Proton Meet Privacy Review: Is End-to-End Encryption Enough? [2026]
Google Meet feeds your data into ad models. Zoom's end-to-end encryption claim turned out to be a lawsuit-settling lie. So when Proton launches a video conferencing tool and stamps "end-to-end encrypted" on it, I pay attention. Proton has spent a decade building a reputation as the anti-Google, and Proton Meet is the logical next product in that ecosystem. But is this Proton Meet privacy promise the real deal, or is it marketing outrunning the cryptography?
I've spent 14 years building and reviewing software systems. One thing I've learned: the gap between a company's security claims and the actual implementation is where the interesting stuff lives. So I pulled apart Proton Meet's encryption model, its metadata handling, and the trust assumptions baked into the architecture. Here's what I found.
What Proton Meet Actually Encrypts (and What It Doesn't)
Proton Meet's core promise is straightforward: your audio, video, and in-call chat messages are end-to-end encrypted. Even Proton's own servers can't decrypt them. Most video conferencing tools, including Google Meet and Microsoft Teams, use transport encryption (TLS). Their servers decrypt and re-encrypt your streams in transit. They can see your calls. Proton says they can't.
The implementation is built on WebRTC, the same browser-based real-time communication standard that powers virtually every web conferencing tool. WebRTC uses DTLS-SRTP for media encryption, which is solid. But here's the critical distinction that most Proton Meet reviews gloss over: the media streams are encrypted, but the signaling and metadata are not.
Metadata includes who joined the call, when, for how long, their IP addresses, and the meeting identifiers. Proton's servers handle all of this in the clear (or at least, with access to it). And metadata is often more revealing than content. Intelligence agencies have said publicly that they "kill people based on metadata." Knowing that the CEO called the company's lawyer at 11 PM on a Friday tells you plenty without hearing a single word.
Proton Meet offers free one-hour calls with up to 50 participants for anyone with a Proton account. Guests can join via a link without creating an account. Convenient, but those guests have even less control over how their connection data is handled.
Can Proton See Your Video Calls?
This is the question everyone asks. The answer is messier than Proton's marketing suggests.
The audio and video content? No. If the E2EE implementation works as described, Proton cannot decrypt the actual media streams. But here's where it gets technically interesting. In any E2EE system for group calls, the initial key exchange — where participants agree on shared encryption keys — has to be brokered by something. In Proton Meet's case, that something is Proton's server.
Antonio Sanso, a security researcher and IETF contributor known for his work on OAuth and cryptographic protocols, has highlighted this pattern in similar E2EE products: the server brokers the key exchange, which means users must trust that the server is providing the correct public keys for each participant. A compromised or malicious server could perform a man-in-the-middle attack, substituting its own keys and decrypting the streams in real time.
This isn't a flaw specific to Proton Meet. It's a fundamental challenge in any server-mediated E2EE system. Signal solves this with safety numbers that users can verify out-of-band. Proton Meet, as far as the current implementation shows, doesn't offer an equivalent verification mechanism for call participants. You're trusting that Proton's servers are honest brokers.
Having worked on systems where supply chain trust is everything, I can tell you this isn't a theoretical concern. It's the exact kind of architectural trust assumption that separates "private enough for most people" from "private enough for a journalist protecting a source."
Is Proton Meet More Private Than Zoom?
Let's put the comparison on paper.
| Feature | Proton Meet | Zoom | Google Meet |
|---|---|---|---|
| E2E Encryption (media) | Yes, by default | Optional, limited | No (transport only) |
| Metadata visible to provider | Yes | Yes | Yes |
| Key exchange trust | Server-mediated | Server-mediated | N/A (no E2EE) |
| Open source client | Yes | No | No |
| Jurisdiction | Switzerland | USA | USA |
| Free tier participants | Up to 50 | Up to 100 | Up to 100 |
| Free tier time limit | 1 hour | 40 minutes | 1 hour |
| Max participants (paid) | Varies by plan | Up to 500 (Enterprise) | Up to 500 |
Yes. Proton Meet is clearly more private than Zoom for the vast majority of use cases. Zoom's E2EE is opt-in, disables several features when enabled, and the company has a documented history of misrepresenting its encryption capabilities. Google Meet doesn't even attempt E2EE for most users.
