I used Proton at one point, but I realized that email is inherently insecure and any cloud storage can be E2EE if you encrypt the files yourself before uploading (which you should)
It's nice to see that they're giving the finger to the Swiss government but ultimately it doesn't matter as many jurisdictions are mandating the same things.
> but I realized that email is inherently insecure
I've always seen Proton benefits as a moot point because it's not E2E to the other side. You can encrypt all you want but as soon as you actually communicate with anyone (this is the email after all) you are now give all your messages to a third party often times without any encryption at all.
I do at least appreciate that emails from one Proton account to another Proton account are secured by default. It has made it much easier for me on the few occasions I've needed to send someone something securely but haven't wanted to walk them through setting up PGP. "Create a free Proton account" is a much easier process.
client encryption is about keeping the MITM out of your fibre.
if you are scared of spooks using metadata, that can be managed with some warwalking around cafes/campus, a wifi extender, a burner phone tether, and action in discretion.
at that point WTF your doing had better be a noble cause, not a malediction.
They leave for Germany, of all places. Germany is one of the European states with most arrests for posting entries on social media. I guess they will pack their stuff and move on in 1-2 years from now.
Germany has a big alt-rising in the form of AFD, and consequently, they do track social media heavily. There is also a non-insignificant fundamentalist Muslim population.
For things like troll posts or just general hate speech, most of the time the police visit your house and ask you questions and give you a stern warning. And remember, police in EU isn't like police in US - when you get visited by police in EU, you aren't afraid that you are going to get shot up or thrown on the ground and tazed if you did nothing wrong.
In extreme cases where you are calling for things like beheading, yea they def arrest for that.
Source: close friend that lives in Germanty works for a company that does business with German government. I don't know first hand but he is pretty aware of the policics in EU and I have no reason to believe he would be exaggerating.
On anther note, Germany policing is quite progressive actually. For example, if you run, you don't get a charge for evading/eluding - its actually legal to run from police because "desire for freedom is a human right".
It seems reasonable to be concerned about a government that wants the power to reveal Internet users, but I couldn’t say on what basis Proton expects legal protection to continue after the move.
Neither of your links mention arrests, one specifically says "None of the suspects were detained". They don't seem to back up the original claim about Germany arresting the most people based on social media posts.
"(proton fraud detectors) are looking for certain patterns in use. And they collect clues on the dark web. For example, if you find Proton mail addresses in criminal Internet forums, the accounts behind them will be blocked."[1]
I've never participated on a "dark web" or .onion forum but I could imagine doing so for a variety of reasons ... are there not very interesting discussions occurring there ?
I would be classified as a criminal for being part of that discussion ?
Should I be retroactively classified as such for my discussions on cypherpunks in the nineties ?
> Wir haben angefangen, unsere gesamte Infrastruktur zu kopieren. Unsere Daten befinden sich nun auf Servern sowohl in der Schweiz wie auch in Deutschland und Norwegen. Wenn nötig, können wir die Systeme in der Schweiz innerhalb von kurzer Zeit herunterfahren. Ich hoffte immer, solche Schritte nie einleiten zu müssen. Aber das Umfeld in der Schweiz ist für uns zurzeit zu unsicher. Wir hatten keine andere Wahl, als unseren Wegzug zu planen.
They started to copy the infrastructure, and the data is currently in Switzerland, Germany, and Norway. They can technically shut down the systems in Switzerland on short time. He (Andy Yen, CEO) always hoped they'd never need to take such steps, but the environment in Switzerland is too insecure for them at the moment. So they had no other choice but to plan their way out.
Are they planning to payback all the Geneva cantonal and CERN money they took?
I seem to recall that one of their original selling points was that they were based in Switzerland which does not have data sharing agreements with the US under the Patriot act, unlike the EU.
Cynical view - they prefer to IPO in another market than Swiss, the real reason for the move.
You can publicly list in exchanges despite not being domiciled in the exchange's host country.
For example, Chinese and EU domiciled companies IPOing on the London Stock Exchange (LSE) due to a mix of easier access to liquidity and simplified rules and regulations.
I always believed stuff like Proton and Tutanota to pander to individuals who cared about privacy but who fell ultimately to their shiny marketing campaigns.
Anyway most people would be better served when disavowing any notion that email is secure or that VPN services operated by companies (as opposed to ones you control) are good for anything other than bypassing region locks.
Why are all European countries interested in surveillance all of a sudden in the last 3-4 years? WW3 preparations, just in case? They realized they are harboring a lot of foreign agents? Good ol’ power grab under false pretenses (ala patriot act)? Or all of the above? I hoped Switzerland would never do this, being the “perfect” country they think they are and are so proud(smug?) of being; alas here we are.
I'm not European, but it's probably a mix of intelligence services advocating for it and government regulation as a solution to everything. If you believe that every problem can be solved by a regulator, then the logical endgame is the regulator needing a window into every aspect of your life so they can make sure you're not violating regulations.
The Patriot Act isn't on equal footing as these Chat Control-esque laws we're seeing. The US government spies on people, sure, but they're not mandating encryption backdoors or trying to outlaw VPNs.
Snowden revealed PRISM meant the US government just had straight access to servers of major providers, so they didn’t need any of this. I would be shocked if the NSA hadn’t stepped up its data collection efforts in the last decade in secret.
> Snowden revealed PRISM meant the US government just had straight access
People read this and think that US government had unhindered access to all data in major providers.
According to Edward Snowden, PRISM allowed the government to compel internet companies to turn over any data that matched specific court-approved search terms. such as email addresses, all under Section 702 of the FISA Amendments Act of 2008.
At least some parts of it were likely unconstitutional as it could target U.S. persons, but it was not free for all as "straight access" indicates. It was straight access after FISA court approval.
NSA runs much more invasive MUSCULAR program in the UK without FISA or other type warrant.
My understanding is that https://en.wikipedia.org/wiki/FIPS_140-2 required Dual-EC DRBG to be implemented in any crypto system used by government, including such protocols as SSL/TLS, these algorithms are typically also adopted by industry, and NSA went further by paying RSA and perhaps others to make it the default in their security products.
Surveillance isn’t bad per se. It’s when everything is so hush hush (which surveillance is by definition) and you lose sight of who has access to what, we humans start to get silly ideas. We’re imperfect and corruptible. Only in this case, it’s so hard to catch any illegal corrupt activities taking place.
So in my opinion, it’s a band-aid to more deep seated problems that more often than not creates new problems. I don’t know enough about how EU intends to do. I guess even eventual mandatory declassification (like a reasonable 5 yrs delay) would deter bad actors/politicians that aren’t well meaning from misusing it.
Fair, the US government is not a saint in this respect. I will say that a three letter agency getting upset and requesting a backdoor does seem different than a legislative (executive?) commission proposing laws to backdoor communications.
From a recent EFF post[0], it appears they've backed off the scanning and encryption demands so that's good, I guess. Hopefully that sticks and they don't propose something similar in the future.
Yes I believe what was revealed about 10-15 years ago about the "mass surveillance" conducted by the US and what is happening in Europe are totally different things.
The US conducts mass surveillance at a planetary scale, as an "Empire". It was implemented secretly by its 3 letter agencies with the help of various actors.
Europe is doing it in the open with laws and regulations and only targets the people in its territories. One simple reason they would have to do this way is they simply have no equivalent in capabilities to the NSA, CIA, etc. or big tech.
Certain countries like Greece use surveillance against political opponents. In this case, the PM himself oversaw the spying of the current opposition leader, journalists and others.
There's also lobbying from "security" companies who are pressuring governments to purchase and install their systems, but they require realtime spying of everyone.
Its not just Europe. america is too, it just seems less egregious because the American people are used to seeing the government contract out constitutional violations to private corporations which have incestuous links to the government.
With recent AI advancements, an orwellian hell is all but inevitable. If you (by which i mean the powers that be not you specifically) don't build it then some competing faction will and they'll be in control of it. Its the classic prisoner dilemma.
I feel like over time governments and government agencies naturally attract and retain people inclined towards overreach, especially if they live in a bubble where there are always good and valid reasons for said overreach. you need a branch of the government explicitly combatting this tendency for it not to happen.
Lots of politicians haven been pro-spying for quite a long time. Lots of people are quite indifferent about it.
The massive shift of communications to digital channels has put mountains of data right there for the grabs, which is extremely attractive for people who want access to all that data.
European States are vassals of America. They probably just reminded us poor helvetes that our neutrality and sovereignty was on paper only, and that if we opposed them, we would end up like Venezuela or Lybia.
