Proton doesn't really support anonymous payments. Let's demand that they do

NOTE: This post is a compilation and refining of criticisms I have shared before about Proton across multiple comments since last year. I am putting it all together here in a single place so that it is easy to find and reference. I’ve been working on it for a long time and it’s finally here.

In addition, this thread contains reporting on Proton 's apparent relationship with the Proxy Store, based on my past interactions with both, such as the fact that last year, Proton’s legal team allegedly sent notice to the Proxy Store demanding they stop selling their vouchers (Part IV-B ).

TL;DR:

Proton does not support anonymous payments for the following reasons:

1) They don’t accept Monero.
2) Cash payments require you to disclose your username.
3) Neither cash nor Monero are accepted for the purchase of gift cards.
4) Proxy Store vouchers are limited and exclusively for free Proton users.
5) Proton gift cards are not available on the Proxy Store or any other privacy friendly reseller.

These privacy gaps are significant but easy to fix.
Let’s raise our voices and demand it from Proton.

INTRODUCTION:

In the last couple of years, Proton has received negative publicity due to multiple controversies involving their handover of user information to authorities. The most recent one was reported by 404 Media and involved the FBI.

Stories about how Proton users get their identity exposed via legal warrants are valuable regardless of if these people are good or bad or anything in between. These stories are insightful because they reveal Proton’s shortcomings. It’s a teaching moment for both Proton and its users, and we should all take pause, and react proactively if we value privacy.

One of the common ways that a Proton user can be identified is through their payment information, which is typically their credit/debit card or their PayPal account. As a counter to that, Proton claims to support anonymous payments, but this is not true, because, as I’m about to explain, all the “anonymous” methods they offer are compromised or limited.

PROTON_Payment Options1340×1012 60.7 KB

I. PROTON DOESN’T ACCEPT MONERO

Monero is the only anonymous cryptocurrency by default, and Proton doesn’t accept it as a payment method. I have said in the past that I personally understand Proton’s declared reasons for not accepting direct payments via Monero. Monero is unfairly associated with crime by the most powerful international auditors, and Proton does not want to take the risk of getting delisted by them, as it could damage their reputation. I do not hold it against them. The fact remains, they don’t accept Monero.

II. PROTON’S CASH PAYMENTS ARE NOT ANONYMOUS

Cash is the easiest way for the average person to pay for something anonymously. Unlike using cryptocurrency, it doesn’t require technical skills and knowledge that, for most people, are difficult to grasp. Even more so when you consider that buying cryptocurrency anonymously requires advanced proficiency.

Proton cash payments require that you declare your Proton username, which compromises your privacy.

PROTON_Cash Payments1280×557 51.8 KB

Many Proton usernames are linked to real names (jordan.smith@pm.me). Even if you disclose a pseudonymous username (SexyDoor@pm.me), if it is part of the same account with the address containing your real name (Jordan Smith), it makes no difference. Your real identity is still exposed.

When Proton receives a cash payment, a human agent has to manually add the payment to your account. Why? If I can pay Proton via credit cards without human interference reading my profile, I should be able to do the same with cash.

Plenty of privacy companies, like Mullvad, IVPN, and Posteo, accept cash directly without requiring you to declare your username. They found creative ways to achieve it.

Why can’t Proton copy their model? Or the model of Tuta and Addy, that accepts cash and Monero indirectly?

III. PROTON GIFT CARDS CANNOT BE PURCHASED ANONYMOUSLY

PROTON SHOP_Proton Gift Card Not Anonymous1568×1093 68.7 KB

Gift cards are another way to buy subscriptions anonymously, especially when they are bought from privacy-friendly resellers. They work like cash except they can only be spent in one place.

Proton sells gift cards in their online shop. They cannot be bought anywhere else. They also cannot be purchased with cash or Monero, which are the only forms of anonymous payments. Proton gift cards can only be purchased with credit/debit cards, PayPal, or traceable cryptocurrencies like Bitcoin. None of these methods are anonymous, and hence they can all expose your identity.

Do you know which privacy companies allow their gift cards to be bought anonymously with cash and Monero?

Tuta. Addy. SMS Pool.

This is extremely poor implementation when you compare Proton to its peers and competitors in the privacy community who have been doing it well for years.

IV. PROTON’S PROXY STORE VOUCHERS ARE SEVERELY LIMITED

Another way to accept anonymous payments is via privacy friendly resellers like The Proxy Store, who accepts cash and Monero as anonymous payment. However, Proton’s offers in the Proxy Store are severely limited.

A/ Proton’s Proxy Store vouchers are exclusive to free users.

An existing Proton subscriber cannot use them to renew their subscription. If they want to use them, they have to cancel their current subscription, which means losing any discount if you’re on a lifetime discount. This also applies to SimpleLogin vouchers.

Any existing Proton or SL subscriber should be able to renew their current subscription anonymously and automatically. And any new subscriber should be able to do the same.

Even if you are a new user and you purchase a subscription anonymously via the Proxy Store, you cannot renew it via the Proxy Store. You will always have to cancel your current subscription or wait for it to expire in order to purchase another one the same way. That is not practical at all.

Any active paying subscriber to Tuta, Addy, or SMSPool can renew their current subscription via the Proxy Store. That is because their gift cards can be added as credit. Which means you can anonymously top up your account in advance, so that when your billing cycle comes, your subscription with them will be automatically renewed via your credit. Proton should follow this model. Native Proton gift cards work as credit, but they cannot be purchased anonymously.

B/ Proton vouchers in the Proxy Store are not consistently available

NOTE: This section is specifically about vouchers for native Proton services and doesn’t apply to SimpleLogin, whose availability on the Proxy Store has been consistent and predates their acquisition by Proton.

Some services that Proton once supported (Proton Mail) have disappeared multiple times from the Proxy Store, suggesting they are no longer supported. It seems as if Proton is deliberately withholding vouchers from the Proxy Store. Their relationship appears shaky, and I don’t understand why. Most of my confusion lies with Proton.

In July of last year, I made a comment complaining about the fact that Proton did not support payments via the Proxy Store. Months later someone notified me that they finally were. I was ecstatic by this news and had the urge to immediately reply to express my joy. However, I refrained from doing so because I wanted to ask Proton about it first, and what transpired in my exchange with them astonished me.

Proton support explicitly and repeatedly denied to my face that they supported payments via the Proxy Store. Against compelling and irrefutable evidence, they affirmed to me that it was not true. The evidence included:

a) The Proxy’s Store’s announcement on their website (Sep 9th, 2025)
b) Confirmation by David Peterson, Proton VPN’s General Manager (Sep 15th, 2025)
c) Confirmation by Proton on PG (Sep 16th, 2025)
d) Confirmation by Proton on their website (Oct 1st 2025)
e) Confirmation by Proton on Twitter (Oct 1st, 2025)

PROTON_Proxy Store 0011810×493 73.5 KB

Much of this evidence was provided to me directly from the Proxy Store. Yet Proton support kept denying it. We went back and forth for MONTHS.

You know what Proton said to me the first time they denied it?

That their legal department had reached out to the Proxy Store to have them removed. It’s almost like they had learned the information from me and were not aware of it, which of course is impossible given the evidence.

When I reached out to the Proxy Store for comment, they were as confused as I was. They had not heard from Proton’s legal department, and assured me they would never sell Proton vouchers without their explicit authorization. They have a formal agreement with all of the companies whose service they sell. I was inclined to believe the Proxy Store.

Since my earliest exchanges with the Proxy Store on this matter, Proton vouchers have disappeared and reappeared in their store, presumably because they were running out and Proton was slow to provide them with new stock. To my understanding, there were long silences from Proton after multiple attempts from the Proxy Store to reach out to them.

Last month, the Proxy Store announced that they would stop selling Proton vouchers, because Proton had not responded to any of their requests after 5 months of attempts This was not the first time this happened. The news was also reported here on PG. When I inquired the Proxy Store about it, they said that someone from Proton had finally reached out to them and they were in talks. Now the vouchers are back again.

