cross-posted from: https://ibbit.at/post/52938
The company behind the Proton Mail email service, Proton, describes itself as a “neutral and safe haven for your personal data, committed to defending your freedom.”
But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists’ accounts were eventually reinstated — but the reporters and editors involved still want answers on how and why Proton decided to shut down the accounts in the first place.
Martin Shelton, deputy director of digital security at the Freedom of the Press Foundation, highlighted that numerous newsrooms use Proton’s services as alternatives to something like Gmail “specifically to avoid situations like this,” pointing out that “While it’s good to see that Proton is reconsidering account suspensions, journalists are among the users who need these and similar tools most.” Newsrooms like The Intercept, the Boston Globe, and the Tampa Bay Times all rely on Proton Mail for emailed tip submissions.
Shelton noted that perhaps Proton should “prioritize responding to journalists about account suspensions privately, rather than when they go viral.”
On Reddit, Proton’s official account stated that “Proton did not knowingly block journalists’ email accounts” and that the “situation has unfortunately been blown out of proportion.” Proton did not respond to The Intercept’s request for comment.
The two journalists whose accounts were disabled were working on an article published in the August issue of the long-running hacker zine Phrack. The story described how a sophisticated hacking operation — what’s known in cybersecurity parlance as an APT, or advanced persistent threat — had wormed its way into a number of South Korean computer networks, including those of the Ministry of Foreign Affairs and the military Defense Counterintelligence Command, or DCC.
The journalists, who published their story under the names Saber and cyb0rg, describe the hack as being consistent with the work of Kimsuky, a notorious North Korean state-backed APT sanctioned by the U.S. Treasury Department in 2023.
As they pieced the story together, emails viewed by The Intercept show that the authors followed cybersecurity best practices and conducted what’s known as responsible disclosure: notifying affected parties that a vulnerability has been discovered in their systems prior to publicizing the incident.
Saber and cyb0rg created a dedicated Proton Mail account to coordinate the responsible disclosures, then proceeded to notify the impacted parties, including the Ministry of Foreign Affairs and the DCC, and also notified South Korean cybersecurity organizations like the Korea Internet and Security Agency, and KrCERT/CC, the state-sponsored Computer Emergency Response Team. According to emails viewed by The Intercept, KrCERT wrote back to the authors, thanking them for their disclosure.
A note on cybersecurity jargon: CERTs are agencies consisting of cybersecurity experts specializing in dealing with and responding to security incidents. CERTs exist in over 70 countries — with some countries having multiple CERTs each specializing in a particular field such as the financial sector — and may be government-sponsored or private organizations. They adhere to a set of formal technical standards, such as being expected to react to reported cybersecurity threats and security incidents. A high-profile example of a CERT agency in the U.S. is the Cybersecurity and Infrastructure Agency, which has recently been gutted by the Trump administration.
A week after the print issue of Phrack came out, and a few days before the digital version was released, Saber and cyb0rg found that the Proton account they had set up for the responsible disclosure notifications had been suspended. A day later, Saber discovered that his personal Proton Mail account had also been suspended. Phrack posted a timeline of the account suspensions at the top of the published article, and later highlighted the timeline in a viral social media post. Both accounts were suspended owing to an unspecified “potential policy violation,” according to screenshots of account login attempts reviewed by The Intercept.
The suspension notice instructed the authors to fill out Proton’s abuse appeals form if they believed the suspension was in error. Saber did so, and received a reply from a member of Proton Mail’s Abuse Team who went by the name Dante.
In an email viewed by The Intercept, Dante told Saber that their account “has been disabled as a result of a direct connection to an account that was taken down due to violations of our terms and conditions while being used in a malicious manner.” Dante also provided a link to Proton’s terms of service, going on to state, “We have clearly indicated that any account used for unauthorized activities, will be sanctioned accordingly.” The response concluded by stating, “We consider that allowing access to your account will cause further damage to our service, therefore we will keep the account suspended.”
On August 22, a Phrack editors reached out to Proton, writing that no hacked data was passed through the suspended email accounts, and asked if the account suspension incident could be deescalated. After receiving no response from Proton, the editor sent a follow-up email on September 6. Proton once again did not reply to the email.
On September 9, the official Phrack X account made a post asking Proton’s official account asking why Proton was “cancelling journalists and ghosting us,” adding: “need help calibrating your moral compass?” The post quickly went viral, garnering over 150,000 views.
Proton’s official account replied the following day, stating that Proton had been “alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled. Our team is now reviewing these cases individually to determine if any can be restored.” Proton then stated that they “stand with journalists” but “cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.”
Proton did not publicly specify which CERT had alerted them, and didn’t answer The Intercept’s request for the name of the specific CERT which had sent the alert. KrCERT also did not reply to The Intercept’s question about whether they were the CERT that had sent the alert to Proton.
