Proton threatens to quit Switzerland over new surveillance law
(techradar.com)445 points by taubek a day ago
445 points by taubek a day ago
Even if the revision is 'dead' now, the precedent is set: the Swiss government’s willingness to consider gutting core privacy protections rewrites the risk calculation for every privacy-focused provider headquartered there.
If you architect your infrastructure around non-retention, even a temporarily defeated law signals it’s time to future-proof elsewhere.
There is no precedent here. There are politicians advocating for this kind of stuff everywhere, that doesn't indicate the likelihood of a law like this passing.
Anyone can suggest a law. The stage this one failed in is explicitly meant to gauge if there would be any reasonable support to get it passed. The answer was a resounding No.
Even if it proceeded, it would have quite likely lead to a popular referendum due to Switzerland's system of direct democracy. I'd say not many places in the world have as strong defenses against laws like this as Switzerland.
Of course, it doesn't mean that it's not important to highlight when such ideas do crop up, and especially naming and shaming who/where they come from. I'm glad Proton et al. spoke out.
It’s odd people don’t push for laws to prevent for these kinds of laws to keep bubbling up every few years.
The law can't bind future lawmakers. That's a common feature of every legal system.
Any legal system can pass a law saying "we revoke this previous law".
This is what constitutions are for. When you have the support, you install a constitutional protection that says the government can't do this. Repealing the protection requires the same super-majority needed to pass it, so changing the law isn't just a matter of the tyrants needing to get back to 51% from 49%, they have to get from 33% to 67%.
Then you layer these protections against multiple levels of government so they'd all have to be repealed together by separate legislatures before the government is allowed to do it, discouraging the attempt.
In the USA we have amendments to the constitution, which take considerable political effort to change. These amendments can restrict the types of laws that may be passed.
This system works because the changes are not just recorded in the paper of some lawbook, but in the minds of the people.
This is not true in practice. Inertia and international law / agreements bind future lawmakers. If one government joins the EU, the next still has to follow EU law even if EU law changes.
This was my understanding, which is why I was so surprised to read of Trump's edict preventing state-level AI laws for ten years.
Either the people living in the country at the time rule (directly or through representatives), or its not a democracy, but (if they are ruled by the people, or their representatives, of the past) a thanatocracy.
> It’s odd people don’t push for laws to prevent for these kinds of laws to keep bubbling up every few years.
People don't have a lot of money and a revolving door with the government, like the lobby industry has. As long as corruption is legalized, in the form of lobby, regular people will find it very hard to influence the government.
Proton being about as brave as putting an apple on one's head and a blindfold on....in front of an infant with the parts of a Glock in front of them and no ammunition
What a bunch of performative nonsense on their behalf.
Proton didn't just market 'Swiss privacy,' they built real engineering around non-retention—no logs, no trackers, nothing to subpoena. If Switzerland erodes that, the only defensible move for actual privacy builders is to exit and redeploy somewhere the law aligns with technical reality. Anything else is security theater.
If law passes, if Proton leaves, what matters most isn't their press release—it's the engineers voting with their code and hardware locales.
To be fair Protonmail has much more to offer than "just" privacy friendly legislation. The free web mail client is full-featured, time tested and has no ads. That in my opinion already puts it ahead among the main mail providers. Also it has the Proton bridge, VPN etc. etc. I'd say it really depends on the personal threat model and willingness to DIY. My main complaint with it is bad interoperability with gpg though. (I'm not sure how anything less is supposed to help with end-to-end privacy...)
Who sponsored this??
Best I could find as a non Swiss:
> Threema and Proton In the daily news of 'SRF', Jean-Louis Biberstein, the deputy head of the federal postal and telecommunications service, said that the requirements for service providers are not tightened, but merely specified. A company like Threema would have the same obligations as before after the revision. Threema contradicts this in a statement from the end of April. The Vüpf revision would force the company to abandon the principle of "only collecting as few data as technically required".
(From auto translation of report about this already failing to proceed.)
Is Federal Post the entity or is it a person, or a group in Swiss government seeking to take authority over information?
Seems like the translation failed to translate the job title properly...
This government page https://www.li.admin.ch/en/ptss says that dude is in charge of the "Legal Affairs and Controlling" division of the "Post and Telecommunications Surveillance Service", and it continues to describe what that division does.
Small logical question - How can proton deliver mail to you if it does not save anything ?
They might log access in some circumstances, according to their privacy policy (https://proton.me/legal/privacy)
> 2.5 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our Terms of Service (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities. If you enable authentication logging for your Account or voluntarily participate in Proton's advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.
See also section 3, "Network traffic that may go through third-parties."
