Proton Meet, the Swiss privacy giant’s video conferencing tool launched in beta in 2023, markets itself as end-to-end encrypted (E2EE) with no accounts required for guests and zero call logging. A recent Hacker News thread cuts through that: it isn’t the privacy fortress Proton pitches. Testers found metadata leakage, browser limitations, and reliance on Proton’s servers that undermine the core promises. This matters because users switching from Zoom or Teams for “privacy” risk misplaced trust in a centralized service.
Proton’s Claims vs. Network Reality
Proton boasts over 100 million user accounts across its suite—Mail, Drive, Calendar, VPN, and now Meet. Meet rolled out fully in October 2023, free for all Proton users (paid plans unlock longer calls and more participants). Key selling points: E2EE for video and audio using WebRTC’s Insertable Streams API, relay servers to mask IPs from peers, and no storage of call content or participant lists.
HN users dissected the implementation. E2EE works—but only in Chrome 113+, Edge 113+, and Opera 94+. Firefox and Safari fall back to DTLS-SRTP transport encryption, meaning Proton’s servers decrypt and re-encrypt streams as a Selective Forwarding Unit (SFU). Result: Proton handles unencrypted media during transit for non-Chrome users. Even in E2EE mode, signaling metadata—room IDs, join/leave times, call durations—flows to Proton servers unencrypted.
IP handling is another gap. Proton routes traffic through its TURN relays to hide local IPs from participants, but Proton sees every IP address. WebRTC’s ICE negotiation still probes direct connections first; if relays fail, leaks occur. Proton logs IPs for 7 days minimum under Swiss law for abuse detection, as detailed in their transparency report: in 2023, they processed 6,378 Swiss court orders, handing over IP logs in 5,405 cases.
Technical Breakdown and Limitations
Under the hood, Proton Meet builds on Jitsi Meet’s open-source base but with proprietary tweaks. E2EE relies on client-side key generation and encryption before media hits the server. Keys exchange via secure WebSocket signaling, but the server authenticates rooms and moderates. Guests join via links without accounts, but hosts need Proton credentials—exposing email metadata if using Proton Calendar invites.
HN posters captured packets: Proton domains like meet.proton.me and turn.proton.me handle all traffic. No peer-to-peer fallback; everything relays centrally. Group calls scale via SFU, amplifying server dependency. No federation with other providers—it’s Proton’s walled garden. Open-source skeptics note the client JS isn’t fully auditable; parts are minified, echoing Proton Mail’s past obfuscation controversies.
Compare to true E2EE peers: Signal’s group calls use decentralized SFUs with client-verified keys. Jitsi E2EE (standalone) requires manual opt-in and passwords. Proton automates but trades verification for usability, leaving users blind to whether E2EE activates.
Why This Undermines Privacy Hype
Proton positions Meet as a Big Tech alternative, but centralization bites. Swiss jurisdiction mandates data retention for crimes; Proton complied with 99% of 2023 requests. Metadata reveals networks—who meets whom, when, from where—valuable for surveillance even without content.
For dissidents or execs, this exposure risks correlation attacks. Free tier limits (45-minute calls, 4 participants max for E2EE?) push upgrades, gating full features. HN consensus: solid for casual use, better than Google Meet (which scans content), but not “what they told you.” Overhype erodes trust in privacy brands.
Bottom line: Vet tools yourself. Run Wireshark on your calls. For ironclad privacy, stick to Signal or self-hosted Jitsi with E2EE enforced. Proton delivers 80% of the promise—use it accordingly, but don’t bet the farm.
