bug-bounty517
xss286
rce150
bragging-post119
google112
exploit106
account-takeover106
open-source92
csrf85
privilege-escalation84
microsoft83
authentication-bypass83
facebook79
stored-xss75
cve71
access-control66
ai-agents64
reflected-xss63
web-security63
writeup63
malware61
ssrf53
input-validation52
smart-contract49
defi48
phishing48
cross-site-scripting47
sql-injection47
ethereum46
tool46
privacy45
information-disclosure44
api-security40
cloudflare39
apple39
lfi37
vulnerability-disclosure37
dos37
llm37
web-application37
burp-suite36
browser36
reverse-engineering36
opinion36
automation34
oauth34
web333
html-injection33
smart-contract-vulnerability33
responsible-disclosure33
0
5/10
A critical audit of Proton AG's infrastructure revealing that despite marketing as 'Swiss privacy,' user traffic is routed through US-controlled Cloudflare CDN nodes (AS13335) placing it under CLOUD Act/Patriot Act jurisdiction, while their Terms of Service embed US Federal Arbitration Act clauses—contradicting claims of Swiss legal protection and demonstrating a disconnect between marketing claims and actual operational security.
privacy-marketing
jurisdictional-analysis
cdn-routing
cloudflare
legal-analysis
terms-of-service
data-sovereignty
metadata-exposure
us-cloud-act
patriot-act
faa
swiss-law
network-infrastructure
threat-model
compliance-orders
Proton AG
Proton Mail
Cloudflare
AS13335
CLOUD Act
Patriot Act
Federal Arbitration Act
Swiss BÜPF
Europol
Paris Court of Cassation
Apple
CERN