No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.
In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.
Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.
Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.
Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.
The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach.
The important question is what is the ToS violation stated in the comment. Proton is on the right side, if the CERT actually provided evidence for the violation of ToS. Believing what the journalists said, one of the accounts that is still suspended was being used for disclosures.
All Proton had to say was “we have clear evidence from the complaint that there is violation of ToS”.
On the other hand if they acted solely on the words of a CERT, because it is under a Goverment, we have a very different issue at hand.
Important details from the Reddit comment:
Hi everyone,
No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.
In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.
Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.
Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.
Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.
The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach.
Their actions seem pretty reasonable given the context, then.
The important question is what is the ToS violation stated in the comment. Proton is on the right side, if the CERT actually provided evidence for the violation of ToS. Believing what the journalists said, one of the accounts that is still suspended was being used for disclosures.
All Proton had to say was “we have clear evidence from the complaint that there is violation of ToS”.
On the other hand if they acted solely on the words of a CERT, because it is under a Goverment, we have a very different issue at hand.
Maybe they should have fired Andy and not bailed on mastodon and post their update outside of the shithole that is Reddit.
I’m not sure I can trust Reddit, since it censors posts left and right nowadays.
I doubt the reactions were reasonable. Proton should fucking know better. They should fire their pro-Trump CEO!