The Proton Blog

A journalist’s safety guide to the 2026 FIFA World Cup

Proton Team — Tue, 09 Jun 2026 18:05:07 GMT

Three countries and 16 cities are slated to host the 23rd FIFA World Cup this June. The event, which will be held in the United States, Mexico, and Canada, is expected to bring in more than 5 million fans from around the world, including an estimated 50,000 journalists.

Large crowds and global security threats like cyber, drone, or mass-casualty attacks pose risks to reporters and fans at all locations. In the US, travel bans and increased ICE activity should also be considered. If you are a journalist or media professional covering the 2026 FIFA World Cup, there are ways to ensure your safety as you travel through the event’s host cities.

Proton has assembled a guide to assist journalists navigate the World Cup safely. The tips below can help protect journalists and media against security threats while reporting from the ground at the World Cup.

Reporting from the United States

11 cities in the United States are hosting FIFA World Cup games in 2026, including Atlanta, Boston, Dallas, Houston, Kansas City, Los Angeles, Miami, New York, Philadelphia, San Francisco, and Seattle.

According to The Athletic, the Federal Emergency Management Agency granted $625 million in security funding toward those 11 US cities for operational exercises, staff background checks, and cybersecurity defense.

Travel restrictions and border crossings

Given the location, size, and scope of the World Cup, journalists traveling from outside the US should consider the risks when entering the country. In 2025, the Trump Administration announced a travel ban for citizens of Afghanistan, Myanmar, Chad, Republic of Congo, Guinea, Eritrea, Haiti, Iran, Libya, Somalia, Sudan, and Yemen. There are partial restrictions for residents of Burundi, Cuba, Laos, Sierra Leone, Togo, Turkmenistan, and Venezuela.

According to the Committee to Protect Journalists, border agents in the US “maintain broad discretionary authority to implement travel restrictions.” Additionally, “increased vetting, inconsistent enforcement, and sudden policy changes suggest an unpredictable environment,” in which traveling journalists should prepare.

Media personnel can anticipate being questioned at the border by Customs and Border Protection (CBP), especially if journalists represent a country on the travel ban list or have a history of covering politically sensitive issues. Journalists with dual citizenship from a country on the travel ban list should use the passport of their nation that does not appear on the banned list.

Protecting your devices and data

Precautions should be taken to encrypt or back up sensitive or personal information on electronic devices, as CBP does not need a warrant or probable cause to search your person or electronics. To protect your personal data and ensure it isn’t copied or stored by CBP, journalists should:

Use strong passwords and store them in a password manager like Proton Pass.
Use an end-to-end encrypted email service like Proton Mail so messages can’t be surveilled.
Employ email aliases so your personal or work email isn’t exposed.
Enable two-factor authentication so CBP can’t access your accounts.
Back up sensitive information on a cloud storage service like Proton Drive, so privileged documents don’t live on your phone or electronic devices.
Make social media accounts private and/or delete any apps that may be subject to search.

Legal resources for journalists

If a legal concern should arise during your coverage of the FIFA World Cup, journalists can call the Reporters Committee for Freedom of the Press legal hotline at 1-800-336-4243.

Media members can also text CPJ’s chatbot for assistance using the number 1-206-590-6191 or email the committee at emergencies@cpj.org.

If you are denied entry into the country or into the World Cup, are facing detention or arrest, have been assaulted, or had equipment damaged, you can file a report using the U.S. Press Freedom Tracker.

General safety tips for all host cities

Whether reporting from the United States, Mexico, or Canada, you should familiarize yourself with the country’s local laws. Before heading to your destination, research the location and have an exit strategy should an emergency arise.

Have an emergency contact on standby, work in pairs whenever possible, and designate meet-up locations ahead of time should cell service or Wi-Fi go down. Identify exits, medical tents, rideshare drop off and pickup locations and media areas before arrival.

Proton for journalists and newsrooms

To counter unprecedented threats toward journalists, Proton offers discounts on Proton for Business to news media. Protect your emails, contacts, documents, sources, and other sensitive data with end-to-end encryption, so your team can work safely no matter where they are.

Proton has been committed to press freedom for more than 10 years. Learn more about how Proton protects journalists and get Proton for your newsroom today.

Cybersecurity compliance 101: What small businesses need to know

Alanna Alexander — Tue, 09 Jun 2026 17:34:04 GMT

You’ve likely experienced this scenario: You’re in the final stages of a deal with a promising enterprise client. The contract is ready, the price is agreed upon, and then the conversation stalls.

The reason? They asked for your cybersecurity compliance documentation, and you couldn’t provide it.

It’s a frustrating moment. It’s understandable to feel that cybersecurity compliance is a game for large corporations with dedicated security teams and massive budgets. For a growing startup or a small business, it can feel like an overwhelming administrative burden.

The good news is that there are simple ways to prove you take data protection seriously.

This guide breaks down what compliance actually means for your business, the key frameworks you’ll encounter, and how to get started without needing a team of IT experts.

What is cybersecurity compliance?

Cybersecurity compliance is how you prove you are protecting sensitive data according to recognized standards. It’s not just about having the right tools; it’s about having the right processes and the documentation to back them up.

Think of it as your business’s “report card” for security. It shows prospects and partners that you have rules in place, you follow them, and you can prove it.

It’s not optional. Regulations like GDPR and HIPAA carry real legal weight. Fines, lawsuits, and operational restrictions are all on the table. And cybersecurity threats aren’t theoretical. Four in five small businesses have suffered a recent data breach.

The risks of data non-compliance

Skipping compliance might seem like a way to save time and money, but it’s a short-sighted gamble. The fallout hits in three critical areas:

Financial penalties: A single GDPR violation can cost millions. For a small business, even a mid-range fine can mean layoffs, frozen growth, or closure.
Operational disruption: A breach takes systems offline for weeks. Your staff gets pulled from revenue-generating work to manage the crisis. Recovery costs can easily exceed $1 million when you factor in downtime, legal fees, and lost contracts.
Reputation damage: Customers who trusted you with their data may not give you a second chance. In tight-knit industries, word travels fast. A compliance failure doesn’t just hurt your brand; it can shrink your sales pipeline for years.

Key cybersecurity frameworks every business should know

These are the standards your customers, regulators, and enterprise partners will likely ask about.

GDPR (General Data Protection Regulation)

If you have even one customer in the European Union, or if you collect email addresses from EU visitors on your website, GDPR applies to you—regardless of where your company is based. Non-compliance can result in fines of up to €20 million or 4% of your annual global revenue, whichever is higher.

What it means: You must be transparent about how you collect and use data. You must give people the right to access, correct, or delete their information.

HIPAA (Health Insurance Portability and Accountability Act)

Are you a SaaS company serving a US healthcare provider? Or perhaps a clinic managing appointments? The moment patient data touches your systems, HIPAA applies.Penalties range from thousands to millions of dollars, depending on the severity and whether negligence was involved

What it means: You need strict safeguards like data encryption, controlled access, and clear procedures for reporting breaches.

NIS2 (Network and Information Security Directive)

This is an EU directive strengthening cybersecurity in essential sectors like energy, transport, and digital infrastructure.Even if you aren’t directly regulated, your enterprise customers may require you to meet NIS2 standards as part of their vendor checks.

What it means: It requires risk management practices and strict incident reporting.

ISO 27001 & SOC 2

These are international standards that evaluate how you manage and protect data. The stakes: For enterprise clients, having ISO 27001 certification or a SOC 2 report is a massive trust signal. It tells them, “We have been audited by independent experts, and our security is solid.”