What seems clear is that Proton is very slow to respond to the Proxy Store’s requests, and all indicators point to it being deliberate.

The course of these strange events leads me to believe that Proton and the Proxy Store’s relationship is not on the strongest grounds and that Proton has reservations about selling their products and services on the Proxy Store for unknown reasons. Even the Proxy Store seems to be in the dark about Proton’s motives.

V. PROTON GIFT CARDS ARE NOT AVAILABLE IN THE PROXY STORE

Unlike Proton and SimpleLogin vouchers, Proton gift cards can be used to credit your account and renew an ongoing subscription, which is fantastic! But for some inexplicable reason, Proton gift cards are not available in the Proxy Store, when this is unquestionably the best way to anonymously renew an ongoing subscription or purchase a new one.

WHAT PROTON SHOULD DO AND WHAT WE SHOULD REQUEST:

1. Allow privacy-friendly resellers like the Proxy Store and Cake Pay to sell your gift cards.

Only allowing subscriptions to be sold via vouchers is extremely limiting. Proton gift cards can be used as credit, which allows users to renew an ongoing subscription in advance and automatically or purchase a new one, all anonymously. They should focus on the Proxy Store first, because they accept cash which is the most privacy friendly payment method.

In my opinion, Proton should stop selling subscription vouchers altogether and only sell gift cards with amounts that correspond to the price of the subscription, but also in other amounts like their $20 and $50 gift cards, because many users have discounted lifetime subscriptions.

2. Support direct cash payments that don’t require users to share their username or any personal information. That includes payments for gift cards.

3. Allow SimpleLogin vouchers to be used as credit like Proton gift cards.

That allows SimpleLogin subscribers to anonymously renew their ongoing subscriptions automatically and in advance instead of having to cancel or wait for them to expire.

4. Allow Proton and SimpleLogin gift cards to be used interchangeably.

In other words, allow Proton credits to be used on any native or non-native Proton service. That means allowing Proton gift cards/credits to be used for SimpleLogin, and allowing SimpleLogin gift cards/credits to be used for any native and non native Proton product. That means they can be used for Standard Notes too.

5. Anonymize credit card payments

Proton should follow Posteo’s example.

In 2009, Posteo found a way to anonymize credit card payments so that your credit card payment is not actually linked to your account or any account. I don’t see why Proton can’t do the same. Or why they didn’t start doing that from the very beginning since Proton Mail launched 5 years after Posteo implemented this infrastructure, in 2014.

CONCLUSION:

Payment method is one of the most common ways authorities identify the users of a private online services. Hence, paying anonymously is an important feature to have if you want to protect your users’ privacy. Proton claims to support anonymous payments, but they actually don’t.

Proton doesn’t support anonymous payments because most of their alternative payment methods are traceable and hence compromise their users privacy. Moreover, the one payment method that is actually anonymous (Proxy Store vouchers) is extremely limited because it is exclusive to free users and not available to ongoing subscribers. Proton vouchers are also inconsistently available.

There are very easy ways that Proton can remedy this problem and actually support anonymous payments. Chief among them is to make Proton gift cards available on the Proxy Store in small ($20) and larger amounts ($100), because they can be added as credit to your account, whether it’s a free account, or an ongoing paid subscription.

If we truly value privacy, we must demand this from Proton and we must be loud about it. We have more power collectively than as individuals in our little corners, so let’s raise our voices!

I’d rather Proton get attention for frustrating authorities because their privacy infrastructure prevents them from identifying a user than them getting attention because complying with a Swiss warrant facilitated the identification of a user.

I feel you are being harsh with them here as the cash payments will be a good solution for most of the minority that wants anonymous payments, given that cash doesn’t require they keep records like with credit cards. It’s someone’s choice to make a personally identifying username, but all Proton will know is that you sent cash to it.

The larger issue with sending cash is that, if you’re being completely above the board, in the US you are supposed to declare any cash to customs. You can get away with sticking a couple hundred inside a post card with no return address (at the risk of possibly losing your $200 with no notice or recourse), but most would prefer at least a certified letter.

Having a way that’s not linked to an account would be very useful because you could send from your home address and even declare to customs without that information being linked to your account. If the letter is intercepted, your account also will not be revealed. I would be supportive of them adding this.

Overall I get why this is not a priority to them, as it’s significantly more work for a small portion of users. That’s one reason to go with tuta, mailbox, etc if you want the highest level of privacy.

Addendum: I will say the legal team possibly lying to you is… not great though? If I was paying, I would probably go with a specialist who’s dedicated to their email service rather than proton, as you can avoid some of these types of issues that come with a larger company.

I agree that Proton should make its payment options more accessible for the extremely privacy conscious members of the privacy community.
However, it is entirely user-error if John Smith is paying cash for their john.smith@protonme account and is expecting to not be identifiable. That is a silly thing to blame proton for, in my opinion.
It’s easy to set up an entirely separate 2nd proton account with no identification in the account name and pay cash for that membership if it is something you are concerned about.

And this is literally why I find OP and their post pointless. It’s not true and still sticking to this point is beyond silly.

Well, you are only allowed one account as a free user, so if your first account name is John Smith, you are stuck with that. Proton TOS also bans multiple free accounts (TOS Authorized User Services #9), though unofficially they don’t go after people who aren’t causing a problem like someone with two personal accounts being used in a typical fashion.

You could use proxy store to pay for a subscription to a new account, then merge the accounts under the second account, then send cash under the second account name in the future, but that’s not exactly a user friendly process. You’d also briefly violate TOS by having two free accounts, while after Proton would be able to see both accounts are linked when you send money. If they had an order from law enforcement to collect information on you, this could result in both accounts being revealed.

Rather than beyond silly, I mostly think it’s clear that OP does not value the Proton ecosystem at all, repeatedly describing it as a “lock in” and the like. The ecosystem is the one aspect that’s unique to Proton, what their paid users value them for, and what Business users care about, so that’s always going to be their priority over niche features. Therefore OP is likely to never be happy with Proton, at which point the path of least resistance is to use another service.

It would still be good if they enabled fully anonymous cash payments. Imagine you are an averagely tech skilled person living in a dictatorship or something like that, where the gov can intercept any letter they want. The extra anonymity could help you a lot, even if you aren’t an activist or persecuted minority group who needs the highest level of privacy.

I never implied or said you should have multiple free accounts. Pay for what you use.

This has been clear for a while now.

I believe they already have. Cash payments as they currently do.

What makes no sense is wanting a person who wants to use their name or anything identifiable as their username and wanting to have an anonymous account. WHAT?!

If you want an anonymous account, why would you use your name or any name as the username?

I believe they already have. Cash payments as they currently do.

Well, as I said…

Having a way that’s not linked to an account would be very useful because you could send from your home address and even declare to customs without that information being linked to your account. If the letter is intercepted, your account also will not be revealed. I would be supportive of them adding this.

Again, imagine you are in a dictatorship, so they can read any letter they want and will intercept any outgoing letters that have undeclared cash. The dictatorship is now guaranteed to get your account name when you send cash, even if the name wasn’t personally identifiable.

I think you’re also missing that you cannot use cash or a voucher to pay for a new account. You either are paying by credit card / paypal or you creating a free account to send cash to at a later date. This means you will at least briefly have two free accounts. My idea here was to use the proxystore voucher to reduce this time as much as possible, down to minutes, but this still means you are violating TOS for a few minutes.

I do think cash payments as they currently exist will work for most of the small number of people who want anonymous payments, but it could be improved further.

Not every option and solution can be made equivalently applicable. It’s not always possible. Exceptions are always going to be there. That doesn’t mean Proton doesn’t offer a solution. They do.

You would also briefly have two accounts between you making an account and between the seconds or minutes or even days before you make that anonymous payment or use that voucher. So what? You are going to be paying for it. I don’t see this as a valid argument.

Many, many things can be done. Question is how worth it is to do it.

But it is exposed at the time that you created the account name.

