I’ve read the stories of them complying with Swiss authorities with handing over some metadata and payment information when requested, but I’ve also heard other companies attempted to be raided by authorities but them being empty handed because there was no data being held.
I mean, Proton requires you to make an account, while some others don’t (with Mullvad and IVPN you get an account number and nothing tracing back to you, if you pay anonymously).
Is it purely due to the jurisdiction Proton is in that they must collect more data than, say, Mullvad? Also, they don’t seem to encourage anonymous payments like some rival services.
So, are they to be fully trusted with your money in particular? Depends on your threat level I know, but there’s something about them that makes me wonder if they go as far as they can in preserving privacy?
I think you’re confusing Proton VPN with other Proton products in their suite. The stories of them complying with Swiss authorities is about their Proton Mail. Their policies for Proton Mail and Proton VPN are different, since Swiss laws for email service and VPN service are different. So you could create a separate account just for Proton VPN (you need to provide an email address though) and you won’t be logged.
I think you are conflating privacy with anonymity.
Proton was founded and continues to be a privacy focused company. It is possible to use their services anonymously but that is not their focus.
In general, being actually anonymous is extremely difficult and easily compromised by any slight mistake. Going through the effort of paying for proton mail anonymously is likely not worth the effort for 99% of users as something else they are doing or failing to do will eventually compromise their identity anyway.
All mail providers have to, by law, comply with whatever relevant alliances, local or international with agencies like the NSA or FBI.
They do recommend cash as anonymous payment, but I’m not sure what you mean by "strongly recommends".
It seems like you’re mixing the VPN and Mail services together and comparing solely VPN providers. You need more “metadata” for a mail account, but if you’re referring to that protestor story recently then that was due to the client using an unmasked payment method.
That story was very click-baity and made it seem like Proton was happily showing the FBI around the user account and handing over emails.
Because proton is not as serious about privacy as they claim. All you need to see is that they do not officially offer monero. Ah, and then they release a bitcoin wallet, one of the easiest cryptos to trace. Really makes you question if they truly value privacy as much as their marketing might say.
It’s also funny when you see how many legal requests they get and how often they comply vs contest - around 95% compliance rate! Now compare it to Tutanota, they contest about 75% of cases…
Now I’m not saying Proton is bad, theyre just simply doing a bare minimum in the public’s view in regards to privacy. They’re just dumping money into marketing to try and convert people from google’s ecosystem.
Even so. Defaults matter. Proton understands this. And there are many things they can easily do to make it harder for users to be identifiable without breaking any laws. You won’t have perfect anonymity, but you’ll be harder to identify.
Moreover, Proton can change their defaults. When you’re about to pay for a service, Proton can make it so that the first payment option presented to you, the one that is checked, is a gift card or cash, with a little note explaining why. It doesn’t hide or remove the option to pay directly with credit card. It just presents you with a default that is more private.
Changing the default to cash or gift card would make it harder for most proton customers to pay for the service.
I would bet a very small minority of their customers are even interested in such an option. Why make a default for the tiny minority and risk annoying most of your customers?
The option is in fact there for those who want it. If someone needs a default to pay anonymously then they aren’t the kind of person with the attention span required to actually be anonymous to begin with.
They are a good service. But their marketing is towards normies who want a suite to move to that’s private to get away from Google. They don’t really care about attracting hardcore privacy enthusiasts. That’s more Tuta. Tuta is much more committed to privacy. Two quick examples I can think of off the top of my head, is that they have vowed never to include AI in their products, and that they will never offer a VPN, as email + VPN with same provider presents it’s risks.
If the option to pay via credit card is still clearly visible, is it really that much harder?
It’s literally a different checkbox. You see three checkboxes, and the one ticked by default is cash or gift card instead of credit card.
Your position is the equivalent of saying privacy focused browsers like Firefox should not make DuckDuckGo or Brave Search their default search engine because it would be harder for users to use it.
That doesn’t make sense to me.
If the option they prefer is still clearly visible, I don’t see the problem.
I don’t believe that to be accurate, and I question that assumption. This is the same excuse Telegram and other services use to explain why they don’t have E2EE by default. They say that only a minority of their users actually want or use E2EE. But of course we all know that companies impose defaults and shape our choices. Andy Yen, Proton’s CEO, acknowledged this when criticizing Telegram in the interview I linked above.
Telegram users don’t prefer it without privacy. They like Telegram because of all the unique features it has that other messaging apps don’t have. They are deceived into believing they have privacy. Telegram simply refuses to make most of their features E2EE because it’s hard, and they are lazy. So they make excuses and say their users don’t want that, which IMO is deceitful.
That’s a valid question. The reality is defaults have an influence over how many people use a feature, so it would make a difference if gift card and cash were the primary options.
The author seems to believe Proton should somehow operate outside of Swiss law and be exempt from the MLA treaty.
What company like Proton can operate above their local laws?
We shouldn’t blindly follow any company, but rather read their terms and policies, and use aliases. The story in that article mentions a Facebook page that used the primary @protonmail.com address as the contact, which isn’t wise if you seek anonymity.
I wish they did Monero directly (or similar) but you can use Monero though a proxy payment if i recall. Cash is still great though.
But if you need to operate secretly from your local government, then I’d suggest not using any providers mail domain and a credit card.