The reporting doesn’t say Proton “literally unmasked a user to the FBI.” What happened is that Proton was legally compelled by Swiss authorities to provide payment data they already had, and those authorities later shared it with the FBI through a legal assistance treaty.
The email content remained encrypted. What identified the user was the credit-card payment tied to the account, which is inherently traceable.
The uncomfortable reality is that people often deanonymize themselves: they create accounts without Tor, pay with identifiable cards, and link real-world data to the account. At that point the provider doesn’t need to “break” anything — the identifying information already exists.
Slice it how you dice it, Proton aided in the process, and they gave out information that the FBI would have reasonably not have had at that point, or else they’d have acted upon it. Slice it how you dice it, Proton unmasked a customer to the FBI.
You can repeat that framing, but it’s still inaccurate. Proton didn’t “unmask a user for the FBI.” They complied with a legal order from Swiss authorities for data they already had, and that information was later shared through legal channels.
What identified the user was their own payment data tied to the account. If you pay with a credit card and create the account without anonymity tools, your identity is already linked — no provider has to “break” anything.
That’s the uncomfortable reality: people often de-anonymize themselves by using identifiable payments and normal connections instead of Tor and anonymous methods when creating the account.
The reporting doesn’t say Proton “literally unmasked a user to the FBI.” What happened is that Proton was legally compelled by Swiss authorities to provide payment data they already had, and those authorities later shared it with the FBI through a legal assistance treaty.
The email content remained encrypted. What identified the user was the credit-card payment tied to the account, which is inherently traceable.
The uncomfortable reality is that people often deanonymize themselves: they create accounts without Tor, pay with identifiable cards, and link real-world data to the account. At that point the provider doesn’t need to “break” anything — the identifying information already exists.
Slice it how you dice it, Proton aided in the process, and they gave out information that the FBI would have reasonably not have had at that point, or else they’d have acted upon it. Slice it how you dice it, Proton unmasked a customer to the FBI.
You can repeat that framing, but it’s still inaccurate. Proton didn’t “unmask a user for the FBI.” They complied with a legal order from Swiss authorities for data they already had, and that information was later shared through legal channels.
What identified the user was their own payment data tied to the account. If you pay with a credit card and create the account without anonymity tools, your identity is already linked — no provider has to “break” anything.
That’s the uncomfortable reality: people often de-anonymize themselves by using identifiable payments and normal connections instead of Tor and anonymous methods when creating the account.