Ok ProtonMail, this is seriously Bad

(Alert: This post is unedited, please don’t brag about grammar and mistakes. The point is to get the story out.)

Worst part: I am locked out and I didn’t actually do anything.

But let’s dig into drama. By definition, every good drama has to have 3 stages: Setup, Confrontation, and Resolution.

1. Setup aka Inciting Incident

Yesterday I wanted to check my ProtonMail (PM) account. To my big surprise, instead of seeing precious emails, I got this:

Wait, what??? Ok, let’s try a browser.


After a moment of sweaty hands, as a good citizen, I followed the rules and went to https://protonmail.com/abuse

So what they are telling me is that they have an automated detection system that disables accounts and if I think this automated guy is wrong I have to explain tothem why I think he(she) is wrong.

Sweaty hands came back as I started to smell Catch 22.

2. Confrontation aka Rising Action

Now, first of all, let me explain the purpose of my ProtonMail account. It serves as a secure e-mail point to my other vital online services.

For security reasons I won’t list them here, but you can imagine: most of these services send a login confirmation emails to my ProtonMail and in order to access them.

For security reasons I use my ProtonMail solely for this reason, so I open it only when I need it. I don’t use it for anything else and my account is protected with a login password plus decryption password (great PM’s feature).

I don’t use this email to communicate with anyone (I used to with a couple of my close friends who are also on PM), but that was some time ago.

But you get the point. And the point is, there was no way I would use my account for any illegal activities or something.

Now truth to be said and regardless of my case, the tone on this Abuse page is weird. They kinda already treat you as an abuser, like hey, you are on this page, so you’ve must do something wrong. Now it’s your turn to convince us that you are a nice guy.

But let’s go on. I am super sure the account was disabled by accident. The problem is that I have no clue why I believe it was disabled because, well guys, I didn’t get any explanation message.

So to get an idea why this could happen and before filling in the ‘Abuse Appeal Form’ I checked their ‘Terms and Conditions’.

Honestly, nothing I would do. I couldn’t spam because I wasn’t sending any emails out. And I am above 13 :).

But to be 100% honest, I have another ProtonMail account that I don’t access and I keep it for some services that I don’t want to keep directly with more sensitive ones (to minimize the possibilities of a hack).

So this is a potential problem: ‘Having multiple free accounts is not considered an acceptable use of our service (e.g. bulk-signups, large number of free accounts created by a single organization or individual).’

But cmon, I didn’t use it for bulk signups or a large number of free accounts. I don’t think this is an issuer.

So before sending abuse I went to PM’s Support Twitter account @Protonsupport and asked what could be wrong.

Now the answer was kinda hmmm:

So this abuse protection bot is sometimes wrong and it simply throws people out. You know, like a bouncer in a bar that sometimes throws good guys out.

I filed in the ‘Abuse form’.

Now I have one problem with the abuse form. I need to put in my secondary email account (which of course makes sense in the order they can contact me), but as a person who cares for privacy, I don’t necessarily want them to know it (i’ll come to that later on).

I got this back:

Honestly, I was already at the point of being angry. Dude, I am having a logging issue. I wrote you on the abuse page. This generic email helps no one.

3. Instead of Resolution

It has been almost 24 hours and I haven’t heard from PM guys. I super urgently need access to one personal service and I can’t access it.

I am having scenarios about what to do, but I am afraid one of the possibilities is to go into the digital hell and infinite mazes to restore things.

But ok, let’s see.

4. Where do I have problems with ProtonMail

Ok, things happen. I understand PM is on the edge of a fight and they have to do things to minimize abuse, limit bad guys and protect their users.

Also, I am (was?) a fan of PM from their early days. They seemed as a viable alternative to a really problematic service like Gmail (privacy, transparency…).

Truth to be said, I was never turned into paying user (so I didn’t support them), but the reason was that I didn’t want my CC to be attached to the account for security and privacy reasons.

But where I really have a problem is that they are able to cut you off just like this. And for a service that claims privacy and secure communication to be at the center of their model, IMHO, this is really bad practice.

Imagine that you are a whistleblower or activist and your life depends on trust to a service like PM. And then they cut you out because someone is able to manipulate an automated bot and you have no efficient way to get your credentials back or even without revealing your identity.

This goes against their own setup and it’s seriously bad.

It also opens up the question, what to use and how to protect your identity and credentials for services you actually use.

I use all these protections to avoid being hacked or to protect my privacy and identity.

I hope PM is not turning into yet another Gmail crap. They certainly don’t handle their communications well. Ok fair enough, I am not a paying user, perhaps they would treat me differently. But still.

Regardless, this is a good call why Blockchain (IMHO) makes sense. It promises to solve a single point of failure problem, protect our identity, and give at least, core credentials back to our pocket.

Now think that if even something that should be on the bright side as ProtonMail, can cause all these problems. Think about being dependent on a more abusive provider. And there any many.




CEO @zenodys, Focus on the new age of Data and Privacy.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Weekend Promotion: 40% Trading Fee Off on BTC/USDT Pairs

InsureDAO testnet is running


Repelling A Ransomware Attack: Sai Huda of CyberCatch On The 5 Things You Need To Do To Protect…

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

Howto Earn BNB or ETH UPDATED 3.28.22 F*L*A*S*H L*O*A*N Arbitrage Deploy With Smart Contract

Knowledge is power: Your right of access

CARDS Rewards Distribution for the CSWAP Community

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jernej Adamic

Jernej Adamic

CEO @zenodys, Focus on the new age of Data and Privacy.

More from Medium

Apple implemented the biggest improvement to bluetooth audio since 2009

Intel Wins Again. Big-time!

Apple M1: Its not about performance

Apple’s (Hidden) Authenticator App

Apple logo shaped as a lock depicting privacy