redpulpo

🤢

Dom here! 💪

You can repeat that framing, but it’s still inaccurate. Proton didn’t “unmask a user for the FBI.” They complied with a legal order from Swiss authorities for data they already had, and that information was later shared through legal channels.

What identified the user was their own payment data tied to the account. If you pay with a credit card and create the account without anonymity tools, your identity is already linked — no provider has to “break” anything.

That’s the uncomfortable reality: people often de-anonymize themselves by using identifiable payments and normal connections instead of Tor and anonymous methods when creating the account.

If you need port forwarding for qBittorrent + Arr + Gluetun, Mullvad isn’t an option anymore. They removed port forwarding in 2023.

That basically leaves Proton or AirVPN. Proton still supports port forwarding on P2P servers, while AirVPN is the more “power-user” option with persistent forwarded ports.

So if port forwarding matters for your setup, dropping Proton for Mullvad would actually break the functionality you’re using.

The reporting doesn’t say Proton “literally unmasked a user to the FBI.” What happened is that Proton was legally compelled by Swiss authorities to provide payment data they already had, and those authorities later shared it with the FBI through a legal assistance treaty.

The email content remained encrypted. What identified the user was the credit-card payment tied to the account, which is inherently traceable.

The uncomfortable reality is that people often deanonymize themselves: they create accounts without Tor, pay with identifiable cards, and link real-world data to the account. At that point the provider doesn’t need to “break” anything — the identifying information already exists.

That’s a misleading way to frame it. Proton doesn’t “unmask customers for the FBI.” They respond to legal requests through Swiss authorities, like any company operating under a jurisdiction.

And in the reported cases what was provided was account or payment metadata, not decrypted email content. If someone ties their real identity to an account through payments, no provider can magically make that anonymous.

A good comparison is Mullvad VPN. When Swedish police searched their offices in 2023, they left empty-handed because Mullvad doesn’t keep user identities and accounts aren’t tied to emails. If a user registers without identifiable payment, there simply isn’t much data to hand over.

The real issue isn’t “betrayal,” it’s what data exists in the first place.

You’re free to dislike Proton, but most of what you’re describing isn’t unique to them — it’s how any service operating under a legal jurisdiction works. If a company stores payment or account data, a court can compel it. That’s true for Proton, Tuta, Gmail, or anyone else.

Expecting a hosted email provider to somehow eliminate all legal exposure for users just isn’t realistic. If someone needs real anonymity, the solution was never a normal email service in the first place.

Criticizing marketing or leadership is fair. But blaming Proton for the basic limits of hosted services sounds more like anger at the system than a technical critique of the product.

I’m not pretending anything. You’re criticizing their marketing, I’m pointing out the technical reality behind the claims. Those are two different discussions.

Proton’s core claim has always been encrypted email content, not immunity from legal orders. No company operating in a country can ignore the law.

If your argument is that their marketing created unrealistic expectations, that’s a fair criticism. But calling it a “lie” and ignoring how the technology actually works doesn’t make the argument stronger.

They’re a paid service with a free tier — of course they promote upgrades. That’s literally how freemium products work.

But ads for a paid plan don’t suddenly mean the privacy model is fake. By that logic every privacy service with a free tier would be “untrustworthy.”

If you prefer Tuta, fine — but pretending Proton exists only to grab money is a pretty shallow take.

I read it just fine. What you’re doing is calling it a “lie” because you expected anonymity from a tool that advertises encrypted email. Those aren’t the same thing.

Anyone who actually understands the basics of privacy tools knows that. Your argument sounds more like frustration than a technical point.

I’m not shilling for Proton. I’m pointing out a basic distinction you keep ignoring: encryption protects message content, not identity.

Calling Proton’s encryption a “lie” just shows you’re arguing emotionally rather than technically. Anyone who actually understands the space knows encrypted email was never meant to guarantee anonymity.

You’re still confusing two completely different things: privacy and anonymity. Encryption protects the content of messages, not every piece of metadata around an account. Proton has always been clear about that.

In the 404 Media case, the identification came from payment information, not from Proton breaking encryption. If someone pays with a credit card, their identity is already tied to the account. That would happen with any provider under legal jurisdiction.

Honestly, the way you’re framing this suggests you don’t really understand how encryption, metadata, and OPSEC work. Encryption ≠ anonymity. Anyone who actually works in security knows that.