ProtonBlog

Fighting abuse while preserving privacy

Share this page

One of the biggest challenges of our time is balancing people’s right to privacy with the need to prevent abuse online. It’s a question with real-world consequences that’s as old as the internet itself. It’s also something that every internet platform — including Proton — has to grapple with. 

The problem 

Today, anyone can create an account on Twitter, Facebook, Gmail, Proton Mail, or any online platform and begin sending people hateful messages and violent threats. Over 40% of US adults have suffered online harassment according to a Pew Research survey(new window), and the more severe forms of harassment, such as threats of violence, are sadly becoming more common. These threats are truly abhorrent, and they can cause real distress. 

How we combat online abuse

We enforce a strict zero-tolerance policy for violations of our Terms of Service, which includes using our services for illegal acts. In Switzerland, where Proton is based, threats of violence are illegal, as they are in most jurisdictions, and anyone we find using Proton Mail to send threats will have their account suspended.

We put great effort into preventing abuse on our platform. Our Anti-abuse team works 24/7 to promptly evaluate abuse reports and, if warranted, disable the account in question.

If you receive threats from a Proton Mail account, send us evidence of the abuse — including the email headers — to abuse@proton.me or fill out our report abuse form.

Find out how to find and share email headers

The use of a privacy-first service such as Proton Mail does not confer in any way a legal immunity against prosecution. Such prosecutions have happened in the past. For example, in 2021, death threats were sent to Dr. Anthony Fauci(new window) from a Proton Mail account. Using data from Facebook, investigators found an Instagram account linked to the Proton Mail email address in question and identified the culprit, who was sentenced to three years in prison. 

However, very few cases of online harassment are ever investigated by law enforcement, much less prosecuted. This can lead to calls from understandably frustrated victims calling for online platforms, including Proton Mail, to do more. 

More surveillance is not the answer

Some people have asked whether we can scan messages for threats or require IDs to set up an account to prevent online threats. Unfortunately, these proposals create the potential for even worse abuse. 

Let’s look at the idea of scanning messages first. Proton Mail’s use of end-to-end encryption would make this quite complex, but leaving that aside, policing speech is still incredibly difficult under the best circumstances, and false positives often have devastating consequences. This will sound dissatisfying to some, but the recent example of Google reporting a man to law enforcement(new window) is instructive. 

A doctor asked a father to send him photos of his child’s inflamed groin to help with a diagnosis. Google’s automated tool for detecting child sexual abuse material scanned this photo, flagged it for abuse, disabled all his accounts, and reported him to the police as a child sex offender. By all indications, this was a devoted father trying to care for his child. 

It’s also not hard to imagine how identification mandates would have unforeseen impacts. Requiring an ID to create an online account destroys the relative anonymity that marginalized groups, victims of domestic abuse, citizens living under oppressive regimes, and all sorts of other people need online. Ultimately, it would lead to a massive expansion of the surveillance sphere and is something that the Chinese government has already implemented(new window) so it can monitor dissidents. 

If companies can peer into every message you send or link you to all your online activity, it creates the potential for extraordinary abuse. Whether it’s Google sharing Hong Kong protesters’ data(new window) with the Chinese Communist Party or the fear over Facebook sharing data to prosecute abortions(new window), we’ve seen how governments are eager to capitalize on Big Tech’s surveillance to enforce questionable laws. No doubt some people will abuse privacy to harm others. But it’s equally true that a state of total surveillance will be abused even more.

In many places, Proton Mail is the only safe way to express yourself or communicate without fear of government reprisals. Our encryption prevents us from scanning emails for abuse just as it prevents anyone else from reading them. It’s why the UN recommended that Burmese citizens use Proton Mail(new window) to report abuses by the military. It’s why Reporters Without Borders partnered with us to support journalists working in conflict zones and under repressive regimes. 

For this reason, Proton has been actively fighting to reduce state surveillance capabilities, and we’ve made substantial progress. In October 2021, we won a case in a Swiss court that limits the IP data the Swiss government can request from email providers.

Abuse has no place on Proton Mail

We’re dedicated to doing all we can to stop abuse on Proton Mail, and we do not tolerate using our services to threaten others. But constant surveillance is not the solution — nor is it even possible — given our encryption. 

Instead, we pledge to take swift action on any abuse reported to us, with the goal of making Proton Mail an inhospitable environment for anybody who attempts to use our service for illegal purposes. 

It’s useful to look at how the postal service has dealt with this issue because email is, after all, digital mail. You can send a threatening letter to anyone whose address you know by dropping a letter into any mailbox. But the post office doesn’t intercept, open, and read every letter it handles. That massive violation of people’s privacy gives the government power to perform even worse abuses.

Instead, it investigates letters and packages that have been reported as being threatening or illegal. This isn’t a perfect system; people still can and do receive threats, but abusers are eventually caught and our rights to free speech and privacy are preserved. It’s not perfect, but like democracy, it’s better than all other known alternatives.

Protect your privacy with Proton
Create a free account

Share this page

Proton Team

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

In the public eye, Google presents itself as a champion of privacy. “Privacy is at the heart of everything we do,” its CEO said. But behind closed doors, Google is telling a different story to policymakers and actively fighting against privacy laws
The last thing you want when showing funny videos or holiday photos on your phone or tablet to friends and family is for them to see your sensitive and private photos. Although there are third-party apps dedicated to hiding your personal photos and
It can be slightly difficult to encrypt a zip file using the tools available on your Windows or Mac. Unlike encrypting a PDF or an Excel file, there’s no standardized software to use. You’ll need to rely on your device’s built-in encryption methods.
Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed r
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta