Note that Proton Mail servers don't hold your private master key directly — it is always stored encrypted with your password. Also, Proton Mail allows you to import your keys: https://proton.me/support/pgp-key-management
In the case you shared, the name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can't decrypt data, but in terror cases Swiss courts can obtain recovery email.
Moreover, the case concerns Proton Mail not Proton VPN, and Proton VPN's no-logs policy has been proven in both independent audits (https://protonvpn.com/blog/no-logs-audit) and in court (https://protonvpn.com/blog/transparency-report).
We most certainly are not a crypto company. We don't run a crypto exchange, didn't create a cryptocurrency, and don't speculate in crypto. We're an encryption company, but don't lump that in with crypto.
Recipients who do not have a Proton account need to create a free or paid Proton account to access the shared content. The email invitation includes a link to the Proton sign-up page.
Once account creation is successful, they will receive another email with the link that allows them to access the file.
Just providing the information on the most recent correspondents is never enough to provide access to a Proton account. Please share your support ticket number with us so we can see what happened exactly.
No, in fact we have no way to decrypt the emails on our servers, nor can we share them in an unencrypted format with any third parties (law enforcement included). All the data requests we comply with only include metadata which needs to remain unencrypted for the services to function properly.
Honestly, if you try it, you will find it doesn't really work this way. A lot of heuristics are used for recovery, many which are not visible to the outside for security reasons. Also, data recovery is never possible because of the use of zero access encryption.
This is inaccurate. First, Swiss law does not allow the breaking of E2EE. All of Proton's client side code is open source. We cannot arbitrarily change keys in an undetected way due to Key Transparency: https://proton.me/support/key-transparency. We also have open source mobile and desktop apps, so you don't even need to rely on the web app if you don't want.
This is pretty inaccurate. Proton's E2EE works by encrypting client side, and we can't just replace the GPG key because we have both key pinning and key transparency: https://proton.me/support/key-transparency
Proton does not claim no logs and has never claimed no logs. We do not retain logs by default, but our privacy policy has always been clear that we are legally obligated to follow Swiss court orders, which can ask for IP logging on specific accounts.