I think it might be opportunism. Many western societies have struggled with post covid reintegration and the amount of social media kids are involved with. Not to mention rising nationalism and far right orgs. So it makes a solid catalyst to launch these mass surveillance programs in the name of protecting children and natives.
Governments are never perfect. They are always in a precarious position where they can turn quite harsh quite quickly. I can't speak to each EU nations politics but things have been turning towards the right for a while and they are finally in positions where they can make these demands and get them passed.
most of the laws voted against terrorism in europe were aimed at removing freedom and track people while they freely imported millions of people from the countries that they deemed dangerous without any background check, without even helping those people from totally different cultures to integrate within european society
>Why are all European countries interested in surveillance all of a sudden in the last 3-4 years?
Because they look at what happened US, at the rise of popularity of fascism throughout the world (which is mostly perpetuated by key media players under the mask of being "anti-woke"), and basically decide that the people can no longer be trusted.
And they are fully correct.
Ive said this before on here, but the whole idea of privacy from surveillance is not applicable anymore in todays world.
The standard line of arguing is that people should be able to speak the truth free from government knowing about it and trying to silence them. The problem with this
* Most of the "truth" that these people refer to has been literally false propaganda, or ability to say slurs on social media.
* Despite that fact, not a single public media person speaking these lies has been silenced in any way by the government, despite things like patriot act existing in US or equivalent things in EU. The only time people have been silenced in places like UK is when posting extremely out of pocket stuff.
Furthermore people also say that you don't want to give the government the power to do this now because a government that you may not like will want to do this. Well, to no one surprise, the people with this libertarian mindset (and the so called "centrists") overwhelmingly vote right wing, and consequently, right wing runs on a platform of freedom, but when those people get in power, they not only actively tries to silence actual truth and free speech, but also they just don't give a fuck about the law and do what they want anyways.
So as unfortunate as it is, its a much better outcome for the current state of administration in EU to take a more invasive role in policing the populace, because economic growth and stability over long term is worth way more than some idealistic approach based on above. Historically this has shown to be true over and over again, while the latter has shown to result in economic decline. So its wortwhile to sacrifice some personal rights in return for a better future - we already do this to a large extent so this is nothing new.
In terms of applicability to the regular person, please understand that the privacy ship for you has already long sailed. You already can be tracked and analyzed in extreme detail, by really any person or company that is willing to buy advertising data and do correlation. There are companies that literally do this and contract out to the government. Also, you aren't that important enough to care about.
> Why are all European countries interested in surveillance all of a sudden in the last 3-4 years?
Something I realized recently is how low the approval ratings of European leaders are:
- Macron and Starmer are about 18%
- Mertz is 25% (only 6 months in)
- Von Leyen is 23%
This is ridiculous.
We often perceive Trump as highly unpopular but he is cruising between 40 and 50%, that's double.
So those leaders, according to the numbers, are becoming illegitimate or the system is broken. So we are just waiting for a spark to put the house on fire.
Mass surveillance within your territory is really a weapon against your own population, it is not to catch spies (they are trained to evade them).
I've observed that one path to becoming ridiculously authoritarian is to be unpopular and about to be thrown out of office, so I think you've the nail on the head with this remark.
It’s too bad you can’t just choose your location with services like this.
I want very secure email that’s US located because some of the contents are US regulated, I’m not worried about the US hacking me and I doubt if they really wanted my information I could do anytyhing to keep it from them.
I’m sure there are people that would love Switzerland.
It's nice to see that they're giving the finger to the Swiss government but ultimately it doesn't matter as many jurisdictions are mandating the same things.
I've always seen Proton benefits as a moot point because it's not E2E to the other side. You can encrypt all you want but as soon as you actually communicate with anyone (this is the email after all) you are now give all your messages to a third party often times without any encryption at all.
Except the metadata I guess.
if you are scared of spooks using metadata, that can be managed with some warwalking around cafes/campus, a wifi extender, a burner phone tether, and action in discretion.
at that point WTF your doing had better be a noble cause, not a malediction.
For things like troll posts or just general hate speech, most of the time the police visit your house and ask you questions and give you a stern warning. And remember, police in EU isn't like police in US - when you get visited by police in EU, you aren't afraid that you are going to get shot up or thrown on the ground and tazed if you did nothing wrong. In extreme cases where you are calling for things like beheading, yea they def arrest for that.
