Proton Mail suspended journalist accounts at request of cybersecurity agency
63 comments
·September 12, 2025fivefives55555
j-bos
> Phrack reached out to Proton in private multiple times, and Proton ghosted them.
According to Proton's response in the linked reddit post: https://news.ycombinator.com/item?id=45227356
They say: "Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels."
commmentator
You'll note that Proton's PR only mentions the second date - " last one on Sep 6 with a 48-hour deadline."
Proton doesn't mention that the first email from Phrack which Proton ignored was weeks prior to that, which is what led to the second email in the first place.
You'll also note that Proton doesn't mention that their Abuse Team refused to re-anable the account after the article author did the appeals process, as per Phrack's timeline at the top of their article.
j-bos
That's a great point. I guess at this point it'd be ideal for them to treat this an incident and do a proper postmortem with timelines and decision calculus.
null
nsagent
To be honest, I've found Proton's public customer service representatives to be very duplicitous, so it's hard to take their word at face value. It's pretty ridiculous to see their response to legitimate concerns start with: "That doesn't sound right..." 80-90% of the time.
a0123
Sorry but doubt.
The whole "we have only received two emails" is a classic move of every company caught with their pants down. Considering Proton's history, they don't get the benefit of the doubt on this one.
As for the "company size excuse" sorry but considering the business you claim to be in (the private and secure email), having an on-call skeleton crew legal team available over the weekend for urgent requests is a bare minimum (and I'm pretty sure they have people available to hand over everything the cops request if "the proper process is followed").
Remember that they have turned over information in less than 24 hours before (for what they call an extreme case of course). So the "size" excuse doesn't hold. Doesn't matter how urgent it is, if they are the small bean they claim they are, there is no chance they can have a turnaround of less than 24 hours.
Again, it's not what they did that's the biggest issue, it's the coverup. Just like last time they got in hot water. Because the coverup raises a lot more questions.
baxtr
On a positive note: having reach on social media can solve problems nowadays.
a0123
Which the reddit fanatics on their sub are bending over backwards to defend and explain away when there is no two ways about it tbh.
nsagent
I've need a paying subscriber to Proton since 2018, but I recently canceled my subscription (which ends in November). I just got fed up with the constant bugginess and jankiness of their offerings.
Any suggestions for mail hosting and VPN? I hear good things about Fastmail and mailbox.org (I see they very recently rebranded to just mailbox and revamped their offering).
Also, I've been a heavy user of the SimpleLogin alias service. Any suggestions for easily porting all those accounts to a new provider? Manually changing each and every account to a new email seems painful.
DanOpcode
I recently moved from Gmail to Migadu and started to use my own domain instead. Works great so far
const_cast
My experience is the apps are missing very fundamental features. Which would be fine... If you could use other clients. But you can't, except for email, kind of.
Like, the calendar on mobile doesnt even have a search function. What if I want to know when an event is happening? I just have to scroll and scroll until I find it? Come on now. Also no storage backup in proton drive??? What??? That's, like, 90% of the purpose of proton drive!
0xbadcafebee
Fastmail is fine. It's somewhat limited in its UX, but technically speaking, everything works, and it's snappy. Very few outages. I really like their integrations with calendars, contacts, and mail for 3rd party sites/services. Not a ton of features or deals re: custom domains or multiple users, but it's fine if it's just for yourself. edit They literally -JUST- turned on Offline support for their app and web interface, so my only real complaint is gone. Go with Fastmail.
For a VPN, what do you need it to do? For tinfoil hat privacy stuff, get a VPS in Estonia or something. If you just want a secure tunnel while working remote, get a WiFi access point with Wireguard and Dynamic DNS at your home (it's free plus you probably have more bandwidth).
GCUMstlyHarmls
This 9-year-old issue me a bad taste for mailbox...
https://userforum-en.mailbox.org/topic/anti-spoofing-for-cus...
idle_zealot
I'm using Fastmail and Mullvad. Both seem to work pretty well and are reasonably priced. You could also host your own on VPSs if you're feeling adventurous.
esseph
> constant bugginess and jankiness of their offerings
This is something I had not heard (also have been a paying user for a very long time).
I've never encountered a bug, to my knowledge. I did dislike that when they released photo storage they didn't have a proper search feature.
teekert
Same here, no bugs in Proton apps and I’m still a happy subscriber.
throwway120385
For me the jank is in their billing and the plans I can purchase. I can either have a Business Mail Essentials plan or a Business Password plan, but if i want both at the same time I have to buy a plan that's three times as expensive or drop my custom domain name.
esseph
I do dislike their billing options when it comes to feature / service selection.
nsagent
Proton seems to have a lot of cheerleaders that come out of the woodwork when anyone complains. I'm happy that somehow their code is magically bug free for you, since you've somehow never encountered any bugs whatsoever in their code (despite their release notes mentioning literal bugs they've fixed).
