choose what to store with them, encrypted or unencrypted?

If the post office in my city tells me they will automatically collect and retain all the metadata of my every mail, i would walk away immediately.

I’ve translated all their speeches, and they’re changing positions to keep the boat from sinking. But the substance remains the same : they indirectly support the surveillance order (saying that regulation is needed on several occasions) and their position on the blog has nothing to do with their own words a few days ago.

Andy Yen was able to see my transcript and may write a right of reply soon. Don’t put the spotlight on Infomaniak’s response ; it clearly hides their game. They attack Proton repeatedly on the radio.

Having just read the transcript thanks for @_r3m8, the accusation of false information is a bold one. There are so many falsehoods in that transcript I am tempted to exercise our right of reply. https://x.com/andyyen/status/1932066617841877106

I have highlighted the most problematic arguments in my thread : https://x.com/_r3m8/status/1931775986145628443

The full transcription in french is available here : #### Tomas Jacobson responsable communication chez Infomaniak (RTS.ch)https: - Pastebin.com. I’d like to make it clear that I’ve written everything by hand to avoid any potential mistakes that an AI might make. Anyone who can translate this text is welcome to do so.

Thank you for the quite detailed thread.

Motivations could not be clearer. If this law comes into effect, Informaniak gets to harm their main competitors in this market even if said product offerings don’t have feature parity with Proton’s services.

If you think about it, they’re gunning their entire strategy on “Buy EU” and data governance rather than offering E2EE

I do agree, but I was mainly saying that their new position on their blog is still bad lol

I agree. I don’t want to cry scandal, but they make a lot of reference to the problem of the presence of US software in E.U. and Switzerland.

And it’s a problem, I think the privacy community is totally convinced of the problem. This is what Infomaniak says very clearly ; according to them, we (privacy focused communities) won’t have anything to do with the presence of U.S. software in our applications under the cloud act. Lol do they know what they’re talking about ?

Here is one of the many problematic excerpts that reveals their position very clearly, translated word for word :

[…] is to ask the question : why Microsoft and Google [Infomaniak implies that nobody cares] and why are we attacking a law like this [the surveillance order], which is necessary, which is old and which needs to be modernized ?

As a company, we don’t have to be for or against [the surveillance order]. So our position is fairly neutral, like Switzerland.

“necessary”, “needs to be modernized”. Now in their blog : We are opposed to this revision as it stands.

I’d go further, but remain cautious ; perhaps their stance can help them seduce public institutions, particularly European ones, with their desire for a “happy medium”. They’ve accused Proton of focusing money (and it’s false), when in fact it’s they who are looking for customers. I really hope it’s not true, but it could look like this.

To think I’ve been considering signing up for KMail as part of my email strategy. The only reason I’ve been stalling is because they require a phone number. This is extremely disappointing.

Even though KMail is not E2EE, I had heard that they were planning on implementing it. But these comments from the head of the company shows that they clearly don’t care about privacy. If they did, they would at least criticize Proton on solid grounds, but those statements were so misinformed. If you are going to compete in the privacy market, at least know what your competition is all about.

One thing that always bothered me with Infomaniak is that they heavily market themselves as private, and to me, it is unthinkable to do that when you don’t have E2EE. Especially when you know Proton and Tuta exist.

Were they planning to pull a Pavel Durov and not respond to FBI legal requests or something? Or is this “privacy” marketing nonsense backed by them promising not to sell your personal data to advertisers? Maybe that latter is enforceable through a good privacy policy.

To be honest, I have no idea what their unique value proposition is besides being European-based!