PayPal glitch caused ‘freeze’ on anti-spy ProtonMail’s fundraising account

PayPal caused a storm on Tuesday after freezing, albeit temporarily, the crowd-funding account of anti-government snooping email startup, ProtonMail — but PayPal says it was just a technical problem.

Alarm bells were raised on Tuesday after Andy Yen, co-founder of ProtonMail, said PayPal had frozen the account it was using to receive payments for its Indigogo crowd-funding campaign, which has so far raised just shy of $300,000.

The Geneva-headquartered company’s encrypted email product is being developed by scientists working at CERT and MIT who are seeking funds to scale up the service after its servers were overwhelmed during its public beta launch in May.  

The company hosts its servers in Switzerland in part because of the belief that the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT) protects it from being forced by the government to set a backdoor in its email system -- unlike US providers like the now shuttered Lavabit. 

In a blog post drawing attention to the freeze, Yen said PayPal had asked whether it had government approval for its encrypted email product.

“When we pressed the PayPal representative on the phone for further details, he questioned whether ProtonMail is legal and if we have government approval to encrypt emails,” wrote Yen.

“It seems PayPal is trying to come up with ANY excuse they can to prevent us from receiving funds,” he added.

As Yen highlighted, PayPal has a long track record for freezing accounts, in particular for crowdfunding campaigns. Besides the controversial block on WikiLeaks, last year it froze the account of Mailpile, an Iceland-based developer of an email client which had raised $45,000 on Indigogo.

Mailpile said PayPal wanted the company to provide a detailed business plan and evidence of a working product. As Ars Technica reported at the time, PayPal ultimately lifted the freeze, claiming that it was adapting its processes and policies for crowdfunding campaigns.

Read more: PayPal error shows how NOT to use two-factor authentication

PayPal announced its new crowdfunding policy earlier this year, clarifying what campaigns it does and doesn’t support and details it may require, including government issued photo IDs and business plans.   

However, it would seem PayPal still has a few bugs to iron out in its new processes for crowdfunding campaigns.

In a statement to, a PayPal spokesperson said wants to ensure these campaigns are complaint with its policies and government regulations, but that ProtonMail’s freeze was triggered by a “technical problem”.

“PayPal recently made changes to the way it handled accounts of people who were using crowdfunding sites to support their ideas. In response to customer feedback we established a streamlined process to specifically support crowdfunding campaigns. This process involves engaging crowdfunding campaign owners early on to clearly understand their campaign goals and help them ensure their campaigns are compliant with our policies and government regulations.

“In the case of ProtonMail, a technical problem this week resulted in PayPal applying restrictions to the account. We have contacted ProtonMail today to solve this and can confirm that ProtonMail is able to receive or send funds through PayPal again. We are sorry for any inconvenience caused.”

A ProtonMail spokesperson confirmed to that it had worked with PayPal this morning and the problem was “resolved in a very short time.”

Read more: Researchers bypass PayPal's two-factor authentication system

Still, ProtonMail notes on its Indigogo campaign page — where it’s also taking payments in Bitcoin — “we're not big fans of PayPal”.

Follow Liam Tung on Twitter 

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags certProtonMailAndy Yen co-founder ProtonMailcrowd-fundingpaypalencrypted emailMITgovernment

More about CERT AustraliaCSOEnex TestLabGenevaMITPayPalSwitzerland

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place