- Protonmail crowdfunded $550k to create a secure & ‘independent’ email service.
- Protonmail accepted $2 million from CRV & FONGIT – Companies connected to the US & Swiss governments
- Protonmail crowdfunds again for “top of the line DDOS Protection” which was later beaten by a teenage autistic kid in the UK.
1. Protonmail Crowdfunds To “Remain Independent”
When Protonmail was being created the founders would frequently decline seed startup capital. Andy Yen clarified this when he told Forbes “The reason we have to be bootstrapped is because if we take our money from something like Google Ventures, there goes our credibility. By being in this market we have to fund ourselves,” Then he continued by saying they were going to crowdfund their idea in a month.
In 2014 Protonmail started a crowdfunding campaign (Archive) to create a secure email service. Their co-founder stated again that if they accepted outside financing, they would seek to control and exploit them. Then he clarified that “ProtonMail can only succeed in its mission if it remains independent.” The community responded by donating $550,377 so that Protonmail could develop a privacy-centered email that was independently controlled. Protonmail founders stated several times their company would “fail” and “lose credibility” if they accepted outside financing.
2. Protonmail Sells Equity & Control to CRV & FONGIT – No Longer Independent
Despite a successful crowdfunding campaign to “remain independent” Protonmail sought venture capitalist investment. Forbes states that it generally takes 6-9 months to obtain venture capital money. This is because investing in startups is a process that requires time, study and negotiations. 7 months after their crowdfunding campaign they finalized their sale of equity to CRV and FONGIT. It’s likely that Protonmail was talking to venture capital companies before, during and/or right after their pledge to “remain independent.”
Charles Rivers Ventures
CRV management is so influential that a founding partner at CRV, Mr Ditersmith, was appointed by President Obama to work in the US State Department as a delegate to the UN. The nature of a delegate’s work requires close communication with the CIA & NSA. Protonmail equity was purchased by CRV shortly after Mr. Ditersmith left the US State Department. CRV has stated their mission is to get a strong ownership stake and install their own members in positions of control. Mr. Ditersmith has stated that he wants to use his company to “fight terrorism”. Documents available on Wikileaks demonstrate close relations between CRV and high-ranking government officials, including former White House Chief of Staff John Podesta. CRV also has close ties to “In-Q-Tel” a US firm that is officially a CIA front investment company. Click here to read all about Protonmail’s connections to the CIA & NSA.
FONGIT is financed by the Swiss Government (Archive) and seems to be similar to the US company In-Q-Tel. In-Q-Tel is not owned by the CIA, but they are controlled by the CIA for all intents and purposes. FONGIT installed their director, Antonio Gambardella, as Protonmail’s “guide” to all “strategy and operations.” Protonmail’s website states that Antonio represents the “State of Geneva and the Swiss Federal government“(Archive). The Swiss Government signed an MLAT treaty with the US government. Edward Snowden revealed that treaties like this MLAT treaty are fully utilized by the US government. Under the terms of the MLAT treaty, the US government can require that Protonmail send all their users’ data to NSA servers. This is troubling after Professor Kobeissi mathematically proved Protonmail does not provide “End to End Encryption,” a claim Protonmail later admitted officially (Archive). How this works is Protonmail is able to serve users malicious code, thus allowing them to decrypt all of that user’s data. This type of backdoor access is illegal in Switzerland. Protonmail’s admission also renders most of their security claims false.
3. Protonmail Crowdfunds… for even more money…
In 2015 Protonmail received a DDOS attack that took their webmail offline completely. Protonmail stated that this attack may have been a “state-sponsored actor.” Protonmail had recently accepted a $2.5 million investment, but for unclear reasons, they decided to crowdfund for more money from the community(Archive). The community responded… again… by raising $64,000. Did any of the $2.5 million or $64k go to DDOS defense? Let’s take a look at an attack in 2018…
Later in 2018, Protonmail was hit with another DDOS attack. After the attack appeared to have ended, Protonmail CTO, Dr. Bart Butler, mocked the attacker and then later goaded them via Twitter. Dr. Butler’s mockery and goading was widely criticized. In response to the harassment, the attacker restarted the attack with increased strength resulting in Protonmail being taken offline again. The attackers said 3 times(1)(2)(3) they would stop the attack if Protonmail CTO, Dr. Bart Butler, apologized. Dr. Butler would not apologize for publicly mocking and goading the attacker, so the DDOS continued. Protonmail tried to blame for the DDOS attacks on Russia, suggesting another “State-Sponsored Attacker” just like in 2015. This time literally everyone who had the facts disagreed with Protonmail’s “blame Russia” approach, including their own contractor, Radware. As Protonmail was trying to figure out where it was coming from, Krebsonsecurity came to the rescue and identified the attacker as an autistic teen living in the UK. Protonmail later credited him officially.
Did Protonmail spend anything on DDOS protection? If an autistic teenager can defeat Protonmail’s “state of the art” defenses, what could a seasoned attacker do? Is it possible the DDOS attacker from 2015 was not a “State-Sponsored Attacker” but instead a teenage kid?
Protonmail stated that this is the teenage autistic kid that beat Protonmail’s entire team, their “state of the art” DDOS Protection, Radware Corporation & F5 Corporation.
Be Worried About Protonmail’s Equity
Edward Snowden revealed that the NSA seeks to circumvent encryption by coming after companies directly and forcing them to betray their users’ privacy. Protonmail’s co-founder echoed these comments when he stated that Protonmail “can only succeed” in its mission to give secure email if it remains independent. Shortly after making this statement, they sold control to FONGIT and CRV. They have also accepted $2 million from the EU via the Horizon 2020 campaign. You should be concerned because Protonmail’s founders told you to be concerned.