redpulpo

If you need port forwarding for qBittorrent + Arr + Gluetun, Mullvad isn’t an option anymore. They removed port forwarding in 2023.

That basically leaves Proton or AirVPN. Proton still supports port forwarding on P2P servers, while AirVPN is the more “power-user” option with persistent forwarded ports.

So if port forwarding matters for your setup, dropping Proton for Mullvad would actually break the functionality you’re using.

The reporting doesn’t say Proton “literally unmasked a user to the FBI.” What happened is that Proton was legally compelled by Swiss authorities to provide payment data they already had, and those authorities later shared it with the FBI through a legal assistance treaty.

The email content remained encrypted. What identified the user was the credit-card payment tied to the account, which is inherently traceable.

The uncomfortable reality is that people often deanonymize themselves: they create accounts without Tor, pay with identifiable cards, and link real-world data to the account. At that point the provider doesn’t need to “break” anything — the identifying information already exists.

That’s a misleading way to frame it. Proton doesn’t “unmask customers for the FBI.” They respond to legal requests through Swiss authorities, like any company operating under a jurisdiction.

And in the reported cases what was provided was account or payment metadata, not decrypted email content. If someone ties their real identity to an account through payments, no provider can magically make that anonymous.

A good comparison is Mullvad VPN. When Swedish police searched their offices in 2023, they left empty-handed because Mullvad doesn’t keep user identities and accounts aren’t tied to emails. If a user registers without identifiable payment, there simply isn’t much data to hand over.

The real issue isn’t “betrayal,” it’s what data exists in the first place.

You’re free to dislike Proton, but most of what you’re describing isn’t unique to them — it’s how any service operating under a legal jurisdiction works. If a company stores payment or account data, a court can compel it. That’s true for Proton, Tuta, Gmail, or anyone else.

Expecting a hosted email provider to somehow eliminate all legal exposure for users just isn’t realistic. If someone needs real anonymity, the solution was never a normal email service in the first place.

Criticizing marketing or leadership is fair. But blaming Proton for the basic limits of hosted services sounds more like anger at the system than a technical critique of the product.

I’m not pretending anything. You’re criticizing their marketing, I’m pointing out the technical reality behind the claims. Those are two different discussions.

Proton’s core claim has always been encrypted email content, not immunity from legal orders. No company operating in a country can ignore the law.

If your argument is that their marketing created unrealistic expectations, that’s a fair criticism. But calling it a “lie” and ignoring how the technology actually works doesn’t make the argument stronger.

They’re a paid service with a free tier — of course they promote upgrades. That’s literally how freemium products work.

But ads for a paid plan don’t suddenly mean the privacy model is fake. By that logic every privacy service with a free tier would be “untrustworthy.”

If you prefer Tuta, fine — but pretending Proton exists only to grab money is a pretty shallow take.

I read it just fine. What you’re doing is calling it a “lie” because you expected anonymity from a tool that advertises encrypted email. Those aren’t the same thing.

Anyone who actually understands the basics of privacy tools knows that. Your argument sounds more like frustration than a technical point.

I’m not shilling for Proton. I’m pointing out a basic distinction you keep ignoring: encryption protects message content, not identity.

Calling Proton’s encryption a “lie” just shows you’re arguing emotionally rather than technically. Anyone who actually understands the space knows encrypted email was never meant to guarantee anonymity.

You’re still confusing two completely different things: privacy and anonymity. Encryption protects the content of messages, not every piece of metadata around an account. Proton has always been clear about that.

In the 404 Media case, the identification came from payment information, not from Proton breaking encryption. If someone pays with a credit card, their identity is already tied to the account. That would happen with any provider under legal jurisdiction.

Honestly, the way you’re framing this suggests you don’t really understand how encryption, metadata, and OPSEC work. Encryption ≠ anonymity. Anyone who actually works in security knows that.

Proton didn’t “expose” the user by breaking encryption. According to the reporting, the identification came from payment information, which any company legally has to keep and can be compelled to provide under a court order. The email content remained encrypted.

This isn’t unique to Proton — any service operating under a legal jurisdiction is a potential middleman if it stores identifiable data. That’s exactly why anonymity requires Tor, anonymous payments, and strict OPSEC, not just encrypted email.

So the real lesson isn’t that encryption is fake; it’s that privacy tools don’t automatically give anonymity, and many people expect them to.

You’re mixing up privacy and anonymity. Encryption alone doesn’t make you anonymous — that’s true — but Proton never claimed it would. Their promise is that email content is end-to-end encrypted, which is why they can’t hand over the messages themselves.

In the case reported by 404 Media, the identification came from payment information, not from breaking encryption. If you pay with a credit card, your identity is already tied to the account. That would happen with any service under a legal jurisdiction.

The real takeaway isn’t that Proton is “garbage”, it’s that most people misunderstand what encryption actually protects.

Protón don’t promise anonymity If you use your credit card to pay protón services. Maybe he has to learn more about OPSEC. 🤷‍♂️