Proton Mail: Data Transferred to FBI Again!
Proton Mail: Data Transferred to FBI Again!
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
- Ubuntu 26.04 LTS (Resolute Raccoon): The Most Ambitious Ubuntu LTS in a Decade
- Proton Mail: Data Transferred to FBI Again!
- How Close Are Quantum Computers to Breaking RSA-2048?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Security & Privacy · Analysis
March 27, 2026
Proton Mail: Data Transferred to FBI Again!
Three documented cases. 10,368 legal orders complied with in a single year. A 94% rubber-stamp rate. The question is no longer whether Proton Mail shares user data — it’s what data it shares, and whether that was ever hidden in the fine print.
Proton Mail built its entire brand on a promise: that Swiss law, end-to-end encryption, and a strong no-logs ethos would keep its users invisible to the eyes of governments. For years that narrative held. Then, in 2021, it didn’t. And in 2024, it didn’t again. And in early 2026, court documents revealed a third case — this time involving an activist connected to the “Stop Cop City” movement in Atlanta, Georgia, identified through payment data Proton provided to the FBI via Swiss legal channels.
The backlash was familiar. So was Proton’s defense. But something about the accumulation of incidents — three cases, a ballooning compliance rate, and a context of law enforcement requests that have grown by a factor of 423 since 2017 — has pushed even longtime defenders of the service to ask harder questions about what “privacy” actually means in the context of a commercially operated email product subject to Swiss law.
The Third Incident: Atlanta, Payment Data, and the FBI
Investigative outlet 404 Media first reported the story based on court documents filed
in connection with a federal investigation into the Defend the Atlanta Forest (DTAF)
group. According to an FBI affidavit, on January 25, 2024, Swiss authorities provided
the bureau with subscriber information tied to the Proton Mail account
defendtheatlantaforest@protonmail.com via a Mutual Legal Assistance Treaty
(MLAT) request. That information was a bank card identifier — a single piece of
financial metadata — that was sufficient to match the account to a real name.
The FBI’s Domestic Terrorism squad used the identification to plan an airport detention. As of this writing, no charges have been filed against the identified individual. A Georgia judge threw out all RICO charges against 61 Stop Cop City defendants in December 2025. Proton, for its part, confirmed it acted in accordance with Swiss law, emphasised that email content was never accessible to anyone — including Proton itself — and noted that CEO Andy Yen was told a law enforcement officer had been shot and explosives were involved. The FBI affidavit, however, contains no mention of a shooting in connection with this specific investigation.
Email content stayed encrypted. A credit card number did not. The gap between those two facts is the entire story.
A Pattern, Not an Anomaly
The Atlanta case is the third publicly documented incident of Proton providing user-identifying information to law enforcement:
- 2021 — French climate activist. Europol compelled Proton to log and hand over the IP address of a French climate activist. The user had not enabled IP logging; Proton was court-ordered to begin doing so. The activist was subsequently arrested. Proton quietly removed a claim from its website that it “does not track IP addresses by default.”
- 2024 — Catalan independence activist. Proton provided a recovery email address to Spanish authorities, allowing investigators — together with data from Apple — to identify a member of the Democratic Tsunami movement advocating for Catalan independence.
- 2024–2026 — Stop Cop City activist. Payment metadata (a bank card identifier) provided through MLAT channels led FBI agents to identify the anonymous operator of DTAF’s primary email account.
In all three cases the users were activists, not convicted criminals. In all three cases the compromised data was metadata — IP addresses, recovery emails, payment records — not the content of any encrypted message. In all three cases Proton’s encryption performed exactly as advertised. And in all three cases, users were unmasked anyway.
The Numbers Behind the Headlines
Proton publishes annual transparency reports. The trend they reveal is uncomfortable for a service that markets itself on privacy:
Proton Mail — Legal Orders Received & Complied With (2017–2024)
| Year | Orders Received | Orders Complied | Compliance Rate |
|---|---|---|---|
| 2017 | 26 | — | — |
| 2019 | ~1,484 | — | — |
| 2021 | ~3,500 | — | ~78.8% |
| 2022 | ~5,957 | — | — |
| 2024 | 11,023 | 10,368 | 94.1% |
Source: Proton transparency reports; analysis via sambent.com. The contest rate fell from 21.2% in 2021 to 5.9% in 2024 as order volume nearly doubled. Total orders 2017–2025: 45,667. Complied: 40,389.
