What about the data-mining and selling infrastructure of NordVPN, known as Tesonet? Are those intact? Also interesting to know how their legal departments are doing, such as the Panamanian shell and the Lithuanian headquarters.
Thanks for sharing these. I was familiar with the Protonmail business but did not know this all connected to a bigger picture. I never trusted NordVPN... they spent way too much money on advertising and snake oil advertising at that, focusing on meaningless numbers and distractions.
Hopefully you don't have similar news to share about Mullvad...
In no world is it excusable to have your ostensible competitor sign your binaries or certificates. They can make all the excuses they want, but it doesn't dissolve their incompetence, and shows they are unfit for running such a user-critical business.
No third party signed their certificates. Just a contracted employee who worked for Tesonet typed in his company name instead of ProtonVPN. That's just the Android keystore, nothing else. Google supports keystore rotation only starting with Android 9.
There's a couple ways to look at this.
On one hand, there's an anonymous website and hundreds of Twitter bots pushing a story that is demonstratively false (just check public records).
Then, on the other hand, you have Mozilla and the EU (which has access to all European corporate records) vouching for Proton (since they partially fund Proton). We also operate in a highly transparent way, so all information debunking this is actually in public record, details here: https://protonvpn.com/blog/is-protonvpn-trustworthy/
Proton definitely has an office and subsidiary in Vilnius, it's not a secret because it's on Instagram: https://www.instagram.com/p/BxMz62oHb6K/ The office is inside a 30 storey building, so it is not surprising the address is shared with quite a few other companies. But that doesn't mean Proton on a whole is based in Vilnius.
The people spreading the false information are also falsely implying that Proton's subsidiary controls the Swiss parent company, which is never the case as it's always the other way around (parent controls the subsidiary). And its super easy to disprove because unlike most companies in the VPN space, the directors of Proton's Swiss parent company are in public record, and are all well known people who have been in the public eye for years (e.g. at TED: https://www.ted.com/talks/andy_yen_think_your_email_s_privat...)
Can you explain how Mozilla entering into a partnership is the same as vouching? Did they do any particular vetting or analysis, or was this just a marketing partnership?
Hopefully you don't have similar news to share about Mullvad...