Simplified Privacy

Privacy Hell: Proton Uses Cloudflare

How Proton's Negligence Causes Harm

Privacy Hell: Proton Uses Cloudflare



CEO Admits It

Proton’s CEO Andy Yen openly admitted on Twitter they use Cloudflare as an upstream provider during downtime.


Notice how customers are complaining they can’t use the VPN, because Cloudflare is down.


Analysis of the domains and IPs from Proton, confirm that Cloudflare is their upstream provider.

For all services, including the VPN, mail, and drive.




What an upstream provider means is that Cloudflare is Proton’s ISP, so they get the internet through them.

In other words, you can not reach Proton’s services without going through them. And that’s BOTH ways.



“VPN”

This is a direct conflict of interest, because Cloudflare is seeing your real home IP address, and then the same exact packet size (and timing) as they serve you the websites.


It would be trivial to perform packet drops to doxx users, since they control both ends of the traffic.


Can other US companies do this?




Even Switzerland is forcing VPN logs,

No government can really be trusted for privacy. Even if we accept that Proton is really Swiss, governments globally are becoming totalitarian with data collection. Even Switzerland’s government has recently pushed to force VPN logs. As Vice News reports,

Switzerland-based tech firms—including many VPNs—to cooperate with sharing customer data with authorities if requested, erasing much of the privacy benefit of using a VPN.



The law targets large firms.

As TechRadar lays out:

Specifically, the amendment seeks to expand surveillance obligations that are now reserved for telecom networks and internet service providers (ISPs), to target so-called "derived service providers." This categorization would include any online service with a turnover of $100 million or more than 5,000 active users.

But Proton got big off government money.

2 million euros from a “lawful interception” group.

This was covered in this Tor Onion Only Blog, quote:

However, this narrative is complicated by the €2 million in funding Proton received from the EU’s Horizon 2020 program. While this isn’t inherently problematic, it raises questions. A service claiming to be independent and supported by its users has, in fact, been partially funded by government money. And it’s not just any government money, it’s Horizon money.

For example, one key part of the subsequent Horizon 2021-2022 program agenda was HORIZON-CL3-2021-FCT-01-02: Lawful interception using new and emerging technologies (5G & beyond, quantum computing and encryption). How convenient that just a year earlier – in Horizon 2020, which is referenced multiple times in the 2021-2022 agenda – a company running an e-mail and a VPN service was funded.

Note: His sources are Proton and Horizon docs


Is this why Proton barely fights any of their court cases?! They’d rather hand over thousands of emails rather than spend money to fight them.

"2023
    Number of legal orders: 6,378
    Contested orders: 407
    Orders complied with: 5,971
2022
    Number of legal orders: 6,995
    Contested orders: 1,038
    Orders complied with: 5,957"

Yet they do have funds to donate to charity? They gave a million dollars to journalism. They should be raising money for their own court cases.


Grants as a Tool of Oppression

In general, government grants are used to haze real alternatives out of the market, by scaling garbage solutions quickly and buying enough marketing buzz to drown out legitimate competitors. The oppressor distorts the market for emails or VPNs with corrupt brainwashing like Proton and IVPN/Safing.



As we covered earlier, Protonmail enters as plaintext that they can read, and then you have to enter your private key into their web app when you give the PGP password.

It would be better if you could make a PGP key on your own, and then give them the public key, and use ANY email client. But they don’t want that, because if any email client will work, then any self-host provider would work. And then they wouldn’t have all this power and money.



No burners!

Proton restricts “burner accounts”, in that you can’t sign-up for confirmation codes for external services with brand new Proton accounts. But if it’s really “zero knowledge”, then why are they scanning email contents to know if it’s a burner email? What is this “little red riding hood”, where the wolf wants to get to know me better?



People cry out “oh but you can use Proton over Tor!"

Proton is braindead for using SSL encryption on their Tor Onion, making it EVEN SLOWER to decrypt.

Tor Onions don’t need SSL, the Tor network does the encryption for you. Maybe they are not so dumb, but want to purposefully get you on the clearweb, because they are likely a honeypot.



Simplified Privacy solves all of these problems.

For email, VPN on any device, and/or our new Linux app.



“Underdog” VPN Datacenters

By focusing exclusively on smaller underdog datacenter providers, Simplified Privacy avoids the kind of conflict of interests that providers such as Mullvad and Proton have. Many big tech sites can’t scale with these smaller datacenters, but we can.



Circular Crypto Economy

The situations in Switzerland with Proton, and Mullvad with Sweden prove no government can be trusted. But by only using cryptocurrency and being regulated by XMRBazaar, Simplified Privacy avoids ever being large enough to be targeted by these kinds of draconian restrictions.



Self-host emails

Rather than aggregate everyone to the same servers like Proton does, we help people self-host around the world. Then it’s unclear who is our customer or where we operate. Once we setup your custom VPS, then we hand over control of the sever to you.



All of humanity’s secrets should not go to a single provider. Fight back!


Some say, “that’s just the way things are”. I say, you’ve got more power than you realize.

Spread this message! Share it with your circles. We can make a difference.




Access VPN Now



Get your own Self-host Email Combo Pack



Did you know you can still write PGP emails to Proton users, but without using Proton yourself? Learn how here



If you really want to learn and take your privacy to the next level, Access our VPN, and subscribe to our new content via: Podcast RSS, Session list, Nostr, Bastyon, Article RSS, or join the Signal Group

Related Posts

Email Heaven?! PGP Emails to Proton WITHOUT using Proton

Email Heaven?! PGP Emails to Proton WITHOUT using Proton

You can still send PGP to Proton users without actually using them

[SP]

Jul 11, 2025
HydraVeil 1.1.0 Release! Upgrade Now

HydraVeil 1.1.0 Release! Upgrade Now

New Features, Better Privacy, Security, and UI

[SP]

Jul 8, 2025
Solve Whonix's Flaws

Solve Whonix's Flaws

These are Big Whonix Problems

[SP]

Jun 20, 2025
Even without Linux, Why use our VPN?

Even without Linux, Why use our VPN?

What's the Difference?

[SP]

May 21, 2025