Proton Meet Isn't What They Told You It Was

Proton’s launch blog post for their new video conferencing product contains this paragraph: “laws like the US CLOUD Act can compel US-owned video conferencing platforms to hand over any data they store, even if the servers reside outside of the United States. This creates serious compliance challenges for organizations bound by GDPR, CCPA, or similar data protection laws. That’s why we’ve created Proton Meet.”

The pitch is that Zoom, Google Meet, and Microsoft Teams are CLOUD Act-subject, and Proton Meet is the safe alternative. Their blog describes the result as “as private as meeting in person.” I spent the launch day investigating that claim. Proton Meet is built entirely on LiveKit Cloud, a US company whose contracts are governed by California law, subject to the CLOUD Act, with an infrastructure chain made up exclusively of American companies.

The disclosure is in Proton Meet's own privacy policy: "Proton Meet relies on infrastructure providers LiveKit Cloud to deliver real-time video conferencing. LiveKit Cloud handles the transmission and routing of data."

LiveKit Cloud is a California-incorporated commercial infrastructure vendor. Their terms of service specify that all disputes are governed by the laws of the State of California, with venue in the federal or state courts of Santa Clara County.

Their privacy policy explicitly acknowledges FTC jurisdiction and states the company will "access, preserve, and disclose your information" to comply with "law enforcement requests, national security requirements, and legal process, such as a court order or subpoena," the exact scope of the CLOUD Act. Proton built their CLOUD Act escape hatch on CLOUD Act infrastructure.

Their security model page compounds this by stating "We utilize a distributed network of data centers around the world like we do for Proton VPN," implying Proton owns and operates the call infrastructure.

The Meet privacy policy confirms LiveKit Cloud handles it. Those data centers belong to DigitalOcean, Google, and Oracle, all American companies under LiveKit's operational control.

I confirmed this at the network layer during a live session. After running ss -tnup to capture a connection baseline, a Proton Meet session in Brave showed active connections to 161.115.177.32 on port 443, a LiveKit-owned IP block (ARIN OrgId LIVEK) hosted on Oracle Cloud Infrastructure, Phoenix, Arizona (AS31898). When a second participant joined with video, a connection appeared to 44.224.75.233, which resolves to an Amazon EC2 instance in the us-west-2 Oregon region.

DNS confirms the infrastructure chain: stun.livekit.cloud and turn.livekit.cloud both resolve to Oracle Cloud IPs in Phoenix, and those are the STUN/TURN servers handling WebRTC connection establishment for every Proton Meet call. The browser console during that same session printed livekit-client.esm.mjs:23768 publishing track, LiveKit's own JavaScript SDK.

The architecture genuinely has two layers. The Proton-controlled layer, the key exchange and MLS cryptographic protocol, runs on Swiss infrastructure. The encryption design is real. Proton's business page calls this a "zero-knowledge server architecture," which is true for the MLS key exchange servers in Geneva. It is not true for the LiveKit SFU servers that process every connection event, see every participant's IP address, and retain call detail records. The SFU routing layer runs on American company infrastructure.

Proton's solution hides your IP from other participants by routing everything through LiveKit's SFU servers. Your IP still hits LiveKit Cloud on Oracle's infrastructure in Phoenix, Arizona. They solved the peer-to-peer IP leak by centralizing every participant's IP at a single US company. From a government surveillance standpoint, that is worse.