It’s not Tesonet, Proton is wholly self-owned and managed. Proton VPN was briefly sharing employees with Tesonet during initial app bringup, and that partnership is long over. Naturally due to competition and the huge importance of privacy in this space, people still bring this up, but Proton VPN does not and never will sell or share your data with anyone.

Source: I am a Proton VPN employee.

So, why were the employees shared?

EDIT: I'm not saying being related to Tesonet is bad, but it is a fact that you cannot run away from.

> Proton VPN was briefly sharing employees with Tesonet during initial app bringup

I assume they needed the experience in how to run a VPN company, so that initial partnership was needed.

But why would tesonet spend resources to help a competitor to start? I'd be surprised if there wasn't at least an equity deal.

> But why would tesonet spend resources to help a competitor to start?

I thought tesonet is venture / seed fund?

Then the question becomes why would they help a company that competes with their portfolio companies. And even stronger case that they got some shares in return.

One reason is that helping contributors that you know will survive (as proton was already well known) grows the market. Basically give the competitor of piece of the cake because they will enlarge the cake for everyone.

What the hell is employee sharing?

Proton's response in the thread:

Hi everybody, this is Andy here. I'm one of the original researchers from CERN behind ProtonMail and ProtonVPN. There's some false info out there about ProtonVPN, and these stories were first fabricated by Private Internet Access, a competitor who has been feeling pressure from ProtonVPN lately.

The stories are false, but we have always been very open with the community, so I would like to provide some background anyways. As many of you know, Proton has many partners (Radware, F5 Networks, Equinix, Radix, Farice, LeaseWeb, Dell, Supermicro, etc). Tesonet Lithuania is indeed a partner within our long list of partners, but it's a huge stretch to claim ProtonVPN is run by Tesonet.

We first met Tesonet back in 2015 when they offered to provide us with internet infrastructure (we received many offers after the infamous 2015 DDoS attacks - we never bought infrastructure from Tesonet). During this period, Google was suppressing ProtonMail in search results, and we were financially suffering. To address this challenge, we needed to hire staff outside of Switzerland where costs are lower. This is how our Skopje, Prague, and Vilnius offices got started.

Prague happened because two of ProtonMail's early hires from CERN were Czech. Skopje and Vilnius happened because we knew local partners there (it would not have been possible to source local candidates, handle HR and payroll, understand local regulations, etc, without outside assistance). We worked with Radix (Macedonia) and Tesonet (Lithuania) to accomplish this. Tesonet in particular was selected since they are one of Lithuania's largest tech companies (and we already knew them).

While our early hires in both Vilnius and Skopje were always working fully for Proton, they were formally employed by our local partners because we did not have a local entity that could employ them. In the early days of Proton, this was not an uncommon arrangement since our team is spread across over 10 countries.

In mid-2016, Google finally halted the suppression of ProtonMail in search results and we experienced strong growth. This gave us the resources to create our own corporate entities in Macedonia and Lithuania, and we engaged Radix and Tesonet to do this. We used the same legal address and nominee directors as our local partners because we still did not have our own office yet. For contractual reasons, these moves took some time. For example, ProtonLabs Skopje, our newest entity, only moved in November 2017.

For historical reasons, some connections to our past local partners remain. Some of the IPs we use in ProtonVPN's global network might be acquired or leased from Radix (we have never, and do not currently use IPs from Tesonet - most IPs are from LeaseWeb or are our own IPs). Similarly, the ProtonVPN Android keystore mistakenly lists Tesonet as the organization name, since our Android developer was at that time formally employed through Tesonet. Due to the way the Android Play store works, this keystore can unfortunately never be changed, but it remains under our sole control.

The entities we use today in Skopje and Vilnius are both subsidiaries of our corporate entities in Switzerland. While we no longer employ team members through third parties (except for in the United States where don't do direct employment), we do continue to share expertise and work on projects together with various partners. For example, our two new Swiss datacenters are being built together with Radix in order to share some of the fixed costs.

Going forward, we will need to continue working with partners around the world as we grow (unless you're Google, you can't do everything yourself). This is not the first time one of our partnerships has been inaccurately portrayed (the other incident is so ridiculous I'm not going to mention it here). The truth however, is less interesting than the conspiracy theories might have you believe.

--------

Further comments on the smear campaign against us:

    The false allegations were originally spread by US-based VPN provider, Private Internet Access (PIA), who also happens to be a major competitor. We think it says a lot about them to be engaged in shady marketing tactics.

    ProtonVPN/ProtonMail does not, and has never used any IPs or servers from Tesonet (this can be publicly verified)

    Proton does not share any employees (or company directors) with Tesonet. This is also a verifiable fact.

    Proton has not used Tesonet for HR since 2016.

    There is little actual evidence that Tesonet does data-mining (in any case we have never used infrastructure from them).

    Proton has many suppliers (Dell, Juniper, Radware, etc). If you dig enough, you can find dirt on all of them and create a false narrative. We do business with other tech companies - this is not a secret or abnormal.

We're not surprised to be attacked given how shady the VPN industry is. If anything, it indicates to us that we are doing something right.

I love Proton’s stuff and use all their products — maybe I’m just being paranoid, but even though the explanation makes sense, I still wonder about those old connections. Would be nice to see more official proofs

> Due to the way the Android Play store works, this keystore can unfortunately never be changed, but it remains under our sole control.

Out of curiosity, why not release the new version as a separate app under a new package name. I realise that’s not an ideal solution since it would mean starting fresh with installs and reviews, but it could allow you to move forward without being locked into the old key.

> it would not have been possible to source local candidates, handle HR and payroll, understand local regulations, etc, without outside assistance

I have no dog in this fight, but I agree with the "smear campaign" that this is 100% bullshit. I work for a fully remote company with employees from all over the world, including Eastern Europe, and we didn't need to partner with any local company, let alone a competitor. Plus even if we need local HR assistance there are plenty of global/local HR services to choose from that focus on HR, no "employee sharing" needed.

I don't know if any other claims are false, but this kind of bullshit obvious to anyone who has been in a similar position undermines everything else they claim. Plus it was never mentioned what these "local partners" get in return, which seems to be the most interesting thing if there's no secret ownership, which is the thing they set out to debunk.

> I work for a fully remote company with employees from all over the world, including Eastern Europe, and we didn't need to partner with any local company

Because your company already has considerable experience in working remotely in another territory, of course they didn't need any help. Or potentially, they were already contracting a firm for local bureaucratic matters.

> Plus it was never mentioned what these "local partners" get in return

Money? They could sell these bureaucratic services at a markup, where they have experience with the paperwork etc. part of expanding internationally.

Additionally, another commenter said they offloaded some worse talent on them[1], so that's another possible benefit to them.

1: https://news.ycombinator.com/item?id=45500737

And to cover the astroturfing allegations in this thread: no, I don't work for or have any relationship with ProtonVPN, other than being a user.

> Because your company already has considerable experience in working remotely in another territory, of course they didn't need any help.

What are you talking about, my company was fully remote with global employees from day one. And no, our CEO/CFO haven’t founded or worked for another fully remote company before that. This is not a radical concept at all, especially not here on HN.

A company operating fully remote with global employees still has to do some bureaucratic work with the countries of their employees for payroll purposes. That's what I meant by the experience they had with this.