April 3, 2026

Private like a whisper… with a mic

Article URL →HN comments →

Proton Meet Isn't What They Told You It Was

Fans cry foul: ‘private’ Proton Meet runs on a US cloud under US law

TLDR: Proton Meet’s “private like in-person” promise is under fire after users found it runs on a US provider that can hand data to authorities. Commenters feel misled, argue no app can guarantee privacy if it controls updates, and say the real fix is self-hosted tools like Jitsi.

The plot twist nobody asked for: privacy darling Proton launched Proton Meet saying it dodges US data grabs — then sleuths found the calls are routed through a US company (LiveKit) that says it will cooperate with government requests. Cue the comment section going full courtroom drama.

Readers zeroed in on the contradiction: Proton’s pitch was “as private as meeting in person,” but the backbone is a California provider using American infrastructure (Oracle, Amazon, Google). The kicker? Logs and “call details” can be stored in the US, and the provider says it will hand over info when the law knocks. Also spicy: a 90‑day tracking cookie set before you even log in. The mood? Betrayed fans, smug skeptics, and self‑host evangelists.

Strongest take: privacy promises are fairy tales if companies can push silent app updates or flip “debug” switches. One commenter basically said, if they control the app, they control you. The DIY crowd shouted “just host Jitsi at home,” while Proton skeptics resurfaced past cases where the company complied with law enforcement, saying the halo slipped long ago. Not everyone even got to the end — a mini‑revolt broke out over the article’s slow, artsy page design, with readers tapping the browser’s “summarize” button like it was the eject handle.

Bottom line: Proton says “trust us.” The crowd says, “we checked the wires.” And the meme of the day? “Private like a whisper — in a mic’d room.”

Key Points

  • Proton Meet is built on LiveKit Cloud, a US-incorporated provider governed by California law and FTC jurisdiction.
  • LiveKit’s sub-processors are all US companies (DigitalOcean, Google, Oracle, Cockroach Labs, Datadog), and telemetry/logs are stored in the US regardless of selected region.
  • Network captures during a Proton Meet call showed connections to Oracle (Phoenix, AZ) and Amazon EC2 (us-west-2, Oregon), corroborating US-based routing.
  • LiveKit acts as an independent Controller for operational metrics (e.g., call detail records) not covered by Proton’s DPA and can comply with US law enforcement requests.
  • Proton’s main processor list omits LiveKit (listed only in a Meet sub-policy), and a 90-day session tracking cookie is set before login, initiating anonymous tracking early.

Hottest takes

“If a website can push an update to a user, they can intercept anything” — rvnx
“Easiest way to private video calls is just to self-host Jitsi” — a-rbsn
“Their ‘no government can see’ claims ran very hollow” — pogue

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.