Proton Meet Isn't What They Told You It Was

Proton Meet, marketed as a CLOUD Act-free alternative to Zoom and Google Meet, is built entirely on LiveKit Cloud — a California-incorporated company subject to the very CLOUD Act Proton claims to protect users from. Network analysis during live calls confirmed connections to Oracle Cloud (Phoenix, AZ) and Amazon EC2 (Oregon). LiveKit's sub-processors are all US companies (DigitalOcean, Google, Oracle, Cockroach Labs, Datadog), and LiveKit acts as an independent data controller for call detail records, IP addresses, and telemetry — all stored in the US regardless of region configuration. Proton's business page claims 'not even government agencies' can access calls, while LiveKit's own privacy policy states they cooperate with law enforcement. LiveKit is omitted from Proton's main privacy policy entirely. Additional findings include a 90-day tracking cookie set before login, Google MediaPipe model fetches on background blur, and hardcoded Google/Outlook calendar integrations. While Proton's MLS encryption layer is technically real and runs on Swiss infrastructure, the call routing layer sits on American infrastructure explicitly subject to US legal process.