I’ve seen it shared a few times, and this is pretty concerning..
5 Likes
I’m not the best person to respond to all these claims, but I don’t know why there would be an expectation they don’t use US servers for something like this. It wouldn’t work reliably if everyone had to send their video feed to switzerland and back. And yes, they must comply with government orders.
Any accessing of a web service through one’s computer travels through nodes operated by various people. These are subject to the laws of the country they are in (and leaving US could make it less private, as US is allowed to spy more on foreignly located data). The content can be kept private through encryption, but various information could be collected like times or IPs.
I think it’s safe to say you shouldn’t be using Proton Meet if you need your communications to be kept completely private from the US government, not only the content but all information related the communication like times and location, and you expect to be targeted by police or even an NSA level threat. That isn’t “concerning” so much as the tool isn’t for you. It could be a good alternative to zoom for meetings that you want to be kept reasonably private, like a corporation afraid of their plans being leaked to a rival company.
Signal can do voice and video calls, so I would stick with that if you want to maximize privacy. With that goal, you should also leave certain types of communication to only happen in person. This is already the procedure of radical activist groups who expect to be targeted by the FBI. Often they use pseudonyms and will avoid answering certain types of questions even from trusted people.
If this is your situation, you should get more information from more experienced members of your community, which I bet isn’t going to use proton meet. If you just want your communications to be reasonably private for zoom style communication then I wouldn’t worry about the latest proton hit piece, though you can stick with signal if that works for you.
8 Likes
I’m kind of in the same boat. I think I need more context on this this from people more experienced with it. And one of the reasons for that, is I had to stop reading a lot of Sams stuff, because in his analysis about Proton services, he does do a lot of bad faith, half truth, nuance lacking doombaiting. But when it comes to proton meet, I’m not experienced enough to know about all these intricacies.
I do think Proton marketing may be overstating the benefits, but hype is their job as the marketing department.
The aggressive marketing is the only aspect I dislike about proton, which makes them feel more corporate. However the alternatives aren’t nonprofits, don’t have generous free services, nor are they as technically developed.
I’ve come to forgive a certain amount of marketing from Proton, but I can see value in challenging misleading claims. Ideally this gets paired with an explanation of for whom the claims are relevant, rather than used as fear mongering.
2 Likes
Im not a technical person but I was able to quickly reproduce some of the author’s findings, and that is enough for me to agree with the author.
I think Proton meet is an underwhelming product with overhyped marketing (a Proton’s usual), and it costs you extra.
1 Like
Weekly reminder that Proton is just Google that’s encrypted (sometimes).
When can we update our recommendations phrasing and disclaimers to more clearly state this?
1 Like
What might be better to use for business meetings then? (literally the only situation I’m ever gonna do video calls) Unfortunately while I do like Signal, it simply is not practical to expect all prospective clients to sign up for it. It would need to be something that doesn’t require any sort of account to use, but still affords at least some protection.
I haven’t tested it, but assuming Proton didn’t release a broken product, this is encrypted and should be fine for business meetings (assuming your business is legal).
1 Like
I do think this one is pretty clearly marketed to business clients. Notice that it’s included in their least expensive business plan and does not cost extra there:
It’s only the cheaper proton unlimited and duo, which is geared toward non-business uses, that excludes it. They are not trying to replace signal.
Personally I’m happy for them to get extra money out of business users to fund the free services I’m using.
I would argue that this is exactly what they tell you it is. It’s trying to replace Teams and Google Meet, not Signal. It’s in the name - Google can’t copyright the term “meet” so Proton used it, too. This is a business tool so Proton can secure larger business contracts. It’s likely more focused on creating an ecosystem for European-only tech stacks for EU/EEA businesses.
I’m also not technical, but it sounds like their solution is “route the encrypted data however we need to to get the job done, we keep the keys on our servers in Switzerland.” Which doesn’t sound like it’s fully worked out, and they certainly legaleese around some of the key terms. I would only assume that the content of the call is private. Which, to some degree, is “as private as meeting in person.” I can meet with someone and we can talk quietly over coffee at a cafe in a busy area and everyone can see who’s meeting, just not hear what’s being said. So the term is not an objective baseline of privacy standards, it’s entirely subjective marketing terminology.