But "more private than Zoom" is a low bar. The real question is whether Proton Meet is private enough for your specific threat model. For internal team standups, family calls, or any conversation where your adversary is ad-tech companies harvesting data? Absolutely. For a whistleblower communicating with a journalist while facing state-level surveillance? The metadata exposure and server-mediated key exchange are real, exploitable gaps.
The most honest privacy claim isn't "we can't see anything." It's "here's exactly what we can and can't see, and here's why."
The Open Source Advantage (and Its Limits)
One area where Proton Meet genuinely stands apart: transparency. The web client is open source, meaning any security researcher can audit the code that runs in your browser. That's a massive advantage over Zoom and Google Meet, where you're trusting a black box.
I've written before about why open source matters for security. It doesn't guarantee safety, but it makes hiding backdoors significantly harder. When independent researchers can read the encryption implementation line by line, the cost of deception goes way up.
But open source has real limits here. The server-side code is not fully open. You can verify what your browser does with the encryption keys, but you can't verify what Proton's servers do with the metadata and signaling traffic. This is the same trust gap that exists with Signal's servers. No cloud-based E2EE product has fully solved it.
Swiss jurisdiction adds another layer worth understanding. Switzerland's data protection laws are among the strongest in the world, and Proton is not subject to US surveillance orders like FISA Section 702. Andy Yen, CEO of Proton AG, has repeatedly emphasized that Swiss law requires a Swiss court order for data disclosure, and even then, Proton can only hand over what it has access to — which, for encrypted content, is nothing.
Jurisdiction is a legal protection, though. Not a technical one. If the servers are compromised by a sophisticated attacker, Swiss law won't help you.
What Proton Meet's Privacy Model Means for You
Here's where I land on this: Proton Meet is the most credible privacy-focused video conferencing tool available today. The E2EE implementation for media streams is real. The open-source client enables genuine verification. The Swiss jurisdiction provides meaningful legal protection. For 95% of users, switching from Zoom or Google Meet to Proton Meet is a clear privacy upgrade.
But it's not zero-trust. The metadata collection, the server-mediated key exchange, and the closed-source server infrastructure mean you're still placing real trust in Proton as an organization. If your threat model includes a state-level adversary with the capability to compromise Proton's infrastructure, this product alone isn't sufficient. You'd need to layer additional operational security on top.
What Proton is doing with Meet — E2EE by default, open source client, no-account guest access — should be the baseline for every video conferencing product in 2026. The fact that it isn't tells you everything about the industry's actual priorities.
If you're evaluating tools for your team, the question isn't whether Proton Meet is perfect. Nothing is. The question is whether it's honest about its limitations. Similar to how I've found that examining security claims closely reveals the real picture behind the marketing, Proton Meet rewards the scrutiny. It's not flawless, but it's not hiding anything either.
That's more than most companies in this space can say.
FAQ
Can Proton see my video calls?
Proton cannot decrypt your audio or video streams thanks to end-to-end encryption. However, Proton's servers do handle signaling and metadata — meaning they can see who joined a call, when, and for how long. The call content is private; the fact that the call happened is not.
Is Proton Meet more private than Zoom?
Yes, significantly. Proton Meet enables end-to-end encryption by default, while Zoom's E2EE is optional and disables key features. Proton is also headquartered in Switzerland with stronger privacy laws, and its client code is open source. Zoom has previously been fined by the FTC for misrepresenting its encryption.
What metadata does Proton Meet collect?
Proton Meet's servers process signaling data including participant identifiers, meeting times, call duration, and connection information like IP addresses. While the audio and video content is encrypted end-to-end, this metadata is accessible to Proton and could be disclosed under a Swiss court order.
Is Proton Meet open source?
The Proton Meet web client is open source, allowing independent security researchers to audit the encryption implementation. However, the server-side infrastructure is not fully open source, which means you cannot independently verify how metadata and signaling data are handled on Proton's servers.
Does Proton Meet work without a Proton account?
Yes. Guests can join Proton Meet calls via a shared link without creating a Proton account. However, hosting a meeting requires a free Proton account. Free accounts can host calls with up to 50 participants for up to one hour.
Originally published on kunalganglani.com
Top comments (0)