Hi everyone,
No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.
In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.
Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.
Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.
Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.
The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach.
Thank you for your understanding,
The Proton Team
There’s some misinformation floating around that I think is worth a post to clarify.
Proton generally only suspends accounts if 1) forced to do so by a Swiss govt order 2) we are sure beyond a reasonable doubt the user breached Protons Terms of Service (ToS) or 3) we detect that the user has been compromised.
Contrary to what some people think, Proton generally only suspends a single service and not all services. For example, let’s say you decide to start sending spam in violation of Proton ToS, Proton Mail may be suspended, but Proton Pass will continue to work. There are of course exceptions to this (for example, if an attacker is hitting your account or has already gotten in, we’ll lock the whole thing down until you get in touch with us).
In general, account suspensions due to (1) and (2) are extremely rare, with (3) being slightly more common. (2) typically happens with newly created accounts with are used for spamming or registering large number of accounts at third party services (such as Instagram, etc). The odds of an account you have been using for a while suddenly being suspended is virtually zero, and even then, we have a 24/7 team you can contact to appeal.
For ToS violations, it is irrelevant who reports the violation to us, if the violation is verified beyond a reasonable doubt, Proton will suspend the account. Proton data is encrypted, but we use OSINT techniques, our datasets of dark web chatter, information shared with us by other tech companies, and various other methods to do verification.
From time to time, there are claims that Proton is suspending accounts improperly. Our policy is not to comment publicly on specific cases, but there is usually more to the story than meets the eye, and the anonymous posters on the internet generally don’t disclose the full story. Such claims should therefore not be taken as fact, as the facts themselves are usually wrong.
To give an illustrative example, recently it was claimed that Proton was blocking the account of journalists. However, these were not “journalists” in the traditional sense, but hacktivists who were involved in a number of hacking incidents, which is a violation of Proton’s ToS, and therefore subject to suspension of all accounts. In this case, I made the decision to exceptionally restore two accounts because hacktivism cases are not always black and white. However, Proton’s policy is that if you use some accounts for illegal purposes, you will also lose access to the accounts where you have not yet conducted illegal activities.
Proton has no choice but to enforce ToS, because if activities which are illegal under Swiss law, or other activities which are technically not illegal but damaging to Proton (such as sending spam) where not forbidden, Proton would unfortunately become blocked by other email providers, hurting legitimate users.
In enforcing our ToS, we show no favor or bias. It does not matter your ideology or which “side” you are on, Proton enforces the ToS uniformly.
Proton’s ToS can be found here: Terms of Service | Proton
Proton’s abuse appeal form can be found here: Abuse appeals form | Proton
Abuse and ToS violations can be reported here (all reports are treated confidentially): Report abuse form | Proton
Thank you for your understanding.
- (2nd one is) Andy Yen
I am throwing that since they responded here with much more clarity, I would normally close the thread after but I’ll leave it in case of objections among other things which I feel is more correct this way.