ProtonBlog(new window)

One of the biggest challenges of our time is balancing people’s right to privacy with the need to prevent abuse online. It’s a question with real-world consequences that’s as old as the internet itself. It’s also something that every internet platform — including Proton — has to grapple with. 

The problem 

Today, anyone can create an account on Twitter, Facebook, Gmail, Proton Mail, or any online platform and begin sending people hateful messages and violent threats. Over 40% of US adults have suffered online harassment according to a Pew Research survey(new window), and the more severe forms of harassment, such as threats of violence, are sadly becoming more common. These threats are truly abhorrent, and they can cause real distress. 

How we combat online abuse

We enforce a strict zero-tolerance policy for violations of our Terms of Service, which includes using our services for illegal acts. In Switzerland, where Proton is based, threats of violence are illegal, as they are in most jurisdictions, and anyone we find using Proton Mail to send threats will have their account suspended.

We put great effort into preventing abuse on our platform. Our Anti-abuse team works 24/7 to promptly evaluate abuse reports and, if warranted, disable the account in question.

If you receive threats from a Proton Mail account, send us evidence of the abuse — including the email headers — to or fill out our report abuse form.

Find out how to find and share email headers

The use of a privacy-first service such as Proton Mail does not confer in any way a legal immunity against prosecution. Such prosecutions have happened in the past. For example, in 2021, death threats were sent to Dr. Anthony Fauci(new window) from a Proton Mail account. Using data from Facebook, investigators found an Instagram account linked to the Proton Mail email address in question and identified the culprit, who was sentenced to three years in prison. 

However, very few cases of online harassment are ever investigated by law enforcement, much less prosecuted. This can lead to calls from understandably frustrated victims calling for online platforms, including Proton Mail, to do more. 

More surveillance is not the answer

Some people have asked whether we can scan messages for threats or require IDs to set up an account to prevent online threats. Unfortunately, these proposals create the potential for even worse abuse. 

Let’s look at the idea of scanning messages first. Proton Mail’s use of end-to-end encryption(new window) would make this quite complex, but leaving that aside, policing speech is still incredibly difficult under the best circumstances, and false positives often have devastating consequences. This will sound dissatisfying to some, but the recent example of Google reporting a man to law enforcement(new window) is instructive. 

A doctor asked a father to send him photos of his child’s inflamed groin to help with a diagnosis. Google’s automated tool for detecting child sexual abuse material scanned this photo, flagged it for abuse, disabled all his accounts, and reported him to the police as a child sex offender. By all indications, this was a devoted father trying to care for his child. 

It’s also not hard to imagine how identification mandates would have unforeseen impacts. Requiring an ID to create an online account destroys the relative anonymity that marginalized groups, victims of domestic abuse, citizens living under oppressive regimes, and all sorts of other people need online. Ultimately, it would lead to a massive expansion of the surveillance sphere and is something that the Chinese government has already implemented(new window) so it can monitor dissidents. 

If companies can peer into every message you send or link you to all your online activity, it creates the potential for extraordinary abuse. Whether it’s Google sharing Hong Kong protesters’ data(new window) with the Chinese Communist Party or the fear over Facebook sharing data to prosecute abortions(new window), we’ve seen how governments are eager to capitalize on Big Tech’s surveillance to enforce questionable laws. No doubt some people will abuse privacy to harm others. But it’s equally true that a state of total surveillance will be abused even more.

In many places, Proton Mail is the only safe way to express yourself or communicate without fear of government reprisals. Our encryption prevents us from scanning emails for abuse just as it prevents anyone else from reading them. It’s why the UN recommended that Burmese citizens use Proton Mail(new window) to report abuses by the military. It’s why Reporters Without Borders partnered with us(new window) to support journalists working in conflict zones and under repressive regimes.

For this reason, Proton has been actively fighting to reduce state surveillance capabilities, and we’ve made substantial progress. In October 2021, we won a case in a Swiss court(new window) that limits the IP data the Swiss government can request from email providers.

Abuse has no place on Proton Mail

We’re dedicated to doing all we can to stop abuse on Proton Mail, and we do not tolerate using our services to threaten others. But constant surveillance is not the solution — nor is it even possible — given our encryption. 

Instead, we pledge to take swift action on any abuse reported to us, with the goal of making Proton Mail an inhospitable environment for anybody who attempts to use our service for illegal purposes. 

It’s useful to look at how the postal service has dealt with this issue because email is, after all, digital mail. You can send a threatening letter to anyone whose address you know by dropping a letter into any mailbox. But the post office doesn’t intercept, open, and read every letter it handles. That massive violation of people’s privacy gives the government power to perform even worse abuses.

Instead, it investigates letters and packages that have been reported as being threatening or illegal. This isn’t a perfect system; people still can and do receive threats, but abusers are eventually caught and our rights to free speech and privacy are preserved. It’s not perfect, but like democracy, it’s better than all other known alternatives.

Protect your privacy with Proton
Create a free account

Related articles

passwordless future
With the advent of passkeys, plenty of people are predicting the end of passwords. Is the future passwordless, though? Or is there room for both types of authentication to exist side-by-side?  At Proton, we are optimistic about passkeys and have int
At Proton, we have always been highly disciplined, focusing on how to best sustain our mission over time. This job is incredibly difficult. Everything we create always takes longer and is more complex than it would be if we did it without focusing on
is icloud keychain safe
If you’re on any Apple device, you’re familiar with the iCloud Keychain, the Apple password manager. It’s a handy tool that stores passwords for you and helps you manage your logins.  For a program that stores all your most sensitive data in one pla
We recently announced that Proton Pass now supports passkeys for everyone across all devices. Universal compatibility is a unique approach to implementing passkeys, unfortunately. Even though passkeys were developed by the FIDO Alliance and the Worl
How to upload and share private video
Your private videos are for your eyes only. However, not all cloud storage services are good at storing videos securely, let alone privately. In this article we explain what you can do to keep file sharing companies from having access to the videos y
Many email services, citing security reasons, require a phone number for identity verification. This creates an unfortunate paradox in which you must give up a highly sensitive piece of personal data to Big Tech. But there are simple ways to create
Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec