Privacy-focused email provider Proton Mail provided Swiss authorities with payment data that the FBI then used to determine who was allegedly behind an anonymous account affiliated with the Stop Cop City movement in Atlanta, according to a court record reviewed by 404 Media.
The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties. In this case, the Proton Mail account was affiliated with the Defend the Atlanta Forest (DTAF) group and Stop Cop City movement in Atlanta, which authorities were investigating for their connection to arson, vandalism and doxing. Broadly, members were protesting the building of a large police training center next to the Intrenchment Creek Park in Atlanta, and actions also included camping in the forest and lawsuits. Charges against more than 60 people have since been dropped.
Edward Shone, head of communications for Proton AG, the company behind Proton Mail, told 404 Media in an email: “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT. Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law.” Functionally, though, the material was provided to the FBI.
I mean, what else are you going to use? Not many E2E encrypted mail services out there. Even fewer, maybe none (proton included) that let you pay with something less traceable like Monero.
E2E encryption doesn’t mean jack if the company promises anonymity then hands over your payment details to a foreign police agency (FBI in America, proton in Switzerland)
Shouldn’t have to use VPN’s and crypto to hide your identity from the “privacy focused” company you’re paying to…grant anonymity. If that’s even actually possible.
I agree but, at its core, it's a matter of bad opsec.
Is there a country in the world without financial regulations requiring a business to save payment records?
If Proton is established in a country where the only thing their hands are tied on is payment records and the requirement to hand them over by law, what's the solution?
It sounds more like that's just not possible today, which is a fine injustice to be mad about, don't get me wrong, but isn't necessarily Proton's fault. They should absolutely be clear about it the way Mullvad is, however.
At the end of the day, the person using the account shouldn't assume they're safe just because the service is encrypted. That's bad opsec.
Mulvad VPN allows people to mail in banknotes/cash… pretty untraceable. But this doesn’t really work when you are paying for a specific, permanent ID like an email address.
Mullvad also accepts monero now, last I checked, but yes I'm just using them as an example of a privacy focused company that is very upfront about the limitations and risks of using your credit card to pay.
Visa gift cards are traceable to the location and time of purchase. You're then banking on the retailer not storing camera footage long enough to be caught.
You could wear a mask inside, but then the cameras outside follow you to your car.
When you think about how powerful the modern panopticon is when the govt really wants to find you, it's enough to give you a small panic attack.
You can setup an LLC somewhere and use it to channel the payments. Then you’d have a tripwire when/if the contact for that LLC is approached by interpol although they probably give up at the first shell company layer.
I don't know enough about corporate structure and liability to say that this would or wouldn't work, but I imagine that the FBI is a little more capable and dogged than "ah shucks, they registered an LLC. Pack it up, boys!"
Or they were at one point, anyway.
If that is enough, then yeah, Proton isn't concerned with the privacy of your identity, just the privacy of your mail contents.
Proton's CEO was sorta pro-Trump, on the basis of "we've tried talking to democrats and they were useless so at least someone's kicking the hornet's nest". Wasn't that of a great place to begin with, even if miles ahead of Gmail or Outlook.
Maybe you should read what actually went down first. From another sub on the same topic:
> Slightly misleading headline.
> Swiss law enforcement demanded the credit card info used to pay for the account. Proton complied with the demand after making sure it was a legal demand (in Switzerland), and their legal team basically told them they were required to comply.
> The credit card info led to the unmasking of the admin.
> The Swiss authorities then shared that info with the FBI.
> The key here is that Proton would not have shared the info with the FBI - and the FBI couldn't make them. But since they're a Swiss company, and have to follow Swiss law, they didn't have a choice in giving the info to Swiss law enforcement.
So if the FBI can get the Swiss government to do their legwork for them how is that any different from Proton just handing the data to the FBI? Seems like the FBI has a mechanism to unmask accounts now.
to be fair proton mail does not hide exactly what it is. It's on you that you didn't seem to realize that. People who are genuinely concerned about government overreach need to be extremely careful with their opsec. You can use a variety of free accounts for communication, but it's when you leave traceable info that' problematic.
>Keep your conversations private with Proton Mail, an encrypted email service based in Switzerland.
encrypted. not anonymous:
>Proton Mail: Standard email like Gmail or Outlook isn’t private. Proton Mail uses end-to-end encryption, meaning only you and your source can read it, even if it’s intercepted. Based in Switzerland, it offers strong legal protections and is safe from secret US warrants. If you need to communicate with a whistleblower who doesn’t use Proton Mail, you can send Password-protected Emails, which let you send end-to-end encrypted emails to external email services.
>Proton Mail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.
Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)
>Transparency with our user community is extremely important to us. Since 2015, we have published a transparency report publicizing how we handle Swiss law enforcement requests: https://proton.me/legal/transparency(new window)
>Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. More information can be found here.
>Update: In October 2021, Proton won a Swiss court ruling that email services are not telecommunications providers. Consequently, email services are not subject to the data retention requirements imposed on telecommunications providers and are exempted from handing over certain user data in response to Swiss legal orders. Learn more
>As detailed in our transparency report(link), our published threat model, and also our privacy policy(link, under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account.
If you want your email disconnected from your identity you have to put a little effort into it. Choosing a privacy-focused provider doesn’t magically make you anonymous.
First, let's correct the headline: Proton did not provide information to the FBI. What happened is that the FBI submitted a Mutual Legal Assistance Treaty (MLAT) request, which was processed by the Swiss Federal Department of Justice and Police. Proton operates exclusively under Swiss law, and we only respond to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is an important distinction.
Second, let's talk about what this case actually involved. This wasn't a routine investigation. Swiss authorities determined that the legal threshold was met because a law enforcement officer was shot, and explosive devices were found during a protest in 2024. Switzerland has one of the strongest legal frameworks for privacy in the world, and its standard for granting international legal assistance is exceptionally high. This case met that standard.
Third, let's talk about what was actually disclosed. No emails were handed over. No message content. No metadata about who the user communicated with. The only information Proton could provide was a payment identifier because the user chose to pay with a credit card. This is information the user themselves provided to us through their choice of payment method. Proton also accepts cryptocurrency and cash payments, which would not have been linkable to an identity.
If anything, this case demonstrates exactly what we've always said: Proton holds very little user data by design. Even under the most serious legal circumstances, the only data that could be produced was a payment record. Our encryption means we simply cannot access email content even if ordered to.
We understand that stories like this can be alarming, and we take our users' trust seriously. We will continue to fight for privacy and challenge any legal order we believe does not meet the strict requirements of Swiss law. But we also want to be transparent: no service can operate outside the law entirely, and Swiss law requires compliance with valid legal orders in serious criminal cases. What we can promise is that the legal bar in Switzerland is among the highest in the world, and our architecture ensures we have as little data as possible to hand over.
For users who want maximum anonymity: use Proton VPN or Tor, pay with cash or cryptocurrency, and don't add a recovery email.
[OP] 404mediaco | a day ago
Privacy-focused email provider Proton Mail provided Swiss authorities with payment data that the FBI then used to determine who was allegedly behind an anonymous account affiliated with the Stop Cop City movement in Atlanta, according to a court record reviewed by 404 Media.
The records provide insight into the sort of data that Proton Mail, which prides itself both on its end-to-end encryption and that it is only governed by Swiss privacy law, can and does provide to third parties. In this case, the Proton Mail account was affiliated with the Defend the Atlanta Forest (DTAF) group and Stop Cop City movement in Atlanta, which authorities were investigating for their connection to arson, vandalism and doxing. Broadly, members were protesting the building of a large police training center next to the Intrenchment Creek Park in Atlanta, and actions also included camping in the forest and lawsuits. Charges against more than 60 people have since been dropped.
Edward Shone, head of communications for Proton AG, the company behind Proton Mail, told 404 Media in an email: “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT. Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed. This is an important distinction because Proton operates exclusively under Swiss law.” Functionally, though, the material was provided to the FBI.
Read more: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/
automatic_bazooti | a day ago
Friendly reminder that GSP and DCPD shot one of their own and used it as an excuse to shoot an unarmed protester camped out on site over 20 times.
https://en.wikipedia.org/wiki/Killing_of_Tortuguita
Fuck Cop City, RIP Tort🐢
slow70 | a day ago
^ people forgot about that murder too quickly
Police lied about it all and I have no idea what ever came of it if anything…
Dismal-Anybody-1951 | a day ago
honest question:
they killed him 20 times?
Wicked_Sketchy | 15 hours ago
Try to read the comment again. Does it say "killed 20 times" or "shot 20 times"? This is a hard one but do your best.
Dismal-Anybody-1951 | 15 hours ago
they edited it.