This is a valid point, but emails between Proton users (or other users of PGP) will not be accessible. And, presumably, it will be harder to see your email if you use Proton, than if you used Google/Outlook if your adversary had to look through everyone else's email to find who corresponded with you.
What they would tout as their USP then? Ex-Swiss Privacy?
And they will go where? To the Netherlands or Sweden? EU regulation applies there. They would have to go to Seychelles or Panama, but their servers would obviously still have to be elsewhere.
Switzerland would be useless if it can't remain a safe haven.
Sweden, having their legacy in social democracy and more state control, hates privacy
https://www.techradar.com/vpn/vpn-privacy-security/a-dangero...
It was also Swedish EU commissioner who wants to ban end-to-end encrypted chats and brought various proposals to the EU for this.
I wouldnt trust their state, the one that argued for infecting their entire population with covid to achieve herd immunity, the one that bent the knee to the US when they wanted a sex scandal to arrest Assange, the one who wont release information they have about blown up gas pipelines in their back yard. I shouldnt pick on Sweden, all countries are like this now.
Hot take but it makes sense to get rid of privacy under certain circumstances. What if we created a political system where you can trust the government to do a good, honest job. Privacy is needed because goals of the government aren't always aligned with goals of the society, but what if that wasn't the case.
I guess the human temptation to want to know what people are saying behind your back goes beyond political/economic systems.
"Crony capitalist", it's not actual capitalism when the government has its fingers and regulatioms in everyone's finances.
Social democracy is also capitalism.
I’d rather word that differently. High-trust societies with little expectation of privacy and valuing community tend to do well with social democracy. Otherwise people end up abusing the system and it’s hard to catch them if privacy trumps community needs.
Here in ex-USSR country people are very pro privacy and individualist. At the same time we try to copy a lot of Nordic stuff from our neighbors. It’s a shitshow how those cultures mesh. A lot of welfare abuse, hiding beyond muh privacy to avoid scrutinity.
> "This revision attempts to implement something that has been deemed illegal in the EU and the United States. The only country in Europe with a roughly equivalent law is Russia," said Yen.
They can go anywhere in Europe, since that type of surveillance seems to be illegal
The issue is that countries may not care. The Danish government famously refuses to comply with EU verdicts that makes logging all phone calls and spying on text messages illegal. The Danish supreme court and the European Court of Human Rights have agreed with the government that "it's fine" in a "please think of the children"-moment.
If privacy service providers have to keep logs anywhere, they lose all technical credibility—doesn't matter if you're registered in Panama, the Netherlands, or Mars. Perhaps, we should design systems where compliance is impossible and data simply doesn’t exist by default.
only musk can save datacenters from reaches of earths governments.
by transporting every cargo to USA for thorough inspection before flight.
Isn't the cost of taking down a satellite lower than putting it up?
The problem would be all the debris up there. Maybe destroying one satellite would destroy them all.
Norway has also been a popular destination for these types of services.
As a Norwegian I would not feel safe hosting such here.
Of the ~10 parties with a chance of a seat at the parlament, absolutely none have any clue what so ever when it comes to IT security matters.
The major parties have multiple times attemted to push egregious laws like collecting all internet metadata in our country, and storing it for years. They argued it wouldn't be a risk because only authorized personel would have access...
Sheer luck has twarted those attempts.
There are 5 million people living in Norway and you have 10 parties in the parliament? Talk about divided country.
If someone knows a Norwegian datacentre offering colocation, that has no connection to USA, please let me know.
I have no experience with them, so not a recommendation, but perhaps https://greenmountain.no?
Mullvad operates out of Sweden. Unlike proton, mullvad doesnt have to respond to court orders. proton gives up user info thousands a year its right on their transparency page.
Mullvad stores account (kyc) + payment information in line with Swedish tax laws for (I think) 7 years.
What Mullvad apparently don't have are data-plane logs. But then, surveillance laws mandate forceful & secret compliance in certain cases (Mullvad may be exempt but who knows: https://news.ycombinator.com/item?id=43018290)
Doesn't Mullvad accept cash without identifying information?
Proton isn’t giving up VPN users. It’s giving up mail users. There’s a huge legal difference.
And their military defense is outsourced to Switzerland.
> a "major violation of the right to privacy" that will also harm the country's reputation and its ability to compete on an international level.
Exactly. Were the fear mongers and authoritarians so successful that the infected organism starts acting against its own wellbeing?
Another day, another digital illiterate politician trying to regulate the digital world
Common sense says that it’s already illegal. They don’t need common sense legislation, they need common sense interpretation of it.
It seems to me that security and surveillance conscious folks tend to sit on either extreme of the spectrum
Because governments aren't persecuting people in the middle of the spectrum.
