One of the biggest challenges of our time is balancing people’s right to privacy with the need to prevent abuse online. It’s a question with real-world consequences that’s as old as the internet itself. It’s also something that every internet platform — including Proton — has to grapple with.
The problem
Today, anyone can create an account on Twitter, Facebook, Gmail, Proton Mail, or any online platform and begin sending people hateful messages and violent threats. Over 40% of US adults have suffered online harassment according to a Pew Research survey(new window), and the more severe forms of harassment, such as threats of violence, are sadly becoming more common. These threats are truly abhorrent, and they can cause real distress.
How we combat online abuse
We enforce a strict zero-tolerance policy for violations of our Terms of Service, which includes using our services for illegal acts. In Switzerland, where Proton is based, threats of violence are illegal, as they are in most jurisdictions, and anyone we find using Proton Mail to send threats will have their account suspended.
We put great effort into preventing abuse on our platform. Our Anti-abuse team works 24/7 to promptly evaluate abuse reports and, if warranted, disable the account in question.
If you receive threats from a Proton Mail account, send us evidence of the abuse — including the email headers — to abuse@proton.me or fill out our report abuse form.
Find out how to find and share email headers
The use of a privacy-first service such as Proton Mail does not confer in any way a legal immunity against prosecution. Such prosecutions have happened in the past. For example, in 2021, death threats were sent to Dr. Anthony Fauci(new window) from a Proton Mail account. Using data from Facebook, investigators found an Instagram account linked to the Proton Mail email address in question and identified the culprit, who was sentenced to three years in prison.
However, very few cases of online harassment are ever investigated by law enforcement, much less prosecuted. This can lead to calls from understandably frustrated victims calling for online platforms, including Proton Mail, to do more.
More surveillance is not the answer
Some people have asked whether we can scan messages for threats or require IDs to set up an account to prevent online threats. Unfortunately, these proposals create the potential for even worse abuse.
Let’s look at the idea of scanning messages first. Proton Mail’s use of end-to-end encryption would make this quite complex, but leaving that aside, policing speech is still incredibly difficult under the best circumstances, and false positives often have devastating consequences. This will sound dissatisfying to some, but the recent example of Google reporting a man to law enforcement(new window) is instructive.
A doctor asked a father to send him photos of his child’s inflamed groin to help with a diagnosis. Google’s automated tool for detecting child sexual abuse material scanned this photo, flagged it for abuse, disabled all his accounts, and reported him to the police as a child sex offender. By all indications, this was a devoted father trying to care for his child.
It’s also not hard to imagine how identification mandates would have unforeseen impacts. Requiring an ID to create an online account destroys the relative anonymity that marginalized groups, victims of domestic abuse, citizens living under oppressive regimes, and all sorts of other people need online. Ultimately, it would lead to a massive expansion of the surveillance sphere and is something that the Chinese government has already implemented(new window) so it can monitor dissidents.
If companies can peer into every message you send or link you to all your online activity, it creates the potential for extraordinary abuse. Whether it’s Google sharing Hong Kong protesters’ data(new window) with the Chinese Communist Party or the fear over Facebook sharing data to prosecute abortions(new window), we’ve seen how governments are eager to capitalize on Big Tech’s surveillance to enforce questionable laws. No doubt some people will abuse privacy to harm others. But it’s equally true that a state of total surveillance will be abused even more.
In many places, Proton Mail is the only safe way to express yourself or communicate without fear of government reprisals. Our encryption prevents us from scanning emails for abuse just as it prevents anyone else from reading them. It’s why the UN recommended that Burmese citizens use Proton Mail(new window) to report abuses by the military. It’s why Reporters Without Borders partnered with us to support journalists working in conflict zones and under repressive regimes.
For this reason, Proton has been actively fighting to reduce state surveillance capabilities, and we’ve made substantial progress. In October 2021, we won a case in a Swiss court that limits the IP data the Swiss government can request from email providers.
Abuse has no place on Proton Mail
We’re dedicated to doing all we can to stop abuse on Proton Mail, and we do not tolerate using our services to threaten others. But constant surveillance is not the solution — nor is it even possible — given our encryption.
Instead, we pledge to take swift action on any abuse reported to us, with the goal of making Proton Mail an inhospitable environment for anybody who attempts to use our service for illegal purposes.
It’s useful to look at how the postal service has dealt with this issue because email is, after all, digital mail. You can send a threatening letter to anyone whose address you know by dropping a letter into any mailbox. But the post office doesn’t intercept, open, and read every letter it handles. That massive violation of people’s privacy gives the government power to perform even worse abuses.
Instead, it investigates letters and packages that have been reported as being threatening or illegal. This isn’t a perfect system; people still can and do receive threats, but abusers are eventually caught and our rights to free speech and privacy are preserved. It’s not perfect, but like democracy, it’s better than all other known alternatives.
