Proton Meet: MLS Encryption and the LiveKit Infrastructure

The Pitch

Proton Meet is an end-to-end encrypted (E2EE) video conferencing platform operating under Swiss jurisdiction. It utilizes the Messaging Layer Security (MLS) protocol to prevent Proton or third parties from accessing audio, video, or chat data (source: proton.me). The service is currently gaining traction as a privacy-focused alternative to GPT-5 integrated communication suites.

Under the Hood

Proton Meet relies on the Messaging Layer Security (MLS) protocol for client-side encryption (source: proton.me). While the marketing emphasizes proprietary Swiss security, the underlying infrastructure is built on the LiveKit open-source WebRTC stack (source: HN). Early technical analysis suggests the service functions more as a refined wrapper around existing WebRTC technologies rather than an architectural departure (source: Privacy Guides).

The current implementation is primarily browser-based, which introduces the "compelled update" risk inherent to web-delivered E2EE. Because the JavaScript is served by Proton’s servers, the encryption could theoretically be bypassed if the provider is forced to serve a modified JS bundle to a specific user (source: HN). This remains a structural weakness for any security tool that does not offer a verified, reproducible desktop binary.

As of April 3, 2026, the official @ProtonMeet GitHub organization shows zero public repositories (source: GitHub). This contradicts the broader Proton brand identity of open-source transparency. We don't know yet when the client source code will be published, nor have we seen third-party security audits specifically covering the Meet implementation (UsedBy Dossier).

The free tier allows for 50 participants with a 60-minute cap (source: gHacks.net). While the audio and video streams are encrypted, account-related metadata and payment identifiers remain accessible to Proton (source: Reddit). This metadata is subject to Swiss MLAT orders, meaning the service is not a total black box for law enforcement (source: 404media). We also lack technical details on whether Proton will support a self-hosted "Enterprise Mesh" using LiveKit's native capabilities.

Marcus's Take

I see no reason to migrate a stable backend team to Proton Meet until the source code is public and audited. While MLS is an excellent choice for modern E2EE, the reliance on a browser-based delivery model makes the security claim entirely dependent on your trust in Proton’s server integrity. It is essentially a polished LiveKit implementation with a Swiss legal shield. It’s a bit like buying a high-end safe but leaving the key in a jar marked “In Case of Subpoena.” Skip it for production use until the client-side code is available for independent verification.

Ship clean code,
Marcus.