bug-bounty520
xss287
rce157
google122
bragging-post119
exploit109
account-takeover107
open-source92
microsoft89
privilege-escalation87
csrf86
facebook84
authentication-bypass83
cve78
stored-xss75
malware68
access-control66
ai-agents64
writeup64
reflected-xss63
web-security63
ssrf54
input-validation52
phishing50
smart-contract49
defi48
sql-injection47
cross-site-scripting47
ethereum46
tool46
privacy45
information-disclosure44
apple42
api-security40
cloudflare39
lfi39
reverse-engineering39
dos38
web-application37
vulnerability-disclosure37
llm37
browser37
oauth36
burp-suite36
opinion36
idor34
automation34
web334
smart-contract-vulnerability33
race-condition33
0
5/10
A critical audit of Proton AG's infrastructure revealing that despite marketing as 'Swiss privacy,' user traffic is routed through US-controlled Cloudflare CDN nodes (AS13335) placing it under CLOUD Act/Patriot Act jurisdiction, while their Terms of Service embed US Federal Arbitration Act clauses—contradicting claims of Swiss legal protection and demonstrating a disconnect between marketing claims and actual operational security.
privacy-marketing
jurisdictional-analysis
cdn-routing
cloudflare
legal-analysis
terms-of-service
data-sovereignty
metadata-exposure
us-cloud-act
patriot-act
faa
swiss-law
network-infrastructure
threat-model
compliance-orders
Proton AG
Proton Mail
Cloudflare
AS13335
CLOUD Act
Patriot Act
Federal Arbitration Act
Swiss BÜPF
Europol
Paris Court of Cassation
Apple
CERN