The not so private “privacy” Email service Protonmail


Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.

Proton Mail is run by Proton AG (formerly Proton Technologies), which is based in Plan-les-Ouates, Switzerland.  The company also operates Proton VPN, Proton Drive, Proton Calendar and Proton Pass. Proton Mail received initial funding through a crowdfunding campaign. Although the default account setup is free, the service is sustained by optional paid services. Initial membership was by invitation only; however, beginning in March 2016, Proton Mail was opened to the public. Acquiring more than 2 million users by 2017, membership grew to almost 70 million by 2022.


Proton Mail Discloses User Data Leading to Arrest in Spain

Proton Mail has come under scrutiny for its role in a legal request involving the Spanish authorities and a member of the Catalan independence organization, Democratic Tsunami.

The recent case involving the Spanish police this time, highlights privacy concerns and the limits of encrypted communication services under national security pretexts, and brings a long-debated subject to the forefront once again.

The core of the controversy stems from Proton Mail providing the Spanish police with the recovery email address associated with the Proton Mail account of an individual using the pseudonym ‘Xuxo Rondinaire.’ This individual is suspected of being a member of the Mossos d’Esquadra (Catalonia’s police force) and of using their internal knowledge to assist the Democratic Tsunami movement.

So not so private “privacy” email service, Protonmail. You are better off using GPG email encryption yourself and a good VPN. And don’t use a non-secure recovery email.