(no title)

“The Swiss legal system, while not perfect, does provide a number of checks and balances, and it’s worth noting that even in this case, approval from three authorities in two countries was required, and that’s a fairly high bar which prevents most (but not all) abuse of the system.”

As any other company operating legally, we have to respect the local legislation, which is what happened in this case. The case also shows that our encryption works as intended - we were not able to share any of the user's data stored encrypted on our servers (email content, attachments, etc.), because we don't have access to it ourselves.

Note also, that the case pertains to Proton Mail, and not Proton VPN. Proton Mail is considered to be a communication service, and in most countries (including Switzerland), communication services are regulated to some extent. The treatment of VPNs is different. There are no Swiss laws compelling us to log IP addresses, personal identifiers, traffic or browsing history, as proven in a 2019 legal case (we were not able to provide the requested information because we don't keep any: https://protonvpn.com/blog/transparency-report/).

And how does Mullvad deals with court orders?

I guess it's handled by this finding in the audit:

“VPN servers accept remote logins from administrators, who technically have the ability to tap into production users' VPN traffic”

>maliciously

They literally had no choice, it was a court order.