I will add that we should keep in mind that the people with whom you meet are the weak link in the security anyway. Case in point, the outrage that anonymous participant IP addresses go to LiveLink. If you’re concerned enough to participate anonymously, surely you would also use a VPN to connect to the call in the first place, right? Or are we trying to bootstrap privacy on a video call with someone’s mobster granny here?
Every now and then, a dude claims Proton is lying or incompetent about their security or privacy. Likewise, Einstein is called a fraud on a regular basis on Internet. Of course, all those “debunkers” carefully mentions that they are themselves not competent… But they still want to give other non-competent people some clues to question what the most competent said.
I am not tied to Proton but I think you can hardly do better than what they do at a given moment, and they don’t lie. Proton never claimed they deliver a one-click all-in-one idiot-proof solution for perfect privacy against billion-dollar-budget organisations.
Specifically on this topic, the only argument, shaped in a hundred different ways in that overly long article (i know, this post is too), is that IPs are not secret. The other metadata (timestamps etc.) are only meaningful if one has the IP address. Well, good news! To mask your IP, you can rely on a VPN, for which many providers (including Proton) won’t log your connections. End of the problem.
2 Likes
I don’t think I understand all of this. If someone is more knowledgeable, please explain simply.
We shared similar earlier but this Sam does seem to forget that it is encrypted traffic. The same traffic that also flows over your ISP’s. Yes proton uses a third party cloud provider for this, but there is simply no data they can read.
1 Like
Proton Meet uses client side encryption (on your device) for contents of calls and their own key exchange server located in Switzerland. This means that audio, video, chat messages or screen share are E2E encrypted and neither Proton nor governments can see that.
However, Proton Meet uses US infrastructure providers (cloud providors) for call routing and transmission, which collect certain meta data such as who connected, from what IP, at what time, and for how long. These are stored in the US.
Note that this most likely does not contain your Proton username or email adress. Still, the collected meta data can be quite revealing.
To avoid this, they could in theory host the open source version of LiveKit on their own servers or at least proxy all traffic through their servers (like a VPN).
3 Likes
Thank you
Article 271 of Swiss Criminal Code.
Because Proton Meet is made by a Switzerland company, the US gov has to route any requests through MLAT (Mutual Legal Assistance Treaty) between the US and Switzerland. Article 271 of Swiss Criminal Code prohibits handing over data directly to any foreign government. The Swiss court can approve and issue a binding order if it aligns with Swiss laws. Yes, Proton can challenge any request and even so, they can only disclose the limited data they hold about the user of their product.
1 Like
True, but in this case, the matter is about the (meta)data held and processed by LiveKit, not by Proton. LiveKit holds and processes data about Proton Meet calls (IPs and timestamps), not Proton Meet calls’ data itself. And they are obliged to leave those (meta)data available to the US state agencies.
1 Like
US requests give useless isolated artifacts. But needs separate Swiss order on Proton. LiveKit sees only encrypted streams + transient metadata (IPs, timestamps, room IDs). No call content or identities—client-side MLS E2EE.
If you’re really concerned about LiveKit collecting metadata, disable WebRTC if Proton Meet allows fallback in Firejail on Linux Tails as bootable live via USB stick. Disable IPv6 systemwide. Definitely install uBlock and WebRTC Network Limiter extension; configure to disable non-proxied UDP or force proxy.
Test webRTC leak post set-up at
browserleak dot com / webtrtc
I wouldn’t say the artifacts are useless as they are an important target for intelligence agencies, including business intelligence companies working in behavioural advertisement. Social graphs built upon IPs and timestamps are real and are a real threat, especially for activists.
About your second paragraph, I am not sure I understand. How falling back on Firejail or using Tails would prevent LiveKit from collecting the IP address?
As far as I know, only a good VPN is able to address that concern.
Can I no longer trust Proton?
I use Lumo+ with very sensitive data. Do I need to switch my AI provider? Which alternative is better?