The 2021 spike in contested orders — when the French activist case was in the news — shows Proton can and does push back. Swiss attorney Martin Steiger, who tracks Proton’s reports, attributes part of the 2024 compliance surge to Switzerland switching to a flat-rate compensation model for law enforcement data requests at the start of that year. Less friction for police means more requests filed, and Proton appears to contest fewer of them.
What Proton Actually Protects — And What It Doesn’t
This distinction is not a technicality. It is the whole architecture.
✓ Strongly Protected
- Email message content (end-to-end encrypted)
- Subject lines (encrypted at rest)
- Attachments (encrypted)
- Contacts and calendar data (encrypted)
✗ Legally Accessible Metadata
- Payment information (credit/debit card identifiers)
- IP address (if court-ordered to log)
- Recovery email address
- Account creation date & activity timestamps
- Email addresses of correspondents (metadata)
Proton Mail cannot read your emails. This is not marketing copy — it is a technical reality enforced by the encryption architecture. But Proton does process payment information if you pay by credit card, and under a valid Swiss court order, that payment record becomes a liability. The same applies to a recovery email address you enter voluntarily, and to IP logs that Swiss courts can order Proton to collect prospectively — meaning they don’t need historical logs; they can compel Proton to start logging you from the moment the order is issued.
How Proton Compares to Its Peers
Critics of the recent discourse point out that comparisons are instructive. Proton VPN — the company’s own VPN product — denied 100% of all legal orders every single year from 2020 through 2025. The reason is structural, not ideological: Proton VPN maintains no logs that could be handed over. The architecture makes compliance impossible. Proton Mail’s architecture does not.
German-based Tuta Mail (formerly Tutanota), a direct competitor also offering end-to-end encrypted email, complied with approximately 25% of legal requests in the second half of 2025 — rejecting three out of four. Tuta fights requests by arguing it qualifies as a telecommunications service under European law — a classification the EU Court of Justice ultimately ruled against, but which Tuta continues to contest aggressively as a legal strategy.
The Operational Security Reality
Security researchers have emphasised for years that no encrypted service can offer absolute anonymity. The lesson from all three Proton incidents is not that encryption is broken — it is that identity leaks through the seams around encryption: how you pay, what recovery information you attach, whether you use a VPN or Tor, and which jurisdiction’s laws govern the service you use.
Proton itself accepts cryptocurrency and cash payments. Had the Stop Cop City activist used Monero — Proton added limited support for it in September 2025 via a third-party processor — there would have been no payment identifier to subpoena. A credit card created the link that encryption could not sever.
The Verdict
Proton Mail is not broken. Its encryption has not been compromised. For the vast majority of users — people protecting communications from corporate surveillance, data-mining advertisers, or casual intrusion — it remains a sound choice.
For users with an adversary capable of obtaining Swiss court orders — journalists in sensitive investigations, political activists, whistleblowers — the answer is more nuanced. Proton is a privacy-focused service operating within the constraints of law. It is not, and has never honestly claimed to be, outside the law.
The real question is not whether Proton “lied.” Its privacy policy, if read carefully, always disclosed that Swiss legal orders could compel compliance. The question is whether the gap between a tagline promising privacy and a footnote reserving legal compliance has been wide enough — and deliberately vague enough — to mislead the people who most needed to understand it. On that question, the record speaks for itself.
Sources & Further Reading
- 404 Media — “Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester”
- Proton AG — Information for Law Enforcement (official policy)
- Sam Bent — “Proton Helped the FBI Unmask a Protester. Then Said They Didn’t.”
- CyberInsider — Proton Mail Payment Data & the Stop Cop City Case
- WebProNews — “The Encryption Paradox: Proton Mail’s Quiet Cooperation With Police”
- PrivacyRadar — Analysis of the MLAT process and payment metadata trail
- AnonHaven — “Proton Mail Payment Data Helped FBI Identify Stop Cop City Account Holder”
- Gigazine — Proton Mail, Swiss Authorities, and the FBI (English edition, March 2026)
