Proton launches new “Meet” privacy-focused conferencing platform

Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams.

Meet provides end-to-end encrypted (E2EE) calls to protect the confidentiality of the conversations and does not require a paid plan or even a Proton account to use. It is free for one-hour meetings of up to 50 participants. For longer calls, Proton offers a “pro” plan that starts at $7.99/month.

Proton says Meet was created in response to the increasing need for privacy-first, EU-based alternatives that make it easier to comply with GDPR, or even CCPA (California Consumer Privacy Act), addressing the complexities of laws such as the US Cloud Act, and overcoming challenges posed by an increasingly unstable geopolitical environment.

Apart from the legal aspect, Proton highlights the rampant practice of using people’s conversations to train AI models, which creates the risk of private data exposure from large language models (LLMs).

“Proton Meet gives you back your privacy and peace of mind by protecting your calls with end-to-end encryption, so nobody can listen in or use your conversations to sell ads, conduct surveillance, or train AI,” Proton says.

Meet works as simply as creating a conference call link and sharing it with other participants.

The new service is fully integrated with Proton Calendar and also supports adding scheduled meetings to Google and Microsoft calendars.

Strong privacy and security

Proton Meet calls are secured with Messaging Layer Security (MLS), an independently reviewed open source end-to-end encryption protocol designed for real-time group messaging.

Proton has published a separate post to provide more details about MLS, highlighting that all media and chat are encrypted client-side, leaving the company unable to access or process any cleartext data.

Proton Meet’s architecture is built on WebRTC with Selective Forwarding Units (SFU) for relaying media and chat to all participants.

Each meeting link contains an ID and a password that is kept locally on the client side, and authenticates participants via the Secure Remote Password (SRP) protocol, used on other Proton services for a decade.

Concerning MLS, the system forms a cryptographic group that shares an epoch key used for encryption, which is rotated on every join/leave event.

New members cannot read past messages (forward secrecy), old members can’t read future messages, and everyone has full visibility on the call participants, but their names remain end-to-end encrypted.

Email and IP address information is kept private between participants, and Proton does not retain records of who met with whom.

The firm says that even in the case of a server compromise, traffic cannot be read or modified, and that databases contain only meeting IDs, exposing nothing sensitive to hackers.

The only realistic risk is having the meeting link compromised, which can be mitigated by locking entries once all expected participants have joined, removing rogue participants, or rotating the link.

Automated Pentesting Covers Only 1 of 6 Surfaces.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now