Wicked_Sketchy | 15 hours ago
Fair enough, sorry about the bitchy comment
turb0_encapsulator | a day ago
wow. I guess I'll cross Proton off the list.
driver_dan_party_van | a day ago
I mean, what else are you going to use? Not many E2E encrypted mail services out there. Even fewer, maybe none (proton included) that let you pay with something less traceable like Monero.
casual_brackets | a day ago
E2E encryption doesn’t mean jack if the company promises anonymity then hands over your payment details to a foreign police agency (FBI in America, proton in Switzerland)
Shouldn’t have to use VPN’s and crypto to hide your identity from the “privacy focused” company you’re paying to…grant anonymity. If that’s even actually possible.
driver_dan_party_van | a day ago
I agree but, at its core, it's a matter of bad opsec.
Is there a country in the world without financial regulations requiring a business to save payment records?
If Proton is established in a country where the only thing their hands are tied on is payment records and the requirement to hand them over by law, what's the solution?
It sounds more like that's just not possible today, which is a fine injustice to be mad about, don't get me wrong, but isn't necessarily Proton's fault. They should absolutely be clear about it the way Mullvad is, however.
At the end of the day, the person using the account shouldn't assume they're safe just because the service is encrypted. That's bad opsec.
oldirishfart | a day ago
Mulvad VPN allows people to mail in banknotes/cash… pretty untraceable. But this doesn’t really work when you are paying for a specific, permanent ID like an email address.
driver_dan_party_van | a day ago
Mullvad also accepts monero now, last I checked, but yes I'm just using them as an example of a privacy focused company that is very upfront about the limitations and risks of using your credit card to pay.
A_Mobiuss_Trip | a day ago
Genuinely curious: why not buy a gift card with cash & use that to pay?
driver_dan_party_van | a day ago
Visa gift cards are traceable to the location and time of purchase. You're then banking on the retailer not storing camera footage long enough to be caught.
You could wear a mask inside, but then the cameras outside follow you to your car.
When you think about how powerful the modern panopticon is when the govt really wants to find you, it's enough to give you a small panic attack.
Only_Razzmatazz_4498 | a day ago
You can setup an LLC somewhere and use it to channel the payments. Then you’d have a tripwire when/if the contact for that LLC is approached by interpol although they probably give up at the first shell company layer.
driver_dan_party_van | a day ago
I don't know enough about corporate structure and liability to say that this would or wouldn't work, but I imagine that the FBI is a little more capable and dogged than "ah shucks, they registered an LLC. Pack it up, boys!"
Or they were at one point, anyway.
If that is enough, then yeah, Proton isn't concerned with the privacy of your identity, just the privacy of your mail contents.
TheGreatOni1200 | a day ago
You have to set up in a 3rd world country. You may even have to bribe some people too.
EDIT: you may have luck in Chile. They're sorta communist and don'r have many dealings with the US.
iamthe0ther0ne | a day ago
I have the free version that I always access over a VPN. Can they still identify the account holder info that way?
skullcutter | a day ago
Tuta
driver_dan_party_van | a day ago
Good to know
commitme | a day ago
I looked into it and you can pay with gift cards bought with Monero. Also, you can pay for Proton with cash.
MairusuPawa | a day ago
Proton's CEO was sorta pro-Trump, on the basis of "we've tried talking to democrats and they were useless so at least someone's kicking the hornet's nest". Wasn't that of a great place to begin with, even if miles ahead of Gmail or Outlook.
turb0_encapsulator | a day ago
so a typical idiot tech bro. great.
Darksirius | a day ago
Maybe you should read what actually went down first. From another sub on the same topic:
> Slightly misleading headline.
> Swiss law enforcement demanded the credit card info used to pay for the account. Proton complied with the demand after making sure it was a legal demand (in Switzerland), and their legal team basically told them they were required to comply.
> The credit card info led to the unmasking of the admin.
> The Swiss authorities then shared that info with the FBI.
> The key here is that Proton would not have shared the info with the FBI - and the FBI couldn't make them. But since they're a Swiss company, and have to follow Swiss law, they didn't have a choice in giving the info to Swiss law enforcement.
BearDick | a day ago
So if the FBI can get the Swiss government to do their legwork for them how is that any different from Proton just handing the data to the FBI? Seems like the FBI has a mechanism to unmask accounts now.
FreakishlyNarrow | a day ago
>...Swiss law enforcement demanded the credit card info used to pay for the account. Proton complied with the demand...
