If a government says "Give us everything you have on this user", and Proton gives them a sheet of paper that says "Here's the primary email for the account, we don't have access to anything else", the order is legally complied with.

Granted, I don't know much of how Swiss legal processes work, but I do know Switzerland has the best privacy laws when it comes to VPNs (which is why a lot of VPNs use Switzerland). Switzerland even has laws on their books that prevent them from compelling no-log VPNs based in Switzerland to log specific users.

I provided an instance of Proton giving the IP address and Device ID of a user after the French authorities requested it.

In their own policy:

> “In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities.”

So there's no question whether or not they do it, it's more of how often they do it and for what. The French case was a big deal because it didn't seem to meet the "extreme criminal case" threshold, and yet the logging was still carried out.

Feels to me after reading the article they earnestly try to do their best to offer privacy enhancing alternatives and push back often. What percent of these requests do Meta, Google or Microsoft fight? Ratios like that matter

Proton is extremely transparent and said:

If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation. This obligation however does not extend to ProtonVPN (see VPN privacy policy here). Additional details can be found in our transparency report.

> What percent of these requests do Meta, Google or Microsoft fight? Ratios like that matter

What others are doing doesn't matter, that's whataboutism. Yes there's many shittier services, and Proton is much better than them.

What matters is if you can trust Proton to be private, and the answer is... mostly.

Yes I like Proton and I use Proton as my daily email driver, because I don't expect privacy from governments, I just don't want Google tracking.

But a lot of people see the "no logs" thing and think that there's never any logs, which is not true, they add them on request, and they've done it based on foreign government requests, for questionable searches, as I've linked above.

If you want privacy in your hands, use Tor when accessing Proton and pay in crypto obviously.

Those are techniques needed for privacy because they can access that data and you can't trust them to safeguard any data they can access because they legally can't.

It's not their fault, it's just the system, but you must expect it.

Yeah, that's shitty, and it's no excuse, but I understand that, as a company, Proton will still have to comply with Swiss law, and if Swiss law requires IP Address monitoring in "extreme criminal cases" which I doubt Proton has the ability to decide whether it fits that or not.

I saw in the article that Proton also offers an onion address, which will make the IP Address monitoring useless anyway. So they, legally, have to do the monitoring, but provide a tool that makes their "monitoring" useless.