[
Related
Proton Mail Says It’s “Politically Neutral” While Praising Republican Party](https://theintercept.com/2025/01/28/proton-mail-andy-yen-trump-republicans/)
Later in the day, Proton’s founder and CEO Andy Yen posted on X that the two accounts had been reinstated. Neither Yen nor Proton explained why the accounts had been reinstated, whether they had been found to not violate the terms of service after all, why had they been suspended in the first place, or why a member of the Proton Abuse Team reiterated that the accounts had violated the terms of service during Saber’s appeals process.
Phrack noted that the account suspensions created a “real impact to the author. The author was unable to answer media requests about the article.” The co-authors, Phrack pointed out, were also in the midst of the responsible disclosure process and working together with the various affected South Korean organizations to help fix their systems. “All this was denied and ruined by Proton,” Phrack stated.
Phrack editors said that the incident leaves them “concerned what this means to other whistleblowers or journalists. The community needs assurance that Proton does not disable accounts unless Proton has a court order or the crime (or ToS violation) is apparent.”
The post Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency appeared first on The Intercept.
From The Intercept via this RSS feed
This seems like more of a mistake than a sign of malicious or misaligned intention. Proton publish their stats about data requests, how many they comply with how many they fight and how many they win. They fight a majority of them probably more than most other companies.
The CEO needs to go. His ‘republicans fight for the little guy’ comments are so toxic and will get brought up everytime something like this happens and its hard to trust a company that has that kind of a person running it.
https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
There’s a lot more nuance to it than just ‘Proton CEO supports Trump (and therefore all of Trump’s policies)’
From the comments: “Andy’s statement was to recognise the choice of the Assistant Attorney General for Antitrust division at DOJ. This is someone who has history of going after tech monopolies and allowing room for the little guys (startups) to have a fair chance to grow and innovate. This was not a political endorsement.”
And at the very least the CEO controversy reveals all the issues with America’s two party Sith or Jedi system, there’s no room for nuance or discussion, just rage. Look at all the other top comments here.
That article is such bullshit. That anonymously submitted medium article that gets floated around ignores Internet Association, so wouldn’t be shocking if it was from proton attempting to do PR damage fixating on identity politics with intentional omission of Internet Association involvement.
Yen conveniently ignored that after working at the FTC, Slater become the vice-president for legal and regulatory policy for the Internet Association lobby group. Which was founded by “small business” like Google, Amazon, eBay and Facebook.
And involved in trying to infringe upon privacy rights. https://www.eff.org/deeplinks/2019/09/lawmakers-must-not-let-internet-association-weaken-california-consumer-privacy-act
So yeah, proton founder cherry picked information that tried to make it seem like it was acceptable to praise the pick when reality is the past is too murky to endorse in any manner.
Now seeing straight up bribing and gifts from corporations not even hiding it the whole thing aged like milk.
Ugh. My Obi-wan moment or something. ‘You were the Chosen One Proton!’
I know i am well aware of what happened. I dont think hes a right winger but this take was so far off reality it was alarming. Go read through the reddit thread where people push him to defend his statement and he cant.
In my most charitable interpretation of the situation he is symapthic to the right wing narative at a time where any sane person shouldnt have been. I’m still a proton subscriber but Idk if I will renew in december.
I have similar conflicted feelings after being a long time Visionary Subscriber.
Its a hard choice because I do like the work they are doing and I like paying for the suite of tools all in one. But I feel like the tools are half baked and missing a ton of features which is to be expected by an up and coming company. I dont know if I should continue to support them to reach their goal or just move onto another company and delay having an strong competitor in the market. Them having half owner ship in a swiss non profit is pretty much the only thing giving me strong trust in the product not getting enshittified but with the crappy AI getting slapped in its testing my resolve.
He’s not American though, things have nuances out of your tribal system.
I’m not German, but I would know better than to praise a pick from the AfD.
I couldnt find where he was from so feel free to correct me if you know. But my guess is that Andy is American or at least has lived in America for enough years to know about American politics.
You are probably right, I assumed he was European since Proton is based in there.
There is no nuance in American politics. Only tribal culture wars. You’re team red or team blue. Simple as. Something good? Claim your team. Something bad? Blame the other team. That being said, Andy is not American.
The nuance seems to be that he made stupid partisan statements not because he is a partisan but because he is stupid. He profoundly misunderstands Trump and Republicans if he genuinely believes that nonsense. Its hard to trust someone with such terrible judgement, and its hard to trust Proton because they handled the situation so poorly.
Agreed on the stupidity. He should have had PR running his accounts or at least approving his posts. But now that the cat is out of the bag I’m really conflicted about being a Proton Visionary subscriber, and try to use other services like Filen, Cryptpad, Bitwarden, Aegis, etc, so I’m not all concentrated on Proton like I was on Google Suite.
I just made a Tuta mail account for if I do decide to move away from Proton.
Yes, well stated. This is why I usually skip reading people’s comments. The vast majority see everything through their own agendas and just echo words they hear.
Learn to investigate and verify info. It seems like you just read a headline or some comments and took them as fact and did zero follow up.
Nah I have seen the entire story and its follow ups. He straight up bit the rightwing talking point hook.