Some thoughts on Proton
Another tech CEO bending the knee?
Proton (formerly Proton Mail) has recently received some attention for its CEO, Andy Yen, praising Trump's nomination of Gail Slater as Assistant Attorney General for the Antirust Division at the Department of Justice. This comes at the same time that many tech CEOs have been getting very close with Trump. In his Tweet, Yen points out how "the current antitrust actions against Big Tech were started under the first Trump admin." While true, I find it difficult to believe that Trump will actually pursue antitrust enforcement when he seems more interested in their donations to his inauguration fund or multi-million dollar settlements.
Conversation around this Tweet made its way over to Reddit, where Yen responded using the official Proton_Team account, and posted a standalone post addressing things. He talks about specific incidents and policies that led him to his current stance, and also elaborates on Proton's position as a Swiss nonprofit and how that prohibits them from "assisting foreign governments or agencies," and how they have been neutral when asked to deplatform both Palestinian and Zionist student groups. He acknowledges that the Tweet "was not intended to be a political statement" but that he "can understand how it can be interpreted as such, and it therefore should not have been made." Perhaps this misjudgment can simply be explained by Yen not being an American, and not being familiar with the political climate (although being that unfamiliar while also keeping track of specific nominations such as Slater strikes me as unlikely). He said that he will avoid making similar statements moving forward, but that he "will not prohibit all employees from expressing personal political opinions publicly." While the situations differ in many ways, I think this is a much better approach than how Basecamp (now 37 Signals) responded to internal concerns by banning "societal and political discussions" in 2021. Yen bears more responsibility for the company's image than other employees, and practicing restraint personally is a much better approach than trying to ban discussions and pretending nothing is happening.
That said, I wish they approached this situation differently. The initial post occurred on Yen's X/Twitter account, but all subsequent discussion (other than Yen replying in the initial Twitter thread) has occurred using official Proton accounts. Outside of the follow up post on Reddit (where posts are able to stay prominently visible on the subreddit for longer than posts or replies elsewhere), none of this discussion has actually been a standalone post, only in replies. They have not acknowledged this at all on their official blog, and did not respond to me when I replied to a Bluesky post of theirs asking them to post one. They clearly know that this has damaged people's trust, and I am disappointed that they seem to be choosing to respond as quietly as possible when this is brought up rather than loudly and officially responding to the situation. If this is simply Yen's thoughts and responses, they should come from him. If this is official policy, it should be communicated as such even if it means more people become aware of the situation. Building trust takes work, and sweeping things under the rug doesn't help.
Crypto and AI, oh my!
Yen's Tweet wasn't the first time people have had their trust in Proton shaken. Rather than going over the timeline of events, I'll refer you to Alex Ward's post about Proton Scribe and Wallet. It's well worth a read, but to sum it up: In July 2024, Proton released Proton Scribe (an LLM "writing assistant"), and Proton Wallet, a Bitcoin wallet. The former was very loosely justified by a community survey, but it seems almost certain that this was in development before that survey was actually taken and interpreted. The latter is only a Bitcoin wallet, and doesn't support Monero or Zcash, two cryptocurrencies that are designed to protect privacy (something that is supposed to be Proton's core mission).
Where does that leave us?
Proton is one of the largest names in the field of privacy focused alternatives for a variety of reasons. Making PGP (end-to-end email encryption) easy to use was a significant part of their early appeal, and adding services like Calendar, Drive (cloud storage), VPN, Pass (password manager), and more expanded their target audience while also simplifying the process for users. Rather than needing to research the options for each and every one of those, you can opt for Proton and have everything work under one account. Reducing the barrier of entry is critical when aiming for the broadest audience possible, and I think this is something Proton has done well. The wide variety of available services unfortunately also means that leaving Proton is more difficult, since you once again need to research the options for every one (at least the ones you use), and there is no competitor I know of in the privacy space that offers them all. Perhaps this is an argument for never putting too many eggs into one basket, regardless of how sturdy that basket may seem.
So should you use Proton? And if you are currently a Proton user, should you leave? That's not a question I can answer, as everyone's use cases and threat profiles will vary. I will however recommend looking into multiple different options before deciding. Every single service that Proton offers can be found elsewhere, even if not all together, and may fit your needs better. There are many resources, such as Privacy Guides and Privacy Tools, to help you find and compare options. I also recommend reading The Privacy Dad's Blog. His blog is meant to journal his experiences rather than to advise, but I think it has some good insights and hopefully you find it helpful as well.
More than many other software companies, Proton cannot sell its products and services without first building trust from its users. The technical implementations of their products hasn't gone anywhere, and the service requiring a paid subscription remains a key part of them not needing to sell data for monetization. I do call their judgement into question given what has happened in the last year, and I am disappointed in the messaging around them. When compared to other tech companies I think Proton's actions have been far less egregious, but I don't fault you if your trust in them is gone. Let's hope they do what's right so we continue to have a strong option in the privacy space, we have enough people trying to make the world a worse place in the name of profit as is.