To be fair, Proton’s hands were tied.

No, not really. I know you mean it as a metaphor, but i think it’s important to point out in some countries as a sysadmin you could literally have your hands tied and cops beating the shit out of you. Avoiding this is a privilege european sysadmins have and can use.

It was either give up the customer data for a few customers or their business would have to be shut down for all the users

That’s definitely not so clear cut. Usually and to my knowledge the worst you can get for failing to keep logs (data retention laws) is a fine, which for a business like Proton is not really a problem as we’re not talking about a small hosting non-profit, and i’m sure people would be happy to take part in a crowdfunding for that.

And they could have just gotten away with it. As you can learn from other hosting collectives like njalla (or weirder “offshore hosting” companies) not answering to the cops is always an option, or even answering that you don’t have the information they requested.

If they used the Proton VPN in conjunction with Proton Mail they would have been safe.

Why always blame the victim? I agree it was preventable, but that’s no excuse for the way some of us tech people collaborate with those fucking fascists from the police who will do anything to protect the status quo.

Also worth noting, from what i gathered, Protonmail in fact setup IP logging just for this user specifically. So in this setup, Proton VPN would not have been safe either.