What it means: You need to implement documented security controls, submit to independent audits, and maintain that certification on an ongoing basis.

How to get started with compliance in cybersecurity

Compliance can feel like a long list of boxes to check, but the basics come down to five practical steps.

Map out what data you have, where it lives, and who has access. You might be surprised to find a customer list saved on a contractor’s personal Dropbox or a shared spreadsheet with sensitive info that anyone can edit.
Write down your policies. Who can access what? How do you report a breach? How do you dispose of old data? If it isn’t written down, it doesn’t exist. Keep these documents clear, current, and ensure your team actually follows them.
Give your team a business password manager. It generates strong credentials, stores them securely, and makes good habits the default. It removes the friction of remembering complex passwords.
Use a business VPN. It encrypts all your team’s internet traffic, ensuring data stays protected no matter where they log in. This is a straightforward way to meet network security requirements for almost every major framework.
Assign a specific person (even if it’s part of their role) to be accountable for your compliance posture. They should track regulatory changes, keep documentation updated, and ensure leadership stays informed.

How to stay compliant with cybersecurity regulations

Regulations change, your team grows, and the tools you use evolve. That’s why requires ongoing attention.

Review policies regularly: Conduct quarterly reviews to ensure your documentation reflects how you actually work.
Monitor for exposure: Don’t wait for a breach to find out your credentials leaked. Use tools that monitor the dark web and alert you if your company data appears in a breach.
Conduct internal audits: Test your controls before an auditor does. Find the gaps yourself — it’s always cheaper than having them exposed externally.
Train your team: Policies only work if people follow them. Short, practical training on phishing and data handling keeps security habits sharp.
Use tools that enable good security: Compliance is easier when security is the default. Choose tools that encrypt your business data, give you granular control over access, and flag risks like weak passwords automatically.

Make cybersecurity compliance a part of BAU

Compliance doesn’t have to be a scramble. With the right tools, it becomes part of how your business operates, giving you concrete answers to security questionnaires and audits.

Proton Pass and Proton VPN are built for this. Setup takes minutes, and you don’t need an IT team to manage them.

Proton VPN encrypts all company network traffic and restricts access to approved devices, meeting strict network security requirements.
Proton Pass lets you enforce two-factor authentication, manage credentials securely, and pull activity logs directly from the admin panel for audits. When a new hire joins, you can provision access in clicks; when someone leaves, you revoke it instantly.

You also get to leverage our compliance for yours. When enterprise clients ask about the security of the software you use, you can point to our credentials.

Proton is ISO 27001-certified and SOC 2 Type II-verified, based in Switzerland, and fully open-source. This gives you verifiable, third-party proof that your data is protected by the highest global standards.

Proton for Business gives you the tools you need not just to start your compliance journey, but to maintain it long term.

How to use Google Photos Locked Folder (and a safer alternative)

Elena Constantinescu — Tue, 09 Jun 2026 14:10:53 GMT

Most people have images meant for their eyes only, like snapshots of personal documents or intimate photos they’d rather keep out of the main gallery. These are the kinds of images people would not want to accidentally share with someone else or have exposed to anyone who gains physical access to their phone.

Traditional photo libraries like Google Photos aren’t safe for private photos because they are not built for privacy. They can help protect your pictures from unauthorized access, but that doesn’t necessarily mean your sensitive photos are hidden from the service provider. Because Google Photos is not end-to-end encrypted, Google can technically access and process your photos in accordance with its policies.

The Locked Folder feature in Google Photos can be useful, but it doesn’t change the underlying privacy model of the app. So before relying on it for sensitive images, it’s worth understanding what Locked Folder does, how to use it, and what its privacy limits are.

What is the Google Photos Locked Folder feature?
How to hide photos in the Google Photos Locked Folder
- Managing photos and videos
Limitations
- The privacy cost of backing up Locked Folder photos
A more private way to store sensitive photos

What is the Google Photos Locked Folder feature?

Locked Folder is a Google Photos feature that lets you store selected photos and videos in a separate, protected space on your device. When you add items to this hidden folder, they:

Don’t appear in your photo grid, albums, search results, Memories, or partner sharing
Are hidden from other apps on your device that have access to your regular photo library
Require your device screen lock to view and manage, such as your PIN, password, fingerprint, or face unlock

How to hide photos in the Google Photos Locked Folder

Setting up the Google Photos Locked Folder to hide your photos takes only a few moments:

Open Google Photos.
Tap Collections.

Scroll down, and tap Locked. You will be prompted to open the Locked Folder using your device screen lock option.
Tap Move items.
Select the photos or videos you want to add, and tap Move.

Confirm using your device screen lock option.
- If Locked Folder backup is off, you can turn it on by tapping Manage backup or skip by tapping Continue.
Tap Move to confirm.

To add new items, tap the new photo icon 🖼 on the bottom left. It’s not possible to create subfolders in the Locked Folder feature for organization.

Managing photos and videos in Locked Folder

To return a photo or video to your main Google Photos library, select it in Locked Folder, tap Move, and tap Move again to confirm. The item will leave Locked Folder and reappear in its original position in your photo timeline.

You can also permanently delete items by pressing Delete, and again Delete to confirm.

Limitations of the Locked Folder feature in Google Photos

The Locked Folder feature is useful for keeping private photos out of your main gallery, such as when you hand your phone to someone else and don’t want them scrolling into something sensitive. But it does not create a separate, end-to-end encrypted vault.

End-to-end encryption means your data is encrypted on your device before it reaches a company’s servers, and only you hold the keys to decrypt it. Not even the service provider can read your files. Google Photos does not offer end-to-end encryption for your photo library — so Google retains access to your images — and the Locked Folder tool is governed by the underlying policy of the Google Photos privacy policy.

That matters because Google does not simply store photos passively. Its automated systems can scan content for policy violations, and mistakes can have serious consequences.

In one widely reported case, a father in California took medical photos of his toddler at a doctor’s request and sent them to the healthcare provider. Because the photos were also backed up to his Google account, Google’s systems flagged them as potential CSAM, reported him to law enforcement, and terminated his account. Police cleared him of wrongdoing, but Google still refused to restore the account, leaving him without access to years of emails, photos, purchase history, and other data.

The privacy cost of backing up Locked Folder photos

By default, items you move to the Google Locked Folder only exist on your local device. If you don’t turn on backup, you could lose your photos if your device is damaged or lost.

On the other hand, backing up your Locked Folder photos means keeping them stored on Google’s servers and giving the company broad access to your sensitive content that you don’t feel comfortable sharing with anyone else.

That leaves you stuck between two bad options:

Keep photos on your local device only and risk losing them, or
Back them up to Google Photos and accept they may be scanned by Google’s automated systems and reviewed by humans if an algorithm flags something, even by mistake.

If neither option sits right with you, there’s a better, safer way to store sensitive photos without risking that your cloud storage provider can take a sneak peek.

A more private way to store sensitive photos

If you want to safely store sensitive photos long-term, use Proton Drive. While Proton Drive does not have a direct equivalent to Google Photos’ Locked Folder, it approaches photo privacy differently by protecting your photos with end-to-end encryption so no one can see them except you and the people you choose to share them with — not even us.

You can enable automatic photo backup on your phone to keep them synced across your devices, browse photos in a timeline, organize them into albums, mark favorites, filter by media type, and securely share individual photos or full albums with passwords and expiration dates. Shared links can be easily revoked anytime.

Unlike Google Photos and Google Drive, Proton Drive is transparent when it comes to your data: All Drive apps are open source and independently audited, which means anyone can verify our security. We never scan your files or photo library, show ads, use your photos for AI or product improvement, or share your information with anyone.

When you’re ready to move on from Google Photos, you can easily migrate your memories to Proton Drive. And when you’re ready to deGoogle more broadly, you can take the next steps toward a privacy-first ecosystem built to protect your data rather than exploit it.

Top 7 internal communication tools for companies

Alanna Alexander — Tue, 09 Jun 2026 13:19:20 GMT

Every internal communication tool was built simply to host workplace conversations. They do far more than that today.

Platforms like Slack, Microsoft Teams, and Zoom have become the vaults for a company’s most valuable intellectual property, retaining critical decisions, sensitive documents, and proprietary data.

The problem is that all this valuable data is often protected only by basic encryption — a security measure that leaves the door wide open for providers, third parties, and even AI models to access it.

This guide explores the top seven internal communication tools available in 2026, weighing their functionality against their privacy practices.

What are internal communication tools?

Internal communication tools are software platforms designed to facilitate real-time interaction and information sharing within an organization.

They were designed to solve a specific friction point: the latency of poorly designed email platforms. A quick answer from a colleague would require hours of waiting and valuable ideas would get lost in a thread of replies.

Businesses adopted internal communication tools with the hope that it would break down silos, enabling real-time collaboration across departments and time zones. It did. It’s now become the digital water cooler and the virtual conference room.

Teams now use internal communication tools to make hiring decisions, finalize product roadmaps, store legal contracts, and conduct sensitive client negotiations — high stakes for a tool designed to facilitate the exchange of information, not secure it.

Why modern communication stacks are actually failing businesses

Fast and convenient internal communication often comes at a cost. Because many modern communication tools are built to prioritize speed and scale over security, they rely on basic encryption that doesn’t adequately protect your data.

This means providers can access your messages, calls, and files which can be shared, leaked, or sold to advertisers. In some cases, they’re even used to train AI models.

This creates real business risks. These range from compliance violations to data exposure in a breach. Together, these risks make it even more important to choose the right internal communication tool. In addition to affordability and convenience, you should prioritize security.

What to look for in an internal communication tool

Internal communication software is essential to keeping teams aligned. When choosing a secure internal communication tool, look for:

End-to-end encryption

Most tools encrypt data in transit, but that’s not enough. End-to-end encryption ensures that only participants can access the content of your communications — not the provider, third parties, or AI models.

Data minimization

Every tool collects some data to function. The question is how much, and what happens to it. Look for tools that collect only what’s necessary and don’t share or monetize your data.

Open source transparency

If a provider publishes its code as open source, anyone can verify its security claims. Look for independent audits and clear privacy policies that explain exactly how your data is handled.

The 7 best internal communication tools

There’s no one-size-fits-all internal communication tool. The right one depends on your business needs, your existing software, and how you handle sensitive information.

Here are seven of the best options you can find today.

Proton Meet

Best for: Private and secure business meetings

Proton Meet combines the familiarity of video conferencing software with a privacy-first, web-based design. End-to-end encryption is enabled by default, so meetings remain confidential and only accessible to participants, not even Proton can access them.

If your business is concerned about compliance and data exposure, Proton Meet offers additional protection through Swiss privacy laws. There’s no ad-based business model, which means there’s no incentive to collect or monetize user data.

Proton Meet includes all the video conferencing features you’ve come to expect — chat messaging, screen sharing, blurred backgrounds, noise reduction filters, and more. All in a single secure video conferencing tool, a part of a suite that helps you stay GDPR- and HIPAA-compliant.

Strengths:

End-to-end encrypted by default
Zero-knowledge architecture (your data is encrypted so only you can access it, not Proton)
Guests can join calls without a Proton account
Part of Proton’s privacy-first suite

Keep in mind:

Fewer integrations available
Free plan limited to one-hour calls and 50 participants

Proton Mail

Best for: Secure email communication

Proton Mail is how emails should be — private by default. Email remains the backbone of business communication and should be appropriately protected. Unlike other email providers, Proton Mail is end-to-end encrypted by default. Your emails are fully secured whether in transit or at rest; only you and your intended recipient can read them.

End-to-end encryption also ensures your emails can never be scanned, shared with third parties, or used to train AI. This ad-free business model means Proton does not benefit from your data.

Strengths:

End-to-end encrypted by default
Zero-knowledge architecture (your data is encrypted so only you can access it)
Data is protected by Swiss privacy laws
Part of the Proton ecosystem

Keep in mind:

Emails to non-Proton recipients aren’t end-to-end encrypted unless password-protected
Fewer native integrations than Gmail or Outlook

Slack

Best for: Instant messaging and app integration

Slack is the iMessage of the enterprise world. Slack simplifies workplace discussions; instead of drawn-out email threads, conversations happen in organized channels sorted by team, project, or however you choose.

Slack features an extensive integration library that lets you connect to popular enterprise software, such as Jira and Google Calendar. These integrations turn Slack from a chat tool into a central hub for notifications and workflows. Additionally, Slack allows you to hold video and voice calls, making it a versatile communication tool.

Slack has come under scrutiny for privacy concerns — from allowing admins to read employee messages to the sharing of identifiable information with advertisers. Depending on your location, you may not be able to opt out of this data sharing.

Strengths:

Extensive app integration library
Organized channels for teams and projects
Supports chat, voice, and video functionality

Keep in mind:

Admins can read employee messages
Your data is shared with advertisers
Opt-out options vary by jurisdiction

Microsoft Teams

Best for: Microsoft-reliant organizations

Microsoft Teams is the obvious choice for businesses that rely on Microsoft services. Its deep integration with the Microsoft ecosystem enables many quality-of-life conveniences, such as real-time document collaboration within the app and an automatic Outlook sync. It scales well too, Teams can handle everything from small-group chats to company-wide town halls.

However, Microsoft’s privacy practices have long faced criticism. Concerns range from auto-enabling features that collect user data to bossware features such as location tracking and the volume of data they collect.

Strengths:

Part of Microsoft 365
Scales from small teams to large organizations
Seamless integration with Microsoft software

Keep in mind:

Auto-enabled features may collect user data
Includes location tracking capabilities
Significant data collection across Microsoft products

Connecteam

Best for: Deskless teams

Connecteam is designed for teams that don’t work in corporate environments, such as retail and healthcare. The app-based design combines chat, announcements, and employee directory in one place, making it seamless for cross-team communication. It includes operation-centric features such as scheduling, time tracking, and task management to make it easy to manage a distributed, deskless team.

Some features of Connecteam can raise privacy concerns for your team. The app collects extensive data, including location data, that is shared with employers and may also be used for targeted ads. However, Connecteam assures that it handles data in compliance with regulations such as GDPR and HIPAA. It is also ISO 27001 and SOC 2 certified.

Strengths:

Mobile-first design for field teams
Includes scheduling and time tracking
Bridges communication between corporate and frontline workers

Keep in mind:

Collects extensive data, including location data
Data shared with employers and potentially advertisers
May raise privacy concerns for your team

Haiilo

Best for: Employee engagement

Haiilo is an internal communication tool focused on employee engagement. It functions like a private social network for your organization. It is built to foster company culture and streamline communication, and allows your employees to share content on their personal social networks. As an internal communications tool, it is more specialized than the other options on the list.

Haiilo is geared towards large enterprises with large workforces. It may be more than you need for smaller organizations. The platform collects data on behalf of employers, who control how it is used. This means you are responsible for how employee data is handled, and employees may not have opt-out rights.

