As a ProtonMail client I’d like to see that myth busted too.

There's a couple ways to look at this. On one hand, there's an anonymous website and hundreds of Twitter bots pushing a story that is demonstratively false (just check public records).

Then, on the other hand, you have Mozilla and the EU (which has access to all European corporate records) vouching for Proton (since they partially fund Proton). We also operate in a highly transparent way, so all information debunking this is actually in public record, details here: https://protonvpn.com/blog/is-protonvpn-trustworthy/

Proton definitely has an office and subsidiary in Vilnius, it's not a secret because it's on Instagram: https://www.instagram.com/p/BxMz62oHb6K/ The office is inside a 30 storey building, so it is not surprising the address is shared with quite a few other companies. But that doesn't mean Proton on a whole is based in Vilnius.

The people spreading the false information are also falsely implying that Proton's subsidiary controls the Swiss parent company, which is never the case as it's always the other way around (parent controls the subsidiary). And its super easy to disprove because unlike most companies in the VPN space, the directors of Proton's Swiss parent company are in public record, and are all well known people who have been in the public eye for years (e.g. at TED: https://www.ted.com/talks/andy_yen_think_your_email_s_privat...)

Can you explain how Mozilla entering into a partnership is the same as vouching? Did they do any particular vetting or analysis, or was this just a marketing partnership?

You can read about what Mozilla did on their blog post about this: https://blog.mozilla.org/futurereleases/2018/10/22/testing-n...

Quoting from the blog post: "We therefore set out to conduct a thorough evaluation of a long list of market-leading VPN services. Our team looked closely at a wide variety of factors, ranging from the design and implementation of each VPN service and its accompanying software, to the security of the vendor’s own network and internal systems. We examined each vendors’ privacy and data retention policies to ensure they logged as little user data as possible. And we considered numerous other factors, including local privacy laws, company track record, transparency, and quality of support."

It was quite intensive, with on site visits to our office in Geneva and discussions with Mozilla technical leadership.

Thanks, that's what I was looking for!