I never considered the email address it self to be unknown to Proton.

Like every time you sign in you submit your user name. Proton needs to know the address to know which emails are for you. Proton knows your username.

Nothing in a letter with cash connects the username with anything else about you. Proton isn’t getting any connection they don’t already know.

In this case, the alternative already exists with groups like posteo, so they would be adopting an already existing feature that makes them more competitive. Ultimately what to prioritize is Proton’s decision, but I don’t know why you would be opposed to Proton users requesting a new feature. They are continually implementing new features and value subscriber feedback.

You would also briefly have two accounts between you making an account and between the seconds or minutes or even days before you make that anonymous payment or use that voucher. So what? You are going to be paying for it. I don’t see this as a valid argument.

The point is that this method requires temporarily violating the TOS, which everyone agrees to when they make an account. Do you really not see how this is less than ideal compared to an officially endorsed method that doesn’t violate TOS, regardless of if they are going after people who do this? They could easily allow cash, monero, or voucher with new accounts like other providers do.

Just as an example, in my religion lying is strongly discouraged and I went through a ceremony where I made various vows, including to avoid lying. Therefore I want to follow the TOS, regardless of if violating it would get me banned or if it would directly harm another person.

This isn’t an issue in my case, as I am a happy free user, but your method would not be a good solution for me. I don’t think following the TOS is a crazy thing to want to be able to do.

There are other reasons people choose Proton over Posteo. This doesn’t make it an alternative. Also, I don’t see how Posteo is superior here.

I’m not opposed to it. My argument is that they already provide it. Please infer what I am saying more accurately. I do think they should support XMR too. It’s high time. If IVPN and Mullvad can do it, so can they.

Also, you can use XMR on here to get Proton Digital Goods by ProxyStore

If these are the only ways Proton is offering you to do what you need to, then you’d have to “violate” it briefly. I also don’t see this as a real violation because your intention is to buy it and that’s the process you take and go though to do it. If you see this as a violation, I don’t know what can be said to make you understand otherwise.

Don’t think any religion encourages it. But it’s besides the point and it has nothing to do with what we’re talking about. Also, this is where you lose me. I’m done. Good luck with your puritanical hangups.

Ha, being called a puritan is a new one for me. No worries about not debating it further if it’s becoming a stressor for you. I think you made your viewpoint clear.

Since we are interpreting the TOS in different ways, I tried contacting Proton to ask if it’s a TOS violation. I’ll post it here if they answer. This seems like a situation where the simplest solution is to get it from the source. I realize this may be academic for you, but following it by the letter is a desire a person could have.

DEFAULTS MATTER

I disagree. I have mentioned that other privacy companies accept direct cash payments with no username requirements. If we can agree that that type of implementation is better and more private, why can’t Proton follow it?

Proton is the biggest and most well-known privacy company. I have little doubt that if the situation were reversed, if they had set the better standard currently championed by smaller privacy companies, and the latter followed Proton’s current weaker model, more people would agree with me and call out the other companies.

Last week, @anon25722375 shared a fascinating 3-hour interview of Andy Yen, Proton’s CEO, who was a guest on a German podcast. Yesterday, I watched it in full and took lots of notes, and I plan to fully articulate my thoughts about it soon. However, I’ll share some of them now since they are relevant to the topic.

In the interview, Andy Yen was asked about Telegram, WhatsApp, and Google. As he was talking about Telegram, two words kept popping into my head, and to my surprise, Andy Yen later uttered them. Those words are: defaults matter.

Millions of people use privacy services for reasons that are completely unrelated to privacy, and yet, despite that, without knowing it, they are still protected. Apple has some privacy virtues that protect millions of users by default. Privacy is not the primary reason people use Apple products and services, if it is a reason at all, and yet, they have some protection because of those defaults. Proton can do better with their cash payment system. Their default is not anonymous.

A Proton subscriber shouldn’t have to pay for a 2nd account for privacy. Especially when you get 10 email addresses with Proton Mail Plus and 15 with Proton Unlimited. Right now, a free Proton user has more privacy than a paying Proton user. That is not acceptable. It’s not acceptable that in order to enjoy all of Proton Mail’s features, I have no choice but to compromise my privacy.

That is not true. Regardless of if your username is your real name or not, a human person (Proton agent) is manually adding the credit to your profile. That means they can see your profile. And they don’t just see that you’re adding cash to it. They see way more.

What people seem to fail to understand is that there is a difference between Proton, the company, as in, its computer system that registers payments, and Proton employees, who are real people, doing the same thing.

Being known by Proton’s computer system and being known by a Proton employee are not equivalent. With the former, I still have some measure of privacy because I am hiding in plain sight amongst millions of other users. With the latter, I am drawing the attention of a real person specifically to MY account.

ATM vs BANK TELLER ANALOGY

It’s exactly the same with Proton’s cash payments.

Indeed, I can see how that can be a challenge for the user, but I don’t see how it’s one for Proton.

How is it more work? And why are you assuming that it’s for a small portion of users? To me, this would be the equivalent of saying that Telegram implementing E2EE by default would be more work for a small portion of users. Hence, it’s not worth implementing. If so, why do Proton, Signal, and many other privacy companies call them out? It’s ridiculous to think like that, IMO. Companies get to set their own defaults, and it’s not always based on mass user demand.

How many times has a company offered a new feature that was not specifically requested by users or the majority of them? It happens all the time. Companies often create the demand with their offer. That’s what being innovative is all about. And I would think Proton is an innovative company.

Yeah, I don’t understand what happened in that interaction. Proton kept repeatedly denying they accept payments via the Proxy store despite me presenting them with links from their own website and their own social media accounts.

Absolutely, but it’s not just for the “extremely privacy-conscious”. It’s for everyone. As I said, defaults matter. Many people started caring more about privacy because of Proton, but I would not qualify most of these people as “extremely privacy conscious”. We used to have much more privacy 50 years ago. Were people who were alive back then “extremely privacy conscious”? I don’t think they were extreme at all.

There is a technical term for when people only consider normal what they’ve known in their lifetime or youth, instead of taking a whole view of history. I think it was coined by a climate change scientist, but I forgot the technical term. This is exactly what has happened with privacy.

What are you talking about? I don’t understand what you mean. Can you please elaborate? It seems like you’re talking about a different topic. This post is a critique of Proton’s alternative payment options. Where in this post did I talk about “lock-ins”?

I love that Proton has a full suite. I have nothing against that and fully support their aim to supplant Google and Microsoft. What I don’t like, is not having the option to choose what I want to pay for.

I love Proton. I use Proton. I pay for Proton. I also I use other rival privacy services. There’s a difference between not loving Proton vs not loving everything about Proton.

Exactly. This is why I have these critiques. Millions of us in the world are protected in some way or another because of good default decisions made by government policies and businesses of various industries. We are completely unaware of these protections around us, and yet we are protected all the same because of public health. Because better defaults were implemented. Cars didn’t use to have seatbelts or rearview mirrors, and people didn’t think they were necessary at first. Proton has a lot of room for improvement and can easily implement better defaults.

WHat do you mean by see you profile? You send any email from that profile, the receiver sees the username. There is nothing more any employee of Proton can do other than to know your name and at most if you’re a paid user or not. I don’t know why you say it like they are Google where you have a whole profile attached to your email as they do in their settings. Not sure what you’re on about here.

Do you know anything more that I am missing?

Indeed, I can see how that can be a challenge for the user, but I don’t see how it’s one for Proton.

Yeah, this was intended to describe a problem for the user that proton’s current system doesn’t address.

How is it more work? And why are you assuming that it’s for a small portion of users?

Outside of online privacy spaces, I’ve never met a single person who wants their financial transactions to be anonymous, so I’m going off of that. Virtually everyone I know goes with the most convenient option. Exceptions like certain activists are a small percentage of the population.

I admit I have no hard data, but I maintain Proton’s first goal is to appeal to businesses and convenience seeking users. Like google suite, but encrypted. To put this another way, people who want data privacy but not anonymity, like businesses who want it known that it’s the businesses’ official account but don’t want their plans leaked.

To me, this would be the equivalent of saying that Telegram implementing E2EE by default would be more work for a small portion of users.

Nope, all that requires changing is the settings menu because the feature is already implemented. It would be like adding E2EE if they didn’t already have it, which historically has been quite a struggle to get providers to do. Many still don’t.

In proton’s case, they would need to implement a new system for cash payments, provide instructions and support, and deal with customers who claim their cash payment wasn’t processed correctly. Doable, but a non negligible amount of effort. There are a lot more people who care about Linux automatic drive syncing and hardly anyone uses desktop Linux. They must decide what to prioritize, which they will base on their internal data.

I hope they do add this eventually. It sounds like at least some people at Proton really dislike the voucher system and want to maintain control, so they would need provide an alternative method like other providers that accept cash.

What are you talking about? I don’t understand what you mean.

You said this in your posts in other threads, including the infographic one and also posts that came up in the past while searching the forum for unrelated information. You didn’t focus on it in this post. I am the one drawing a connection between you not valuing an all in one service and your dissatisfaction with Proton’s priorities, not you. Feel free to disagree.

I mean your Proton profile.

I’m talking what Proton employees can see, not when regular folk you email see.

I think you are missing something that you probably know but don’t appreciate.

When you make a cash payment and a Proton agent manually adds it to your account, they can see your Proton profile. They don’t just see what they need to see. Meaning they see what type of account you have, your name, and probably the country your account is tied to if you’ve ever used a credit card or a PayPal account. But that’s not all they see.

They can also notice patterns in how you use your account. Maybe they notice that you have access to features that, in their estimation, you’re not supposed to have, and they decide to remove them. If they notice anything they don’t like, they can make changes to your account without your knowledge or consent.

I don’t know if this has ever happened to you, but I have personally had customer support agents of various online services make changes to my account that I never asked for. They did it without my consent, and I didn’t appreciate it. I’m not talking about a universal change that is applied to many accounts by Proton’s system. I am talking about a customer agent making changes to a specific user’s account without their consent.

This has happened to me multiple times, which is why, as a general rule, unless it is absolutely necessary, I never contact the customer support of a service I use with the email address that is linked to my account without them. Because I don’t want them snooping on my profile or making changes I didn’t ask for.

WHAT HAPPENED TO MY GERMAN FRIEND

I have a friend who is German and who has never lived in Germany. Her parents, who are also German, have not lived in Germany in 30+ years. My friend, who grew up in Asia and lives in Japan, wanted to open a German bank account in euros. It was challenging for her because most German banks require your physical presence to open an account. But my friend found a small German bank that let her open an account online. She’s had that account for a few years now and uses her card regularly in Japan.

One day, while at a Japanese ATM, the machine broke her German debit card. It was no longer usable. So my friend called her bank to order a new one. On the call the bank verified her identity, so they knew they were talking to the actual owner of the account. The customer agent told her they would send her a new card right away and that she should receive it soon. Problem solved, right? Wrong.

After confirming that she would receive a new card, the customer agent noticed that throughout the year all of my friend’s transactions were in Japan, not in Germany. So she asked my friend, What are you doing in Japan? Do you live in Japan?

How is that the customer agent’s business? That is not why my friend called them. My friend called them to replace her card. She verified her identity, so they had no doubt she was who she said she was, and yet they felt inclined to peruse her profile, look through her transactions throughout the year, and make inquiries about them.

That is exactly what I worry about with Proton, which is why I want to avoid having a Proton agent manually crediting my account. I don’t want a Proton agent to be aware of my account, if I can avoid it, and this is absolutely avoidable, which is why it’s silly for Proton to make it a requirement.

I think most people have been in at least one situation where they wanted to make a payment anonymously. They didn’t want the person or company receiving the money to know that it came from them.

Yes. That doesn’t mean they don’t care about their privacy, and that’s why defaults matters.