Strengths:

Designed specifically for employee engagement
Centralized hub for company updates
Encourages employee advocacy

Keep in mind:

Better suited for large enterprises
You control employee data
Employees may have limited opt-out rights depending on your setup

Proton Workspace

Proton Workspace Best for: Organizations that need a secure, compliant alternative to Google Workspace or Microsoft 365

Proton Workspace is a fully encrypted productivity suite that replaces the tools your team already uses — email, calendar, file storage, documents, spreadsheets, and video meetings — without the data exposure that comes with mainstream platforms. End-to-end encryption is built into every product, meaning your data is protected in transit, at rest, and from the platform itself.

For compliance-driven organizations, Proton Workspace offers a defensible answer to auditors: zero-knowledge architecture means no one — including Proton — can access your data. Swiss jurisdiction puts it beyond the reach of FISA court orders and the CLOUD Act. Workspace Premium includes Lumo, a privacy-first AI assistant that doesn’t use your data for model training.

Migration from Google Workspace, Outlook, or other providers is handled through Easy Switch, with no engineering resources required.

Strengths:

End-to-end encrypted across every product
Zero-knowledge architecture — your data is inaccessible even to Proton
Swiss jurisdiction, outside US legal reach
ISO 27001 and SOC 2 certified; GDPR and HIPAA compliant
Open-source code, independently audited
Lumo AI assistant included in Premium (data never used for training)

Keep in mind:

Fewer third-party integrations than Google Workspace or Microsoft 365
Lumo is available on Workspace Premium only
Teams migrating complex workflows may need adjustment time

Keep your business communications private

The right internal communication tool depends on how your team works, but privacy shouldn’t be a tradeoff. Look for team collaboration tools that offer end-to-end encryption by default.

Frequently asked questions

How do I choose the best internal communication tool for my business?

Consider your business’s needs, such as your team’s distribution and the type of communication they rely on most.

Next, evaluate how the choices integrate with your existing software, or if they’re part of a suite that is easy to migrate to.

Lastly, consider the platform’s security. Business communications are highly sensitive, and you should choose a tool with robust privacy protections.

Is internal communication software secure?

Not all of them are. Many platforms collect user data and use basic encryption that keeps the providers in control of your data.

Third-party integration (such as with AI assistants and note-takers) also creates additional security concerns as each app operates under its own privacy policy.

Security should be a priority when choosing business communication software. Choose tools like Proton Meet and Proton Mail that protect your data with end-to-end encryption by default, ensuring your communications and data are accessible only to intended recipients.

Can internal communication tools replace email?

Not entirely. Email itself is an internal communication tool. Other tools, such as instant messaging and video conferencing software, complement email communication, enabling quick collaboration and coordination among teams. However, email is still essential for external correspondence and formal communications.

Introducing Proton Drive CLI: Use Drive from your terminal

Michal Hořejšek — Tue, 09 Jun 2026 11:53:13 GMT

Last week, we finished launching the Proton Drive SDK, a shared engine designed to harmonize Proton Drive across all platforms and to bring you the features you need faster. Today, we’re taking the next step: Proton Drive CLI is here, available for Windows, macOS, and Linux.

The CLI brings the power of our cloud storage and end-to-end encryption to scripts, backups, and deployment pipelines without the hassle of writing code. It’s built on the same Proton Drive SDK that powers our official Proton Drive client applications, and is fully interoperable with them.

For our developer community: While we are developing our fully-featured Linux app, the CLI already allows you to script a lot of Proton Drive’s key features from your favorite scripting environments (or even schedule jobs with cron). The CLI is intended to complement the Proton Drive application. It’s not a full replacement — for example, only the applications include a full synchronization engine that runs in the background — but rather a way to achieve many goals from a lightweight scripting environment.

What is the CLI?

A command-line interface (CLI) is a program you run from a shell, such as Terminal, PowerShell, or SSH. You pass a command and arguments, it does the job, and exits. Like other Unix command-line tools, you can pipe and script the Proton Drive CLI together with other tools into larger workflows.

The Proton Drive CLI is a single binary you can drop into that world. It supports common Drive operations such as listing folders, uploading and downloading files, trash, sharing, or invitations. Results are displayed in plain, readable text by default — and if you’re building automation on top, you can switch to a machine-friendly format using the --json (or -j) parameter.

How does Proton Drive CLI help?

Until now, using Proton Drive as part of an automated workflow — alongside tools like deployment scripts, backup jobs, cron, or internal runbooks — meant either doing it manually (like opening the app or dragging files) or reverse-engineering Drive’s internals to write custom scripts that were brittle and hard to maintain. The CLI changes that by allowing you to run Proton Drive operations directly from the terminal. It can, for example, upload files after a build finishes, back up a folder on a schedule, invite a reviewer, or check what’s been shared.

This is especially useful when you need a specific action to happen at a specific time, rather than keeping folders continuously in sync, such as publishing files after a release, taking a snapshot of a shared folder before an audit, or revoking access when someone offboards. The CLI runs the operation, tells you if it worked, and exits.

It’s a natural fit for anyone who already works in the terminal and for teams who want their Drive workflows written down as repeatable commands rather than a series of clicks to remember.

Get started with Proton Drive CLI

At launch, the CLI covers the essentials: sign in and out, browse and manage files and folders (including trash), and handle sharing and invitations.

A few typical flows:

proton-drive auth login

# Upload files from local directory to folder in My files
proton-drive filesystem upload ./reports/* /my-files/Reports --conflict-strategy skip

# See who has access, then invite a colleague
proton-drive sharing status /my-files/Reports
proton-drive sharing invite --user example@pm.me --role editor --message "Please review reports" /my-files/Reports

# Download to a local backup directory
proton-drive filesystem download /my-files/Reports ./backups

For the full command set and flags, run proton-drive help or proton-drive <command> --help. For example, proton-drive filesystem upload --help.

Find out more about using the Proton Drive CLI.

What comes next

Upcoming additions to the Proton Drive CLI include support for:

Photos and albums
Files and folders shared using a secure, public link
Multi-account support for larger teams and managed service providers

Our long-term goal is to bring everything you can do in the Proton Drive app to the command line.

Download Proton Drive CLI

The fastest way to get started is to download the pre-built binaries for your platform:

Download Proton Drive CLI

On macOS and Linux, you’ll need to make the file executable after downloading (chmod +x proton-drive). Once that’s done, run proton-drive version to confirm the build.

Sign-in happens through your browser — no password on the command line. Your sessions are stored securely by your operating system (Windows Credential Manager, macOS Keychain, or libsecret on Linux).

Build from source

Prefer to build from source? The CLI is implemented in TypeScript, packaged with Bun, and available for download in the Drive SDK repository. After cloning it, you can install the dependencies and build the CLI from the main directory:

cd js/cli
bun install
bun run build
./release/proton-drive auth login
./release/proton-drive filesystem list /my-files

See the CLI README in the repository for more details.

Fair use and rate limits

Proton Drive CLI follows the same fair use policies as all Proton Drive clients. To stay within limits, only upload or download what has actually changed — don’t reupload the same files repeatedly or rewrite entire folders when only a few files are new. Accounts that generate unusually high traffic are temporarily throttled to protect the service for everyone.

Now in your terminal, with the same level of privacy

Proton Drive CLI is available today, and more features will soon follow. Everything you do through the terminal is protected by the same end-to-end encryption as the rest of Proton Drive. Download it, try it, and let us know what you build. And if you’re on Linux: a full-featured desktop client with sync is on its way.