Not really misleading at all.
cubic_thought | a day ago
Seems the lesson is "don't pay for an account by credit card"
stevesy17 | a day ago
Assuming that the headline says that proton "gave the info to the FBI" or "helped the FBI", then it's definitely misleading
radarthreat | a day ago
So don’t do business with Swiss companies, got it
Khatib | 23 hours ago
Unless you're rich nazis, then they'll keep your stolen wealth nice and secure for you.
roraima_is_very_tall | a day ago
to be fair proton mail does not hide exactly what it is. It's on you that you didn't seem to realize that. People who are genuinely concerned about government overreach need to be extremely careful with their opsec. You can use a variety of free accounts for communication, but it's when you leave traceable info that' problematic.
>Keep your conversations private with Proton Mail, an encrypted email service based in Switzerland.
encrypted. not anonymous:
>Proton Mail: Standard email like Gmail or Outlook isn’t private. Proton Mail uses end-to-end encryption, meaning only you and your source can read it, even if it’s intercepted. Based in Switzerland, it offers strong legal protections and is safe from secret US warrants. If you need to communicate with a whistleblower who doesn’t use Proton Mail, you can send Password-protected Emails, which let you send end-to-end encrypted emails to external email services.
https://proton.me/blog/whistleblower-communication
And
there's a ton of important informaton here:
>Proton Mail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities. Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)
>Transparency with our user community is extremely important to us. Since 2015, we have published a transparency report publicizing how we handle Swiss law enforcement requests: https://proton.me/legal/transparency(new window)
>Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. More information can be found here.
>Update: In October 2021, Proton won a Swiss court ruling that email services are not telecommunications providers. Consequently, email services are not subject to the data retention requirements imposed on telecommunications providers and are exempted from handing over certain user data in response to Swiss legal orders. Learn more
>As detailed in our transparency report(link), our published threat model, and also our privacy policy(link, under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account.
https://proton.me/blog/climate-activist-arrest
also:
https://en.wikipedia.org/wiki/Proton_Mail#Controversies
Nanocephalic | a day ago
Not that simple.
Everyone operates somewhere, and that means they have a legal framework they must operate under.
turb0_encapsulator | a day ago
we need an E2E encrypted mail company that operates out of country that won't share data with the US.
RooHound | a day ago
If you want your email disconnected from your identity you have to put a little effort into it. Choosing a privacy-focused provider doesn’t magically make you anonymous.
Tredecian | a day ago
shame, I was thinking about using proton.
Proton_Team | 17 hours ago
First, let's correct the headline: Proton did not provide information to the FBI. What happened is that the FBI submitted a Mutual Legal Assistance Treaty (MLAT) request, which was processed by the Swiss Federal Department of Justice and Police. Proton operates exclusively under Swiss law, and we only respond to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is an important distinction.
Second, let's talk about what this case actually involved. This wasn't a routine investigation. Swiss authorities determined that the legal threshold was met because a law enforcement officer was shot, and explosive devices were found during a protest in 2024. Switzerland has one of the strongest legal frameworks for privacy in the world, and its standard for granting international legal assistance is exceptionally high. This case met that standard.
Third, let's talk about what was actually disclosed. No emails were handed over. No message content. No metadata about who the user communicated with. The only information Proton could provide was a payment identifier because the user chose to pay with a credit card. This is information the user themselves provided to us through their choice of payment method. Proton also accepts cryptocurrency and cash payments, which would not have been linkable to an identity.
If anything, this case demonstrates exactly what we've always said: Proton holds very little user data by design. Even under the most serious legal circumstances, the only data that could be produced was a payment record. Our encryption means we simply cannot access email content even if ordered to.
We understand that stories like this can be alarming, and we take our users' trust seriously. We will continue to fight for privacy and challenge any legal order we believe does not meet the strict requirements of Swiss law. But we also want to be transparent: no service can operate outside the law entirely, and Swiss law requires compliance with valid legal orders in serious criminal cases. What we can promise is that the legal bar in Switzerland is among the highest in the world, and our architecture ensures we have as little data as possible to hand over.
For users who want maximum anonymity: use Proton VPN or Tor, pay with cash or cryptocurrency, and don't add a recovery email.
LlamasNeverLie | 14 hours ago
AI
Proton_Team | 14 hours ago
No, AI was not involved?
LlamasNeverLie | 14 hours ago
Don’t fib, you used Claude.
Popular_Radish_3006 | a day ago
reminds me of the wikileaks controversies
Hexatona | a day ago
Well, that's not going be great for Proton's bottom line
OnePay7238 | a day ago
that third sentence took a turn
Sea_Quiet_9612 | 7 hours ago
Fuck Proton il faut trouver d'autres alternatives