The reason many people accept the worst defaults is often because they never experienced any better. But if they did, they’d probably have a different opinion. If Signal had launched before WhatsApp and become popular before them, and as a result was currently the leading messaging app, more people would be bothered by the fact that competing apps are not private. It would be a deterrent, because the default they are used to is Signal. Does that mean that most of the people who would have joined Signal at the time, would have been motivated by privacy? Probably not.

Don’t forget, that when WhatsApp launched, it was not owned by Meta, and it was more private than SMS. Yet privacy, was not people’s motivation for using it. It was because it was cheaper than SMS. And yet, they still had better protection.

Millions of Europeans alive today believe in free universal healthcare, because that’s what they are used to. It’s been their default for generations. The younger generations did not choose this default, and yet, they don’t envy the American system for a reason. There is huge power in defaults, and defaults can be changed. They can be improved, and be convenient too.

I think it’s misguided to think that only a specific kind of demographic needs the option for this level of privacy. Especially when you consider that as a society we had way more privacy 50 years ago. To me, it’s like saying that most people don’t need to use a service like Proton Mail and should be satisfied with Gmail. Defaults matter.

Most Proton users are free users. They already have better privacy than most paying Proton users. Don’t they deserve to have the same level of privacy if they wish to upgrade? I think they do, but they don’t have much choice. Upgrading comes with a privacy compromise that’s easy to fix.

The hard data exists. Proton’s CEO admitted as much in his latest interview. He didn’t say their goal is to appeal primarily to business, but he did say that their goal is to rival Google and Microsoft’s office suites. I fully support that goal.

I’ve said before that I want Proton to be so successful with businesses that it allows them to make their services cheaper for regular folk. I don’t think their Proton Meet strategy is well thought out, though.

My point was that it’s wrong to think that Telegram implementing E2EE is just more work for a small portion of users. It’s the latter that I disagree with. I think it’s unquestionable that it would be more work based on how painstakingly Signal labors at implementing E2EE in every single minute feature, including GIFs and emojis. If it were easy, Telegram would have implemented E2EE by default, but they value scale over privacy, which is why they are the 2nd biggest messaging app in the world with 1 billion users. Their rich features would take much longer to release if privacy was their priority.

Maybe. I empathize with them. I don’t know how hard it would be for Proton to implement what they ask for, but I am confident that what I’m asking for is much easier.

I have prioritized which anonymous payment strategy would have the most positive impact, and it is clearly, allowing gift cards to be sold on the Proxy Store. If Proton could only focus on one thing, that’s what I would ask for.

Yeah, I have no idea what Proton’s issue is there. The fact that the Proxy Store doesn’t know either makes it even more baffling.

Ah, yes. I think a lot of nuance is being missed. I have nothing against a Proton suite existing, and people choosing to put all or most of their eggs in the Proton basket. For some people, I would probably recommend it. My issue is with not having the option to pick and choose.

How do you know what they are seeing when they add funds to your account? Do you have proof they “see way more”? Or is it just an assumption?

Yes. That doesn’t mean they don’t care about their privacy, and that’s why defaults matters.

The reason many people accept the worst defaults is often because they never experienced any better. But if they did, they’d probably have a different opinion.

The convenient option in this case isn’t any form of cash payment. It’s using a credit card. And…

After confirming that she would receive a new card, the customer agent noticed that throughout the year all of my friend’s transactions were in Japan, not in Germany. So she asked my friend, What are you doing in Japan? Do you live in Japan?

How is that the customer agent’s business? That is not why my friend called them.

The bank’s whole job is to de-anonymize you so they can know who you are and where you are making your purchases. Otherwise, anyone could make charges to your account, while the bank wouldn’t know where to send the money. The bank also want to prevent card holders from using the card in a fraudulent or illegal way (eg money laundering) with vendors. This means they (and whatever employee is looking at your account) wants information like your identity, where you live, and where and when you spend your money.

The vast majority of people happily give up the anonymity of using cash for the convenience and security of using credit cards. Hence why I think people paying in cash are a small portion of proton users. I rarely see anyone say they actually paid Proton in cash as well, even in online spaces.