What to look for in an AI assistant

Alanna Alexander — Mon, 08 Jun 2026 18:37:16 GMT

AI assistants have promised what most businesses lack: Efficiency without any additional cost.

They can summarize your emails, respond on your behalf, decide which messages need decisions, automate calendar events, extract information from your documents, and even organize them.

For a founder or executive at a small or medium-sized business, where needs outpace resources, it can feel like a wish granted just in time. All it asks of you is absolutely everything — access to your inbox, calendar, files, and even confidential business information.

As much as 69% of firms are already using AI assistants like ChatGPT, Claude, and Grammarly — but 30% are unsure or don’t trust AI companies to safeguard their proprietary business data.

The trade off isn’t obvious at first. But what SMBs get in efficiency, they pay for in security.

The price of efficiency

When you connect your Gmail, Google Drive, or calendar to a tool such as Perplexity’s Comet, you’re granting it OAuth permissions — often beyond ‘view’ access. Depending on the scopes requested, the tool may be able to download contacts, control your entire calendar, and even write emails on your behalf.

These permissions are technically disclosed during the authorization flow, but most users don’t fully evaluate what they mean in practice. Once granted, the tool can access and process sensitive company data at scale.

The same pattern applies to other AI assistance workflows. Indexing internal knowledge bases, summarizing proprietary documents, or contextualizing company data, they all expand your exposure.

When you don’t know what access you’ve granted, you can’t accurately assess the risk you’ve introduced.

How much AI assistants and browsers can see

You know AI browsers like Perplexity’s Comet or ChatGPT’s Atlas can read the page you’re on, summarize it, and rewrite text. But did you know it can act on your behalf?

Because the efficiency depends on deep integration, the assistant needs visibility into your browsing activity and may request access to connected accounts. In some cases, it can trigger actions rather than simply generate text.

This is the architecture of AI agents more broadly. They’re designed to act across connected systems. A single compromised or manipulated agent can move through your email, calendar, files, and credentials in sequence.

That’s a consequence of how these tools are built. It creates a surface that researchers are already finding ways to exploit.

Security researchers have already demonstrated how hidden instructions embedded in web content can manipulate these systems in unintended ways.

One recent exploit, “CometJacking,” demonstrated how instructions embedded in URLs could manipulate the AI into accessing personal or company data or executing harmful actions without the user’s knowledge.

Vendors respond quickly with patches and safeguards. In this case, Perplexity responded with a four-layer safeguarding approach. But the pattern highlights something more fundamental: These tools are designed to interpret and act.

Even Perplexity states in their Privacy Policy: “No security measures are impenetrable, and we cannot guarantee ‘perfect security’”. The question isn’t whether a tool is secure now. It’s whether you’re comfortable with how much access it requires.

Where the burden of privacy lies

AI vendors emphasize privacy controls and opt-outs. Perplexity’s Comet Assistant, for instance, assures users that “Comet Assistant puts you in control”.

But those controls assume something incorrectly: that users understand how their data is processed, actively configure the relevant settings, and monitor how policies evolve over time.

In practice, most don’t. According to Proton’s 2026 SMB Cybersecurity Report, 43% of SMBs say they can’t independently verify provider privacy, and 35% don’t understand how providers handle their data at all.

Some information may be excluded from model training. Other data may be retained to improve personalization. Policies can differ across features and change as products develop. Turning off certain functions may limit the very capabilities that make the tool attractive in the first place.

In that environment, privacy is no longer a static product promise. It becomes an ongoing operational responsibility.

The burden shifts to you, the user. You must decide what data can be shared, to monitor policy updates, to configure settings appropriately, and to reassess risk as the product evolves.

This page collects practical guides and explainers on AI privacy and security, so you know exactly what you’re working with.

Features of a private AI assistant or AI-powered browser

Your team should be able to use an AI assistant without concern that every interaction is being stored, profiled, or used to train the next version of the model.

No data logging. By default. Your team should be able to use an AI assistant or agent without concern that every interaction is being stored, profiled, or monetized. If a tool builds “memories” or “preferences,” you should ask: Who controls this data? Is it truly off by default, or is it buried in settings? And if I turn it off, what product capabilities do I lose?
No model training on your business information. Business documents, partners’ information, reports, or plans should never be used for AI model training. This is not only a fairness concern but also a security matter, as the data can resurface in incidents you cannot control.
Real transparency. Transparency builds trust, but only if it’s real. This means that you should be able to understand, at every step, how your data is handled and what principles guide the product. If you need to spend two hours parsing Terms & Conditions that contradict your actual experience with the tool, that’s not transparency. It’s just a tagline.
Zero-access encryption. With zero-access encryption, your data is protected by keys that only you control—not even the provider can read it. This removes the need to trust policies or promises because the architecture makes misuse technically impossible.

Most AI tools extract value from the businesses that use them. Your conversations, documents, and files feed model training, audience profiling, and in some cases government data requests — typically without meaningful disclosure or consent. Not Lumo.

Lumo is the AI assistant built for businesses that refuse afford to hand over their data for convenience. Zero-access encryption, no data logging, no model training on your business information.

Try Lumo for free

Why business data security is a growth issue, not just a tech problem

Alanna Alexander — Mon, 08 Jun 2026 12:27:32 GMT

No business owner wants their company to become the cautionary tale LinkedIn influencers post about.

But anyone with entrepreneurship experience will know that every part of your business demands attention in the first 100 days. Everything from product development, marketing, fundraising, to hiring is a fire to put out.

That’s why business data security becomes an afterthought, only getting attention when something goes so wrong you can’t ignore it.

That could be a breach that exposes sensitive client data, a ransomware attack that stops every area of operations, or a compliance failure that only comes to light during a pre-investment security audit.

Those events aren’t tech problems. They’re growth problems that affect whether customers trust you, whether deals close, and whether you can scale without rebuilding everything from scratch. And it all comes down to business data security.

What is business data security?

Business data security is how your company controls what data it holds, where it lives, who can access it, and what happens if something goes wrong.

In practice, that means choosing the right tools to store and share your business data, deciding policies to govern who has access to what, and setting defaults for how every team handles sensitive data.

Keep reading to learn why building security into the foundations of your business helps it grow faster.

Should business data security be a part of your growth infrastructure? Key factors to consider

The way you handle data early determines your ability to grow later.

It affects three concrete things — whether customers trust you, whether you can win and close enterprise deals, and whether you can scale without stopping to untangle early mistakes.

Trust

Security is now a selling point. Whether you’re selling to enterprises or consumers, trust is what wins and keeps customers.

Businesses want clear answers about how you handle data before they sign anything. That transparency builds confidence and assures potential clients their data will remain safe in your hands.

Consumers want to know their personal data isn’t being mishandled. A public breach tells them otherwise.

Compliance

SOC 2, GDPR, and HIPAA are often prerequisites for enterprise and government contracts. Those certifications determine who you can sell to and how quickly deals close.

When your security posture is documented and auditable, you spend less time answering due diligence questionnaires and more time closing.

Momentum

Early security shortcuts are just points of friction that you’ve deferred. When enterprise or government contracts ask about data access levels during due diligence, those shortcuts surface as a tangled web of unclear permissions that slow everything down at exactly the wrong moment.

The risk of patchwork security

Four in five small businesses have suffered a recent data breach, and a single incident can cost over $1 million.

These cybersecurity threats are common and expensive. Yet, many startups rely on default security settings from a patchwork of solutions.

A default browser password vault in place of a dedicated password manager, a free-tier cloud storage account cobbled together with a second when the first runs out of space, and a consumer messaging app the team already has on their phones. Each tool is technically in place, but none are configured to meet your business’s actual security needs.

That fragmentation has real consequences. You might see it in the onboarding/offboarding process, when access has to be granted or revoked manually across every tool, leaving dozens of former employee with an active login to your cloud storage.

Patchwork security also means no one has a complete picture of who has access to what. Gaps don’t announce themselves. They hide in the spaces between tools until something goes wrong.

Establishing secure defaults reveal security gaps. When there’s a standard for how data is stored, shared, and accessed, anything outside that standard stands out, like unusual access requests or unexpected 2FA requests. Without defaults, nothing looks unusual, so security gaps hide in plain sight.

Where do you start with business data security?

It’s impossible to solve every security problem on day one. Instead, build a strong foundation that covers how data moves, where it lives, and who can access it.

Secure your business email

Businesses live on email, so make sure you choose an encrypted email solution. End-to-end encryption protects your emails from unauthorized access, rendering their content unreadable to snoops. This is important protection, as unsecured email leaves sensitive communication exposed.

Store data in encrypted cloud storage

Your intellectual property, customer data, and financial documents all need secure storage. Choose encrypted cloud storage with built-in granular access controls to ensure only the right people can access sensitive data.

Control identity and access

Ensure that every team member has individual credentials, not shared accounts, and that they use a password manager. This way, you can control access levels to match their roles, so you don’t have to default to admin permissions for everyone. Equally important, ensure access is completely revoked when an employee leaves.

Make business data security your growth advantage

Proton for Business is the simple way to build a strong security foundation for your business.

With encrypted email, cloud storage, VPN, and a password manager in one secure, compliance-ready suite. It’s how over 50,000 businesses have built their security baseline without adding complexity. Get started for free.

Does sharenting put kids at risk?

Kate Menzies — Fri, 05 Jun 2026 15:42:07 GMT

Children face all kinds of threats online, from harassment or blackmail on social media to education tools that surveil them. These harms are caused by bullies, criminals, and Big Tech companies, but one of the biggest threats comes from the unlikeliest source: their parents.

“Sharenting” describes the intersection of our digital and family lives. It’s natural to want to celebrate your children and share updates about them, but once you share a photo, you lose control of who can access it and what they can do with it — especially if you share it on social media.

The potential ramifications of sharenting have grown increasingly dire thanks to advancements in AI and photo generation. Previously, the worst outcomes of sharenting could be strangers seeing your photos or Big Tech using them to target you with ads. But today the risks are much higher: It only takes a few images to create believable deepfakes that could be used for identity theft or worse.

What is sharenting?

Sharenting is a portmanteau of “sharing” and “parenting”. It refers to sharing pictures or videos of your child or other personal information online. When you post a photo or share an update on social media, you’re doing it because you’re proud of them and you want to involve your friends and family in your life. But you’re building a digital footprint for your child before they can consent, which can have real consequences. Sharenting could look like:

Posting pictures of your child and other children at a school event on your Instagram or Snapchat.
Sharing a picture of your child on your personal website or blog.
Writing a blog post about your child’s important milestones, such as moving schools, joining a new club, or becoming a teenager.

These are good intentions, but sharing online comes with inherent risks. When you make these decisions for yourself, you take on the risk. But when you share your children’s data, whether it’s their face or personal stories, you’re making decisions for them that they might not have chosen for themselves and can lead to serious consequences. To understand how sharenting can affect children, we need to understand the risks it poses.

Threats to children online are increasing

Unfortunately, the internet is becoming more hostile to children as unregulated services give bad actors access to powerful AI tools. X’s chatbot Grok has come under fire for allowing users to generate pornographic deepfake images of women and children. A paywall was put in place after image generation spiked, suggesting that X was more interested in monetizing the problem than fixing it.

Backlash surged globally: Malaysia and Indonesia temporarily blocked access to the platform. In the UK, the privacy watchdog Ofcom opened an inquiry into X over the deepfakes. The cybercrime unit in Paris raided X’s French office, summoning Elon Musk for questioning.

Since this backlash began, a class action lawsuit has been launched by four anonymous women against X who allegedly had deepfake nudes generated of them using Grok. xAI has insisted that the plaintiffs be stripped of their anonymity as there is a “public interest in their identities”, despite the very real risks of doxing and harassment. Instead of being protected, the victims of these deepfakes are put on trial.

What can we do about these hostile platforms? Removing children’s access to social media is being touted as a popular solution for combating online exploitation. Australia has already banned children under the age of 16 from accessing social media apps, and the UK is looking to do the same. This may feel like a solution that protects children, but ultimately children are incredibly adept when it comes to illicitly gaining access to websites and apps. It also doesn’t prevent bad actors from seeking out contact with children.

Now that it’s so easy to misuse pictures and personal data, are we taking the risks of sharenting seriously enough?

What are the risks of sharenting?

You can’t control where pictures and information end up after you post them on social media, a blog, or a website. Once you put the data on a third-party platform, a number of bad things can happen:

Data brokers and Big Tech surveillance

The classic risk of online sharing is that anyone can find your data. This is bad enough for adults; it’s worse for children. Because they’re still learning how to make the kind of complex judgments that adults can about technology, children are vulnerable to online exploitation. Making accounts online to talk to their friends or research their interests are innocent actions that can lead to data leaks and targeted ads that follow children around the internet. This can even apply to the ed tech they’re encouraged to use at school.

Things as commonplace as privacy policies and cookies aren’t things that children intuitively understand. They may click ‘agree’ or ‘share’ without understanding the consequences. Just one click can grant hundreds of third parties legitimate interest in their online activity and their data.

Child identity theft

Child identity theft has risen as well-meaning parents, relatives, and friends share information about children online. Even details that feel insignificant can be used over time to build a profile of a child and create accounts in their names, phish for further information, or cyberbully them.

A stranger operating a social media account in your child’s name can be disturbing, but there are more insidious risks when it comes to personal data. If your child’s home address or SSN is compromised, criminals could apply for loans, open bank accounts, and even max out credit cards in their name. Giving your child a good start in life means protecting their personal data until they’re old enough to protect it themselves. As a parent, this means protecting their face, name, address, school, medical information, and any other personal information.

Cyberattacks

Just like adults, children can be targeted by phishing scams, affected by data breaches, and vulnerable to social engineering without the right education. Taking the time to explain what personal data is and who you should share it with is essential when children begin to use the internet.

Deepfakes and CSAM

It only takes a few shared birthday photos to create convincing deepfakes. Deepfakes are manipulated images and videos in which a person’s likeness is used to make it look like they’re saying or doing things that never happened. Once created, deepfakes can be circulated on the internet without your or your child’s consent.The risks of deepfakes range from spreading misinformation to cyberbullying to creating sexually explicit content.

The Internet Watch Foundation has released several reports identifying the rise of AI-generated child sexual abuse material. Creating this material is possible using image generation tools as well as “nudify” apps. These apps take existing pictures of adults or children and use them to digitally create nude images. The legality of nudify apps is questionable, as many countries have intimate abuse image laws in place, but they remain largely accessible online. Many countries and companies are beginning to combat them, with Australia aiming to ban them entirely, and Meta filing a lawsuit against the entity behind a popular nudify app.

As AI models and generative AI tools become more powerful, it’s going to become easier to create even more convincing images and videos of children. According to research from McAfee, 19% of targeted children have faced deepfake and nudify app misuse, with 38% of girls aged 13-15 affected.

Sextortion and blackmail

A knock-on effect of the easy creation of deepfake nudes is the potential for sextortion. As the initial deepfakes have already been generated, children may be scared that their parents will punish the. Children can be blackmailed or extorted using deepfakes, and exploited to engage in further acts or conversations.

It isn’t just children who can be targeted. The Internet Watch Foundation has warned that cybercriminals are contacting schools with deepfaked CSAM of pupils, demanding money to prevent them from being leaked. Schools in the UK have been recommended to blur the faces of pupils wherever possible for safeguarding purposes.

Cyberbullying

Bullying is a phenomena that has evolved significantly as technology has advanced. As children begin to learn about social and physical power, shaped by the people and media around them, they may use technology to target other children. Deepfakes can be used as a form of online harassment amongst students: This particularly affects young girls, but all young children can be targeted and a sense of stigma may prevent them from telling an adult.

Not only can this cause significant distress to young children, it can impact their future lives negatively. If those deepfakes are uploaded to the internet, they may remain attached to that person’s digital identity indefinitely. Nudify apps effectively endorse this behavior, making it seem like a fun trick or a prank for children to play on each other.

How to have a conversation about sharenting

You are the best advocate for your child’s safety, and you are best placed to give your child a healthy relationship with the internet and online sharing. By talking with your children and your friends and/or family, you can help ensure your child avoids having their identity stolen or abused.

Older children can also be their own advocates. They should talk to their parents if they think too much of their information is being shared.

With your kids

The easiest way to respect your children’s wishes is to simply ask them what they’re comfortable with. Until your children are old enough to consent, it’s best to only share photos using encrypted communications services or encrypted drives.

Letting your children know they have agency and autonomy helps them create healthy boundaries in both real life and online. It lets them decide what they’re comfortable letting other people knowing about them — the foundation of privacy. Given that you’ll likely be the one to introduce your child to the internet, it’s up to you to show them exactly how much control they have and what the potential risks are.

The National Crime Agency’s CEOP Education website has activity worksheets aimed to help you start conversations about topics including sharing photos, social media, live streaming, and cybersecurity. The topics they recommend discussing with your children about sharing photos are:

What does your child share online, and what is OK and isn’t OK to share
Who your child shares with, and whether their online accounts public or private
Understanding privacy settings and exploring the privacy settings for their favorite apps together
Helping them understand that if they regret sharing an image, they can get help removing it from services such as Report Remove in the UK or Take It Down (which is available globally). They can also request that the image be removed from platforms such as Google, Facebook, Instagram, or Snapchat.

To help your children learn, you can also play a digital interactive story about online sharing with your child, where you’ll read scenarios and decide which actions the character should take together. When it comes to educating your children as they create their own online accounts, Internet Matters provides extensive parental controls and privacy settings guides for social media accounts. Proton’s YouTube, Tiktok and Instagram channels also post short educational videos about internet privacy, news stories, and more.

With friends and family

Having a conversation about sharing images or information about your children can be complicated. Not all parents feel the same way about their children’s digital lives, and they may be unaware of the risks. If you’ve decided you’d like to ask a friend or a family member not to share information about your child online, you can send a request via text message or email, or you could have a one-on-one conversation with them. Consider using one of the following points as a jumping-off point for your own conversations:

We’ve decided not to upload any pictures showing our child’s face to protect their privacy. We’ll be using emojis to obscure their face until they’re old enough to decide if they’d like to show their face on social media, and we’re asking our friends and family to do the same.
Our child has requested that we ask them before anyone posts a picture of them online. We will be respecting their boundaries and ask that you do the same in the future.
We’re concerned about some of the risks of posting information about our child online, and we think it would be helpful to have a conversation about it so that you can make that decision for your child too.

With your parents

If you’re a child and you’re upset by what your parents post about you online, you have a right to ask them to stop. Whether it’s a picture you don’t like or information you’d prefer remain private, your face and your identity belong solely to you. Your parents are your caretakers, and they may think they’re making harmless decisions.

This is a very common experience for children in today’s online world. Apple Martin, 14-year-old daughter of Gwyneth Paltrow, criticized her mother for not respecting her boundaries after Paltrow posted a photo of them skiing together on her Instagram. Martin replied on the post, “Mom we have discussed this. You may not post anything without my consent.” Any child should have the right to decide how and if they appear on the internet. The UN Convention on the Rights of the Child even specifies children’s right to express themselves, with their views “being given due weight in accordance with the age and maturity of the child”.

If you don’t like the way your parents are sharing information about or pictures of you, you can explain this to them using some of the following points:

I’m worried about the digital footprint you’re creating for me. When I’m an adult, the things you post about me will follow me, and I want to have a choice about what the internet knows about me.
I don’t like that you share information about me without asking me first. Can we have a conversation about what is and isn’t OK to tell people about me?
I find the things you share about me embarrassing, and you need to respect my privacy. My life belongs to me, and I want to decide who knows what about me.

How to share responsibly

Fortunately, there are steps you can take to keep friends and family members updated about your family without putting your kids’ privacy at risk. Here’s a quick recap of how you can protect your child’s privacy and share updates with friends and family.

Ask first. If your child can consent, let them.
Limit public sharing. Use encrypted services over public platforms.
Talk to your circle. Set boundaries with friends and family about what’s OK to post.
Identify the risks. Explain that theft and deepfake exploitation are real threats.
Educate early. Teach kids what personal data is — and how to protect it.

Share safely

Instead of relying on social media to share updates about your children, consider moving to an encrypted drive shared with friends and family whom you trust. You can talk with your children about what you share, and effectively create a secure, digital photo album that your child is happy to be a part of. That way, when it comes time for your child to become an online citizen, they’re starting with the privacy and the education they need to make the most of their digital world. Proton Drive can help you create that secure place for your precious memories without compromising your child’s online safety or their future digital footprint.

As Stacey B. Steinberg, a prominent online voice about the legal and ethical concerns surrounding sharenting, puts it in her article: “By approaching a child’s right to online privacy in a child-centered manner, future generations will be able to enter adulthood unburdened by others’ decisions and free to define themselves on their own terms.” Privacy is for everyone, and that must include children.

This week tells you everything about Europe’s digital sovereignty transition

Ben Wolford — Fri, 05 Jun 2026 14:48:01 GMT

Two decisions from the EU this week illustrate the state of digital sovereignty in Europe.

Facing existential threats from the US and a crippling reliance on foreign tech providers, the European Commission announced an ambitious legislative package on tech sovereignty. The commission wants the EU to compete alongside the US and China on chips, data centers, and AI, building local resilience and infusing the latest IT revolution with European values like data protection. The plan is expected to mobilize hundreds of billions of euros for local industry.

The next day, European Parliament took its own step. They updated the default search engine on their browsers, from Google to Qwant, a privacy-first provider in France.

The gap between the European government’s bold ambitions, through a serious legislative intervention, and its own baby-step implementation within one of its branches shows how difficult this kind of transition can be. They will have to migrate massive amounts of data and retool thousands of employees and departments. And they will need to encourage European businesses to do the same. (European tech companies often simplify migration, with tools like Proton’s Easy Switch.)

By switching to Qwant, the EU is leading by example. Small adjustments can have a large impact — in this case, lawmakers will no longer feed all their search queries into Google’s surveillance machine.

But they will need to go much, much further.

Europe’s dependence on US tech is bigger than search

The EU’s reliance on Big Tech could become an existential threat. Proton research shows businesses in Europe have a crippling dependence on US-based tech, including cloud infrastructure, communications, productivity software, and AI.

EU-US relations are under more strain than they’ve been in decades. New tariffs, NATO escalations, and open threats of retaliation from Washington have been pulling apart once-close allies. Digital infrastructure sits squarely in the middle of that tension.

More than two-thirds of businesses in Spain, France, and the UK run on US tech. The top three cloud providers — AWS, Microsoft Azure, and Google Cloud — are all American and together command an estimated 85% of the European cloud market. The Commission’s own tech sovereignty package puts a number on it: Over 80% of the EU’s key digital products, services, infrastructure, and intellectual property comes from outside the bloc. US leadership knows how to leverage that structural vulnerability.

European leaders are taking note. Belgium’s director of the Centre for Cybersecurity, Miguel De Bruycker, has stated that “Europe has lost the internet” — the continent’s digital infrastructure is so deeply embedded with American platforms that keeping data fully within European borders is, right now, effectively impossible. Finnish MEP Aura Salla put it more starkly: “The US could turn us off in an hour.” France has already announced it will roll out LaSuite, a sovereign digital ecosystem, to replace Zoom and Microsoft Teams across all government departments by 2027.

Consumers feel the reality of this dependence too. More than 8 out of 10 people in the UK, Germany, and France believe their countries have become too reliant on US tech companies, according to a survey of 3,000 people across the three countries. Following Trump’s threats to annex Greenland, signups for privacy-first services from Proton alone surged nearly 80% across Nordic countries — with Denmark alone exceeding 100% growth. The appetite for alternatives is real, and it’s accelerating.

What’s at stake for European businesses

When the US imposed sanctions on the International Criminal Court, the chief prosecutor lost access to his Microsoft inbox overnight and had to migrate to alternative services just to keep working. Other ICC officials similarly lost access to PayPal and Apple services and had US-based assets frozen without warning. US tech companies apparently felt compelled to comply immediately with executive orders against perceived adversaries in Europe.

The question is: Will it stop there?

If you’re a business leader, geopolitical instability is now an operational risk that leaves your email, your files, your communications, and your cloud infrastructure exposed. If they’re running on US platforms, they’re subject to US law, US political decisions, and US corporate obligations to the US government.

Beyond geopolitics, the structural risks are compounding. Because so much of the world’s infrastructure runs on a handful of US platforms, those platforms have become single points of failure.

AWS, Microsoft Azure, and Google Cloud together serve the vast majority of Europe’s cloud market — which means a single outage or configuration error doesn’t just affect one company. It takes down entire ecosystems of businesses at once. This has happened repeatedly: A major AWS outage in late 2025 crashed apps across industries; nine days later, an Azure outage knocked out Outlook, Teams, and dozens of enterprise services for eight hours straight.

Then there’s the problem of your data being exposed. The US demands more data from Big Tech than any other country in the world — more than Germany, France, and the UK. The number of accounts shared by Google, Apple, and Meta with US authorities has increased by over 500% since 2014.

Under the CLOUD Act, US authorities can demand your business data even if you’re based in Europe, potentially putting you in direct conflict with GDPR. In April 2026, the EU fined Google, Meta, and other US tech companies a combined €6 billion for a range of violations. The US government’s response was not to encourage compliance — it was to threaten retaliation.

For European businesses that can’t absorb GDPR fines or afford service disruptions, dependence on US tech is a live compliance risk, a geopolitical exposure, and a structural vulnerability all at once.

How to start de-coupling from Big Tech

To varying degrees, the European Commission’s tech sovereignty package and parliament’s move to Qwant are signs that Europe’s institutions are waking up and trying to act. For businesses, there’s no reason to wait — you can take action to get ahead of the risks right now.

Steps you can take are simple and practical. And most US services have a market-ready European alternative. Here’s where to start:

Audit your stack. List every third-party tool your business uses and flag which are US-headquartered.
Identify your critical dependencies. Which tools, if suddenly unavailable, would stop your business from operating? (This should already be part of business continuity planning.)
Check your data exposure. Understand where your business data is stored, who can access it, and under what legal jurisdiction.
Research European alternatives. For each critical tool, find out whether a privacy-first, non-US equivalent exists and start testing it.
Start migrating where it matters most. You don’t need to replace everything at once — prioritize the tools that carry the highest risk and move.

Europe hasn’t lost the internet. But it might if the only thing that changes are search defaults.

Proton Drive uploads are up to 4x faster with our new cryptographic update

Jonathan Villemaire-Krajden — Thu, 04 Jun 2026 11:53:30 GMT

End-to-end encryption is at the core of Proton Drive. It’s what keeps your files private, so only you and the people you choose can access them — not even us. Because every file operation is protected this way in our cloud storage apps, cryptographic performance has a direct impact on how fast uploads and downloads feel.

After our previous SDK performance improvements across uploads and downloads, this latest update builds on that work by making Proton Drive’s core encryption layer even more efficient.

Proton Drive uses the OpenPGP standard to encrypt file contents, and we’ve now adopted a cryptographic advance introduced in an update to the standard. A big part of building the SDK throughout this year has been moving Drive’s file operations onto a shared foundation, making the apps faster and smoother across all platforms. The result is an up to 4x boost in performance for file uploads. It also lays the groundwork for the next generation of Drive features.

Performance impact

Encryption has a major impact on how smooth the app feels during everyday use, so cutting that cost by up to 4x makes file uploads feel much faster, especially on the devices where performance matters most:

On mobile, our benchmarks show encryption of a 4MB file that used to take 97ms now takes 32ms.
On more powerful processors, the same operation that used to take 12ms now takes 3ms.

Encrypting an HD movie or 1,000 high-resolution photos used to take your phone about a minute and a half, or a fast desktop around 12 seconds. With this update, the same work finishes in about 30 seconds on mobile and around 3 seconds on a desktop.

How Proton Drive become faster

The structure that Proton Drive uses is a file node, which can have many revisions, each representing a version of the file. The contents are then chunked into blocks. The node contains cryptographic material which is used to encrypt the blocks. This cryptographic material on the file node consists of the node key (a locked PGP secret key) and a content key packet (a PKESK encrypted with the node key).

The PGP messages that Proton Drive uses for file contents consist of two packets:

A public key encrypted session key (PKESK): This is the node’s content key packet, shared for all blocks.
A symmetrically encrypted integrity protected data packet (SEIPD): This is the encrypted block contents.

The new encryption scheme

Before this cryptography update, uploaded files used a v3 PKESK and a v1 SEIPD. Now, the encryption algorithm requires a v6 PKESK and a v2 SEIPD. The symmetric encryption used for content is AES-GCM, which makes full use of hardware encryption on most modern devices.

Because the session key is shared between revisions when files are updated, all revisions on a file must match the encryption scheme used by the first one. This means clients must be updated to take the PKESK version into account when making a change to a file and uploading a new revision. Clients built on the Proton Drive SDK will handle this automatically, as the information is carried in the session key. The key is generated here and used when encrypting the blocks.

To avoid issues with decryption later, revisions submitted with the wrong version will be rejected. This means that clients which don’t support the feature will not be able to update files uploaded after this change comes into effect. Make sure to update your Proton Drive clients to get all the performance benefits.

What’s next

This is an big step in evolving Proton Drive’s shared core model toward more performant, more capable cloud storage protected by end-to-end encryption. The SDK gives every Drive client a shared cryptographic core, making changes of this scope possible — and helping us move faster on what comes next. Stay tuned for more improvements this year.

Thank you for your continued support,

The Proton Drive engineering team