This is feedback from Proton Mail Team I got about this matter:
"Thank you for reaching out and sharing your concern. We understand why this story is alarming, and we want to give you a clear picture of what actually happened.
First, Proton did not provide any information to the FBI. The data was obtained by the Swiss Federal Department of Justice through a Mutual Legal Assistance Treaty (MLAT) process. Proton operates exclusively under Swiss law and only responds to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is clearly stated in our TOS and Privacy Policy.
In this specific case, Swiss authorities determined that the legal bar was met because a law enforcement officer had been shot, and explosive devices were involved during an incident in 2024. Switzerland has one of the strictest privacy frameworks in the world, and legal assistance is only granted in cases involving serious criminal matters.
Importantly, the only information that could be disclosed was a payment identifier because the user chose to pay by credit card although Proton accepts gift cards, cryptocurrency and cash. No emails, no message content, and no communications metadata were handed over. This actually demonstrates how little data Proton holds by design, our end-to-end encryption means we cannot access email content even if ordered to.
We hope this provides some reassurance. Please don't hesitate to reach out if you have any further questions.
Let me get this straight: The FBI was monitoring a protestor’s bank account and spotted a Proton Mail purchase. They contacted the Swiss DOJ, requesting a subpoena based on the specific Order ID, date, and credit card digits of the bank account being monitored. The Swiss DOJ agreed, approached Proton Mail, and the company complied with the official legal request under Swiss law.
The real scandal here isn't Proton Mail's compliance. It is that the FBI is seemingly monitoring the financial transactions of millions of citizens' bank accounts.
This can happen with Mullvad too. If the FBI spots a Mullvad Purchase on anyone's bank account, they can go up to Mullvad with the Order ID, date, and credit card digits, and request Mullvad to redirect VPN traffic of that specific Order ID to the FBI's own monitoring servers.
Even if you only read the headline, you can work out the most likely story from logic. Someone else in this thread already said it: they're not gonna go to jail for you over a small subscription fee, of course they're complying with local laws and then the Swiss people handed it over to where they got the legal assistance request from. It's also not the first time Proton cooperated with a legal request from Swiss authorities, or Signal or other similar companies for that matter. The story tells itself no matter what part of it they decide to stick in the headline
Nothing of that email is new to me, and I didn't read the login-walled part which was like the third paragraph onward or something (I think it said it's free to read once you sign up, so not a paywall, but yeah either way)
I think 404 Media has an ethical obligation to provide Proton Mail’s response outside the article’s paywall. The word “Helped” in the headline is more sensational than stating that Proton “was required by Swiss law to provide...”
For readers who do not want to pay to read the article, the headline leaves incomplete context and creates a misleading impression of the story. That damages Proton’s reputation, and the missing context is only available if someone pays for the article, reaches out to Proton, or searches forums for substantive information.
"Thank you for reaching out and sharing your concern. We understand why this story is alarming, and we want to give you a clear picture of what actually happened.
First, Proton did not provide any information to the FBI. The data was obtained by the Swiss Federal Department of Justice through a Mutual Legal Assistance Treaty (MLAT) process. Proton operates exclusively under Swiss law and only responds to legally binding orders from Swiss authorities, after all Swiss legal checks have been passed. This is clearly stated in our TOS and Privacy Policy.
In this specific case, Swiss authorities determined that the legal bar was met because a law enforcement officer had been shot, and explosive devices were involved during an incident in 2024. Switzerland has one of the strictest privacy frameworks in the world, and legal assistance is only granted in cases involving serious criminal matters.
Importantly, the only information that could be disclosed was a payment identifier because the user chose to pay by credit card although Proton accepts gift cards, cryptocurrency and cash. No emails, no message content, and no communications metadata were handed over. This actually demonstrates how little data Proton holds by design, our end-to-end encryption means we cannot access email content even if ordered to.
We hope this provides some reassurance. Please don't hesitate to reach out if you have any further questions.
Best Regards, The Proton Mail Team"