Source: close friend that lives in Germanty works for a company that does business with German government. I don't know first hand but he is pretty aware of the policics in EU and I have no reason to believe he would be exaggerating.
On anther note, Germany policing is quite progressive actually. For example, if you run, you don't get a charge for evading/eluding - its actually legal to run from police because "desire for freedom is a human right".
We still have more dying in jail or during arrest per capita than any other country in Europe, but we're still orders of magnitude behind the US.
https://apnews.com/article/germany-women-misogyny-raids-inte...
https://www.yahoo.com/news/german-police-launch-nationwide-o...
It seems reasonable to be concerned about a government that wants the power to reveal Internet users, but I couldn’t say on what basis Proton expects legal protection to continue after the move.
They should be policing their social media heavily.
"(proton fraud detectors) are looking for certain patterns in use. And they collect clues on the dark web. For example, if you find Proton mail addresses in criminal Internet forums, the accounts behind them will be blocked."[1]
I've never participated on a "dark web" or .onion forum but I could imagine doing so for a variety of reasons ... are there not very interesting discussions occurring there ?
I would be classified as a criminal for being part of that discussion ?
Should I be retroactively classified as such for my discussions on cypherpunks in the nineties ?
[1] https://www.nzz.ch/technologie/proton-ceo-andy-yen-wer-geset...
They started to copy the infrastructure, and the data is currently in Switzerland, Germany, and Norway. They can technically shut down the systems in Switzerland on short time. He (Andy Yen, CEO) always hoped they'd never need to take such steps, but the environment in Switzerland is too insecure for them at the moment. So they had no other choice but to plan their way out.
(Also, HN is an English-language site, so articles here should be in English - https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que... - even though we have deep respect for the German language and other languages)
Swiss government look to undercut privacy tech stoking fear of mass surveillance - https://news.ycombinator.com/item?id=45223231 - Sept 2025 (3 comments)
Proton begins moving hardware out of Switzerland due to proposed legislation - https://news.ycombinator.com/item?id=44915796 - Aug 2025 (5 comments)
Proton Partially Exits Switzerland - https://news.ycombinator.com/item?id=44669496 - July 2025 (2 comments)
Lumo: Privacy-first AI assistant - https://news.ycombinator.com/item?id=44657556 - July 2025 (123 comments)
Proton threatens to quit Switzerland over new surveillance law - https://news.ycombinator.com/item?id=44014808 - May 2025 (228 comments)
Tell HN: Swiss surveillance monitoring nearly everything – impact on Proton etc? - https://news.ycombinator.com/item?id=38937352 - Jan 2024 (8 comments)
I seem to recall that one of their original selling points was that they were based in Switzerland which does not have data sharing agreements with the US under the Patriot act, unlike the EU.
Cynical view - they prefer to IPO in another market than Swiss, the real reason for the move.
You can publicly list in exchanges despite not being domiciled in the exchange's host country.
For example, Chinese and EU domiciled companies IPOing on the London Stock Exchange (LSE) due to a mix of easier access to liquidity and simplified rules and regulations.
Anyway most people would be better served when disavowing any notion that email is secure or that VPN services operated by companies (as opposed to ones you control) are good for anything other than bypassing region locks.
The Patriot Act isn't on equal footing as these Chat Control-esque laws we're seeing. The US government spies on people, sure, but they're not mandating encryption backdoors or trying to outlaw VPNs.
People read this and think that US government had unhindered access to all data in major providers.
According to Edward Snowden, PRISM allowed the government to compel internet companies to turn over any data that matched specific court-approved search terms. such as email addresses, all under Section 702 of the FISA Amendments Act of 2008.
At least some parts of it were likely unconstitutional as it could target U.S. persons, but it was not free for all as "straight access" indicates. It was straight access after FISA court approval.
NSA runs much more invasive MUSCULAR program in the UK without FISA or other type warrant.
https://en.wikipedia.org/wiki/Dual_EC_DRBG#Weakness:_a_poten...
This came after previous attempts such as https://en.wikipedia.org/wiki/Clipper_chip
So in my opinion, it’s a band-aid to more deep seated problems that more often than not creates new problems. I don’t know enough about how EU intends to do. I guess even eventual mandatory declassification (like a reasonable 5 yrs delay) would deter bad actors/politicians that aren’t well meaning from misusing it.