Then why do they need to spy on people? I mean, I agree with you. The center parties typically aren't persecuting massive amounts of people for their beliefs and "thought crimes", but they do still seem a little to happy to spy on people.
Probably more relevant in multi-party parliamentary systems, but someone pointed out that: if the left wing parties and the liberales agree on a policy, you should probably just implement it immediately. (Said about the Danish Red–Green Alliance and the Liberal Alliance, an eco-socialist party and a right-wing liberal party respectably).
> Their CEO seems to like trump
As far as I know this is a "rumour" that stems from him mentioning his approval over one of Trump's cabinet pick. Saying he likes Trump is a stretch.
Someone dug deeper into this topic: https://medium.com/@ovenplayer/does-proton-really-support-tr...
TL;DR: probably not a Trump supporter
Using percentages is illegitimate. It's frog boiling.
Governments lean on large providers like Microsoft to not implement strong technological privacy protections because they want to invade everyone's privacy, and those companies go along because they want to get government contracts or curry favor with government regulators, or because they want to invade your privacy themselves.
Then anyone privacy-conscious abandons them before any abuses are revealed because they've seen this movie before and know what's coming next. But that includes criminal organizations, so now for a transient period of time the competing services that still protect privacy have a disproportionate number of criminals. This is then used as an excuse to shut them down or force them to stop protecting anyone's privacy.
That's when the real abuses start, because the privacy-protecting services have been suppressed as "only used by criminals" and once the general public has lost the ability to switch, there is no longer competitive pressure on the incumbents to not betray their now-captive user base.
You can try to prevent this by getting people to switch to the privacy-protecting services ahead of time, but that doesn't mean it's reasonable to accept the consent-manufacturing tactic as legitimate either.
https://www.youtube.com/watch?v=-uQLvakPXOA
12 milion per day - iraqi mafia tasking 14 year olds with arson, robbery, murder in australia...
12 year old selling drugs in russia enabled by technology : https://globalinitiative.net/analysis/russia-drug-trade-orga...
EDIT: state backed use of proton : https://globalinitiative.net/analysis/lawless-cyberspace-why...
Criminals use general purpose tools. It isn't the role of cutlery manufacturers to address muggings.
yet it has nothing to do with Proton and everything to do with encryption and the reason why you hear the name Proton is because they open their mouth
Let every nation know, whether it wishes us well or ill, that we shall pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty. Kennedy.
Yet we cant even endure tariffs meant to stop war.
> to assure the survival and the success of liberty. Kennedy.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
Benjamin Franklin.
No, he didn't. You're thinking of the story where he expressed support for Gail Slater as head of antitrust and where he subsequently criticized lack of effective work towards tech regulation on the Democratic side.
Implying support for Trump here borderlines deceitful disinformation.
Why didn't you just look it up before making that comment?
https://theintercept.com/2025/01/28/proton-mail-andy-yen-tru...
This was discussed on HN as well.
Switzerland paid restitutions and changed it's laws which can't be said for crimes committed by many others. While the past should not be white washed it's been 80 years now.
A better question is how many banks does Switzerland still have? UBS is threatening to leave if they need to meet the new capitalization requirements the government wants.
It’s still somewhat of a current topic though.
https://www.wsj.com/finance/banking/nazi-ties-to-credit-suis...
Interesting
I'm sure UBS will try to claim that they didn't aquire the liabilities of CS just like Bayer and Dow try too with their acquisitions. However since this acquisition was basically forced upon UBS they would probably have a much better chance in court...
Private banks are very different from consumer banks in Switzerland. You might as well consider them as different kinds of things.
Bringing up Nazis, terrorists, and “the children” is always relevant to privacy detractors who think it’s suspicious for regular people to not want to be spied on.
> Long story short, the CEO has publicly backed Trump, Vance, and other officials in this new regime
This claim is not supported by your source. Do you have anything stronger than a Reddit thread?
It’s “batshit crazy” to support a politician the majority of the country voted for?
I wouldn’t say the correction is necessarily pedantic because non voters’ opinions do count and matter, but it also doesn’t materially change the argument. Calling the majority of people (millions) who voted in an election “batshit crazy” translates to, it’s not possible to rationally disagree with me, everyone who does must be crazy. A totally immature, unproductive though sadly common mindset that we should make a conscious effort to avoid.
Moreover it suggests the holder hasn’t thought through the position of the opposition which in turn means they really don’t deeply understand even their own convictions.
If millions of people agree about something, there’s a rational explanation.
This law change died in the "Vernehmlassung" which is early in the process. It's dead with opposition from all sides of the political spectrum. It had no chance.
https://www.inside-it.ch/vupf-revision-faellt-in-der-vernehm...