The mail service that handed over data of a customer to a foreign government and changed the privacy statement on their site is based there too IIRC. The name eludes me know, surely several readers can provide it.
> The mail service that handed over data of a customer to a foreign government
First, ProtonMail can only hand over meta-data, because data is encrypted.
Second, "ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities."
> and changed the privacy statement on their site
The privacy policy was not misleading if you read it carefully. It was not "changed" as in removing a lie from the statement. At best, it was clarified to ensure *everyone* would correctly understand it in the future. It is accessible at https://protonmail.com/privacy-policy
What may have been misleading was the marketing message on the homepage. If you pondered each word of the one-sentence marketing message, you could have guessed that the expression "by default" was there for a purpose. Companies do not add useless words for marketing, they do it to avoid false advertisement. However, this is not the same thing as the privacy policy. And ProtonMail stated that they would fix that: "we will be making updates to our website to better clarify ProtonMail’s obligations in cases of criminal prosecution".
Not a fiasco as they're required by law to keep IP logs. You can disable the logging of IP sessions in the PM dashboard, but you can't guarantee that PM will not keep logs, since their servers are all Public Internet Facing. The only way Protonmail is 100% zero knowledge is to be a 100% a dark-net/Tor service, which immediately turns off 99% of their users.
If you misled your users into thinking that this isn't something you would do, but as soon as shit hits the fan and the PR makes it impossible to keep the ruse going. It's a total fiasco to that business' marketing department.