I'm glad it works for you, but their offering is frequently buggy and broken for me.
dotnet00
It'd be useful if you pointed out bugs instead of just implying that anyone who doesn't share your experience is some sort of shill
esseph
I would imagine this is the universal case, otherwise they would be out of business.
People that feel very satisfied or dissatisfied with something are most likely to comment. I've just been very satisfied.
calvinmorrison
Fastmail is a good product with technical chops, contributes to open source and cares generally about being good members of the international email space, standards etc.
Fastmails interface is very plain, and it works very fast and works well.
They support a plethora of ways to do mail and have many advanced users so their mail support is very good, maybe close to running your own mail server without having to deal with rbls and getting spamlisted
2cents5ewe27366
I've been happy with Startmail, good customer service, they don't offer any of the non-email cloud services though.
gruez
Can proton even win here? The obvious solution would be "we don't take down unless there's a court order", but then you'd get exposé pieces saying how protonmail is a den for drug dealers/pedophiles/doxxers/cyber criminals.
autoexec
> The obvious solution would be "we don't take down unless there's a court order", but then you'd get exposé pieces saying how protonmail is a den for drug dealers/pedophiles/doxxers/cyber criminals
I think it'd be crazy to make a service worse because of worry over potential hit pieces that might whine about a perfectly reasonable policy. It isn't as if Proton Mail hasn't been accused of those things before anyway (along with accusations of being a honeypot and not private enough).
It's better to have integrity and fight for your users than to cave just to avoid click bait articles by people with irrational views.
a0123
No.
They currently do cooperate and they go get the odd bad press about this.
So doing what they actually claim to do would change nothing. Their current stance is just a cop out.
rvnx
It is very naive to believe that email providers and VPNs do not have to respect the laws.
If this would be the case they would not be approved by any payment providers at all.
On top of that, add the possibility that hosting companies and upstream network peers would shut them down.
Hizonner
And what specific law did you have in mind, exactly?
You do know what law required Proton to act as it did at each step in the story, right? You wouldn't just come up with random non-sequiturs, right?
dotnet00
Hmm going to wait and see how this plays out, maybe it's time to look at alternatives, assuming that my custom domain email isn't somehow locked to them.
BrandoElFollito
The silence of proton can only be interpreted to their disadvantage. This is not very smart and will make everyone doubt on them.
While I like the idea of a safe and uncompromising service, proton seems less so now.
bix6
The Reddit response from Proton: https://www.reddit.com/r/ProtonMail/comments/1nd1nrc/comment...
I’d like more details about the initial CERT contact if anyone knows anything
antonymoose
PSA: Proton deletes “unused” accounts after one year, and defines unused in some opaque sense where receiving but not sending emails is “unused” so I’m in a nasty position of my iCloud account being unrecoverable. Going to have to spend nontrivial time off boarding my account.
coppsilgold
> defines unused in some opaque sense where receiving but not sending emails is “unused”
"You are considered active if you log in and use our services once a year. Simply logging in to any Proton service on our web, desktop, or mobile apps at least once a year is enough."
antonymoose
I had the mobile app and login. That wasn’t enough. Reading emails was not enough.
dotnet00
I almost never use my protonmail to send emails, just reading, mostly on phone too. Has been fine so far.
nicce
Do they still use that old shady billing? You could get "credits" from coupon to upgrade your plan, and once it ends, it automatically subscribes and your account bill goes to negative. Unless you pay that, your account is locked. Happened to me some long time ago and haven't used Proton since.
NullPrefix
Is this for paid accounts too? If you prepay for 5 years and get lost at sea for 3 years, should you expect your proton to still work?
pagansRpedos
It's because the journalists were covering the professor-student rape scandal at UIUC Champaign that was covered up by Champaign and other governing bodies.
segmondy
When people show you themselves, believe them. Proton is no longer to be trusted. Use at your own risk.
daft_pink
You either die a hero, or you live long enough to see yourself become the villain.
luqtas
not all heroes wear capes, much less releases personal AI assistant to navigate your own data while the MAIL CLIENT AND CALENDAR APP is on beta on Linux for YEARS
sitzkrieg
proton always glowed but just straight up bending to unnamed agencies puts em rank and file with every single other provider
lo_zamoyski
Is refusal realistic? It's nice in the abstract, but in practice, there are plenty of ways to coerce illegitimate compliance.
I've been following this on X/Twitter and I think one of the most egregious things that's important to point out is that folks from Phrack reached out to Proton in private multiple times, and Proton ghosted them. Proton only engaged with them and then reinstated the accounts after Phrack went public and their X/Twitter post went viral.
It also looks like one of the writers filed an appeal with Proton and Proton denied the appeal, so they manually investigated the incident and refused to reinstate the account and then only did after this got attention on X/Twitter.
So make no mistake about it: Proton didn't just disable the accounts after whatever CERT complained, which would have been bad enough - they also didn't do anything about it until this started getting lots of eyes on social media.