The original post: /r/torrents by /u/JustCallMeSteven on 2025-01-01 22:38:19.

ProtonMail handed over a user’s data—including their recovery email—without resistance after receiving a warrant for what can only be described as a vague and non-specific “threat.” It was among hundreds, sent to an election official who faced controversy for joking about ballot counting in the 2020 election. It read:

“I hope you know there are consequences for your actions. I know a lot of information about you. I will have to think about what comes next.”

While inflammatory, this email does not meet the legal standard for a criminal threat. ProtonMail should absolutely have sought to quash it.

Instead, ProtonMail complied, turning over metadata that enabled the government to secure warrants for nearly every online account the user had: Coinbase, Amazon, Spotify, and more.

We only know this happened because the government described ProtonMail’s compliance in a separate warrant application. The original warrant was sealed for a year. Briefly unsealed. Then sealed for another year. It is currently unsealed, but could even be sealed again.

This post highlights how easily storing releasing “metadata” can be weaponized to conduct expansive surveillance, even when the justification is flimsy.