Proton Meet Isn't What They Told You It Was
5 hours ago
- #Encryption
- #Surveillance
- #Privacy
- Proton Meet is marketed as an alternative to CLOUD Act-subject platforms like Zoom, but it relies on LiveKit Cloud, a U.S. company subject to the CLOUD Act.
- Proton's privacy policy discloses LiveKit Cloud as an infrastructure provider for call routing and data transmission, despite promises that 'not even government agencies' can access calls.
- Network analysis shows calls route through U.S. infrastructure from companies like Oracle and Amazon, with telemetry data stored and processed in the United States regardless of configuration.
- Proton's encryption using MLS is real and runs on Swiss servers, but LiveKit retains call metadata like IP addresses and connection timestamps, which can be subpoenaed.
- The product includes tracking cookies set before login, connections to Google services for features like background blur, and data sharing with Google Calendar or Outlook.
- Proton omitted LiveKit from its main privacy policy disclosures, similar to past practices with Proton Mail, raising transparency concerns.