"While Switzerland is a good jurisdiction for privacy-conscious users, it’s certainly no guarantee for data security."
"This past week Forbes ran an article on a case where the FBI was able to get data on a U.S. ProtonMail user who was being investigated for harassment (but not charged with any crime)."
"In this case, Proton Technologies provided the FBI with the “recovery and associated email addresses” of the user, which lead to his discovery."
"To ProtonMail’s credit, the organization publishes a transparency report going back to 2017. In it, we find the following statistics detailing legal orders for user data."
"The increase in cases reflects the increase in our user base. As Proton has scaled, and now has 100m sign ups to our services, it’s not surprising that these figures have risen. However, these cases have come through the Swiss authorities (which is a good sense check of their validity) and have also been reviewed by Proton to ensure they are reasonable for us to respond to (hence why there are also cases that we have not complied with mentioned on the transparency report). Please note that in all cases email content, attachments, files etc are always encrypted and cannot be read," Proton spokesperson said.
"Is ProtonMail still secure and private? The answer to this question all boils down to determining your threat model and the adversaries you are trying to protect yourself against."
"In short, the answer is yes if you are looking for a secure, encrypted email service that does not have access to the contents of your inbox. After all, ProtonMail is far better than Gmail or Yahoo when it comes to privacy."
"If you are doing things to attract the attention of law enforcement, then the data you provide when you use ProtonMail, such as IP address and recovery email, may be shared with authorities if Proton Technologies is legally compelled to do so in Swiss court."