It's certainly not compatible with privacy.
From a recent EFF post[0], it appears they've backed off the scanning and encryption demands so that's good, I guess. Hopefully that sticks and they don't propose something similar in the future.
0: https://www.eff.org/deeplinks/2025/12/after-years-controvers...
The US conducts mass surveillance at a planetary scale, as an "Empire". It was implemented secretly by its 3 letter agencies with the help of various actors.
Europe is doing it in the open with laws and regulations and only targets the people in its territories. One simple reason they would have to do this way is they simply have no equivalent in capabilities to the NSA, CIA, etc. or big tech.
There's also lobbying from "security" companies who are pressuring governments to purchase and install their systems, but they require realtime spying of everyone.
With recent AI advancements, an orwellian hell is all but inevitable. If you (by which i mean the powers that be not you specifically) don't build it then some competing faction will and they'll be in control of it. Its the classic prisoner dilemma.
It’s a win-win for the politicians and the pensioners that vote them, that believe any nonsense about children safety.
That has been going on for decades, actually. What has changed is that people are looking at it.
The massive shift of communications to digital channels has put mountains of data right there for the grabs, which is extremely attractive for people who want access to all that data.
German here, look how fucking often our politicians tried to push stuff like the Vorratsdatenspeicherung.
Governments are never perfect. They are always in a precarious position where they can turn quite harsh quite quickly. I can't speak to each EU nations politics but things have been turning towards the right for a while and they are finally in positions where they can make these demands and get them passed.
- So called "Far left" and "Far right" MEPs were declared "Opposed"
- The "Center" MEPs were "Unknown", what means "Support" I guess.
I believe we have been programmed not to notice how radical the "center" is...
- [0] https://fightchatcontrol.eu
Because they look at what happened US, at the rise of popularity of fascism throughout the world (which is mostly perpetuated by key media players under the mask of being "anti-woke"), and basically decide that the people can no longer be trusted.
And they are fully correct.
Ive said this before on here, but the whole idea of privacy from surveillance is not applicable anymore in todays world.
The standard line of arguing is that people should be able to speak the truth free from government knowing about it and trying to silence them. The problem with this
* Most of the "truth" that these people refer to has been literally false propaganda, or ability to say slurs on social media.
* Despite that fact, not a single public media person speaking these lies has been silenced in any way by the government, despite things like patriot act existing in US or equivalent things in EU. The only time people have been silenced in places like UK is when posting extremely out of pocket stuff.
Furthermore people also say that you don't want to give the government the power to do this now because a government that you may not like will want to do this. Well, to no one surprise, the people with this libertarian mindset (and the so called "centrists") overwhelmingly vote right wing, and consequently, right wing runs on a platform of freedom, but when those people get in power, they not only actively tries to silence actual truth and free speech, but also they just don't give a fuck about the law and do what they want anyways.
So as unfortunate as it is, its a much better outcome for the current state of administration in EU to take a more invasive role in policing the populace, because economic growth and stability over long term is worth way more than some idealistic approach based on above. Historically this has shown to be true over and over again, while the latter has shown to result in economic decline. So its wortwhile to sacrifice some personal rights in return for a better future - we already do this to a large extent so this is nothing new.
In terms of applicability to the regular person, please understand that the privacy ship for you has already long sailed. You already can be tracked and analyzed in extreme detail, by really any person or company that is willing to buy advertising data and do correlation. There are companies that literally do this and contract out to the government. Also, you aren't that important enough to care about.
Something I realized recently is how low the approval ratings of European leaders are:
- Macron and Starmer are about 18%
- Mertz is 25% (only 6 months in)
- Von Leyen is 23%
This is ridiculous.
We often perceive Trump as highly unpopular but he is cruising between 40 and 50%, that's double.
So those leaders, according to the numbers, are becoming illegitimate or the system is broken. So we are just waiting for a spark to put the house on fire.
Mass surveillance within your territory is really a weapon against your own population, it is not to catch spies (they are trained to evade them).
I didn't know the approval ratings were this low.
https://www-nzz-ch.translate.goog/technologie/proton-ceo-and...
I want very secure email that’s US located because some of the contents are US regulated, I’m not worried about the US hacking me and I doubt if they really wanted my information I could do anytyhing to keep it from them.
I’m sure there are people that would love Switzerland.
To each their own.