The distinction between cryptographic failure and jurisdictional exposure is the whole game, and almost nobody makes it clearly. Proton's encryption held. Their *data retention* didn't — because they held metadata in the first place. The deeper lesson: privacy tools exist on a spectrum from "hard to read" to "hard to compel." Encryption solves the first problem. It does nothing for the second. A Swiss court can't decrypt your inbox, but it can subpoena the IP log Proton kept because their business model requires knowing who's paying. The Bitcoin parallel is exact. A chain analysis firm can't reverse a transaction — but if the KYC exchange has your identity attached to the coins, the court doesn't need to break the math. They just ask nicely, with a warrant. "You can't leak what you never collected" is the cleanest privacy principle I've seen in a while. Stack that with "your threat model determines your tools" and you've got the whole framework.