Back

Proton Meet's Privacy Claims Under Scrutiny Due to US CLOUD Act Compliance

Severity: Medium (Score: 51.9)

Sources: News.Ycombinator, Bleepingcomputer

Summary

Proton has launched a new video conferencing service called Proton Meet, marketed as a privacy-focused alternative to mainstream platforms. While Proton claims that Meet provides end-to-end encryption and complies with GDPR and CCPA, an investigation reveals that the service relies heavily on LiveKit Cloud, a US-based infrastructure subject to the US CLOUD Act. This raises concerns about data privacy and compliance, as the CLOUD Act allows US authorities to access data stored by US companies regardless of where the data is physically located. The architecture includes a Swiss-controlled key exchange but ultimately depends on American servers for media transmission. Proton's marketing emphasizes privacy, yet the underlying infrastructure may compromise these claims. The service is free for one-hour meetings with up to 50 participants, but a pro plan is available for longer calls. The implications of using Proton Meet could affect organizations that prioritize data protection and compliance with international privacy laws. Key Points: • Proton Meet is marketed as a privacy-focused video conferencing tool. • The service relies on LiveKit Cloud, which is subject to the US CLOUD Act. • Proton's claims of end-to-end encryption may be undermined by its infrastructure choices.

Key Entities

  • United States (country)
  • ec2-44-224-75-233.us-west-2.compute.amazonaws.com (domain)
  • livekit.cloud (domain)
  • livekit.proton.me (domain)
  • meet-mls.proton.me (domain)
  • meet.proton.me (domain)
  • 161.115.177.32 (ipv4)
  • 185.70.42.112 (ipv4)
  • 44.224.75.233 (ipv4)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed