The recent suspension of journalist accounts by Proton has shaken confidence in a service that built its brand on privacy, security, and freedom of expression. For years, Proton has positioned itself as a “logless” provider — unable to access the content of user communications, and therefore unable to police what people say or do. That narrative fell apart when independent journalists working under the pseudonyms Saber and cyb0rg found themselves abruptly cut off.
These writers, contributors to the legendary hacking magazine Phrack, were investigating a major cyberattack linked to a North Korean APT group. Their reporting uncovered intrusions into the South Korean Ministry of Foreign Affairs and even the Defense Counterintelligence Command. Following the principles of responsible disclosure, they created a ProtonMail account specifically for contacting officials, CERTs, and security agencies to warn them before publishing the story. Instead of receiving acknowledgment for protecting the public, they discovered their ProtonMail accounts had been terminated. First, the disclosure account disappeared. The next day, one of their personal addresses was gone too.
Proton’s justification was that they had received an alert from a CERT, a computer emergency response team, that the accounts were being “misused by hackers.” That explanation raised more questions than it answered. The company would not identify the CERT. It did not clarify what kind of “misuse” was alleged. It offered no evidence, no process, and no explanation that made sense in the context of zero-access encryption. How does a provider that claims it cannot read your email content decide your account is guilty of hacking? The contradictions were glaring.
The affected journalists tried to appeal, but Proton initially refused to reinstate their accounts, claiming it could “cause further damage.” Days passed without meaningful communication. The silence broke only when the journalists went public, posting on social media and rallying attention from the security community. Under pressure, Proton quietly reinstated some accounts, but by then the message was clear: access to so-called private services could be stripped away in an instant, based not on transparent evidence but on unverifiable alerts from third parties.
The suspensions caused real harm. The journalists lost access to channels they had set up specifically to inform authorities about the cyberattack. Their ability to coordinate disclosure, answer follow-up questions, and protect affected parties was disrupted. The very tools they trusted for safe, anonymous communication had turned against them at the moment they were most needed.
This episode reveals a troubling truth. Even if a service advertises itself as logless and encrypted, it can still disable your account without warning. Proton’s reliance on opaque external reports, its lack of a clear appeal process, and its apparent willingness to cave under pressure expose the fragility of its promises. For journalists, whistleblowers, and activists, the risk is obvious: when your work challenges powerful interests, the privacy tools you depend on may not stand with you. In Proton’s case, the ideal of secure, uninterrupted communication was sacrificed to expediency, leaving its users more vulnerable than protected.
Unlike services that claim to protect privacy but still shut down accounts when pressured, Trust.Zone does not keep logs, does not monitor activity, and does not have the ability to hand over or block your communications. Our role is simple: encrypt your traffic, hide your identity, and keep you online no matter who is watching. For journalists, whistleblowers, and anyone who cannot afford sudden suspensions, this clarity and consistency make all the difference.
