In a ruling that has startled privacy advocates worldwide, the Karnataka High Court ordered the Indian government to block the encrypted email service Proton Mail across India. The decision, handed down on April 29, 2025, stems from a harassment case involving deepfake imagery and anonymous emails — but its implications extend far beyond the original complaint.
What Sparked the Ban?
The case began when M. Moser Design Associates, a multinational architecture firm, filed a complaint about obscene, AI-generated emails targeting its employees. These emails were reportedly sent to clients and vendors as well, seriously damaging reputations and raising serious questions of online harassment.
When authorities traced the messages back to Proton Mail, they were met with a roadblock. Proton, headquartered in Switzerland, refused to provide the sender’s identity — citing Swiss privacy laws and the absence of a formal mutual legal assistance treaty (MLAT) request from India.
Rather than pursue international legal channels, the court issued a dramatic order: block the service entirely under Section 69A of India’s Information Technology Act.
A Troubling Precedent
Digital rights groups were quick to sound the alarm. Blocking a secure communication platform over non-compliance — without exhausting legal procedures — sets a troubling precedent. Critics argue the court’s order effectively penalizes encryption itself, portraying it as an obstacle to justice rather than a foundational pillar of online safety.
This approach could lead to a chilling effect, where platforms committed to privacy-by-design find themselves excluded from entire national markets. And it raises a fundamental question: Should the global internet conform to the weakest privacy laws, or uphold strong standards even when it creates friction?
Proton Pushes Back
Proton AG has appealed the decision, challenging both the legal basis of the order and the way it was served — the company claims it never received proper summons in accordance with Indian law. As of July 2025, a two-judge bench has begun hearing the appeal.
The company has maintained that it complies with Swiss legal orders, but cannot simply hand over user data to foreign governments on request. In the meantime, Indian users have turned to workarounds such as VPNs and the Tor network to maintain access — further underlining how efforts to block privacy tools often prove technically ineffective.
Encryption Isn’t the Enemy
This case is part of a wider global tension between governments demanding access and tech platforms refusing to weaken their safeguards. From Apple’s fight over end-to-end encryption to Telegram’s periodic stand-offs with regulators, the same pattern emerges: platforms built around privacy are increasingly treated as adversaries by authorities.
But encryption isn’t a luxury feature — it’s a necessity. Whistleblowers, activists, journalists, and millions of everyday people rely on it to communicate safely. When a court orders a privacy service blocked for following its legal obligations in another jurisdiction, it threatens the viability of global digital security.
Privacy Is a Stack, Not a Setting
The Proton Mail case also reminds us that protecting privacy isn’t about one app — it’s about an ecosystem. Encrypted email is only one layer. The websites you visit, the searches you perform, the metadata your apps leak — these are all vulnerable points in your digital life.
That’s why privacy-conscious users are also rethinking how they browse the web. Mainstream browsers, often entangled with surveillance capitalism, quietly siphon user data in the background. In contrast, privacy-focused browsers are built from the ground up to minimize tracking and data exposure. On Android, for example, Incognito Browser is gaining a following among users who want a lightweight, ad-free, log-free browsing experience that doesn’t compromise on usability.
It’s a reminder that privacy isn’t a switch you flip — it’s a set of intentional choices.
What Comes Next?
As the appeal winds through the court system, the outcome could shape how India — and possibly other democracies — deal with encrypted services. Will governments engage with privacy-respecting platforms through proper legal channels? Or will they continue to bypass international cooperation in favor of blunt-force bans?
Whatever happens next, one thing is clear: when secure tools are treated as threats, it’s not just bad actors who suffer — it’s everyone who relies on the promise of a private, safe, and open internet.
