Maybe not the contribution that you’re looking for, but going to tell you this story regardless.
I am Swiss, and am a former Department of Foreign Affairs (FDFA / EDA) employee. My colleagues and I had organized an evening on cybersecurity, where we showcase what Switzerland has to offer. I invited stakeholders such as:
- Dreamlab (really cool company, should look them up if you don’t know of them)
- NCSC (Swiss National Cyber Security Center)
- Some Swiss cyber regulator; and
- Proton
Firstly, when speaking to a delegate of one of the above listed (don’t feel comfortably sharing publicly which one), he ushered a statement; upon me saying I’m a huge Proton fan and subscribed to all services - “they are lying to your faces”.
I was curious, so I spoke with the regulators and NCSC delegates, they said that Proton has been involved in a handful of leaks - some that were made public, some behind the scenes.
When I spoke to Andy, having told him that I grew up in Canada, I asked him what his plan was for North America. His response: “I will gladly take their money, but never open up shop there - too many national security departments that come knocking on the door”.
Now I see that (on the Proton page), that they are looking for a few US based positions for Marketing and Growth - going against what we discussed a few years back. In all honesty, I still have a Plus subscription with them, but beginning to questions a lot more things regarding security and ethics at Proton. Guess I’ll just self-host in the future. Trust no one but yourself with your personal data.
I genuinely don’t remember the exact instances we were speaking about, but it happens from time to team. They released data from a French citizen to Swiss & French authorities in the past, and I’m sure this isn’t the only case.
Edit: found the link: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/