Proton should design their software and services to “fail closed” and utilize technology and policies to prevent ever being exposed to user IPs to prevent holding this data in the first place. They could daisy chain TOR nodes, perhaps. I’m open to ideas on that front.
tl;dr: Proton failed their customer by designing their service in such a way that this PII disclosure was possible. That they folded under legal pressure instead of calling any government’s bluff shows that they are willing to compromise their own systems at their users’ expense, and get paid for the privilege. Their customers deserve better.
Your wording "Calling any government’s bluff" implies that this was a bluff, however, that's not the case - if the cards come to table, it's obvious that "their cards" are weaker and the government can actually force them to compromise their systems, it's not a bluff, it's not a winnable contest.
In this case, after receiving a valid order, implementing any technology or policies to thwart it would be a felony, you're required to cooperate. If you appeal the ruling, you're still required to comply with the ruling and collect data during the appeal process.
Also, technical solutions don't fix social problems. They could daisy chain TOR nodes to avoid collecting information by default, however, a valid warrant for a specific user (as in that previous case you seem to allude to) can easily require them to avoid all those technical solutions, add extra information collection and intentionally circumvent these TOR nodes for this one particular user to break their privacy - no matter if they're willing or not.
If they're not willing to compromise their own systems, then the only solution is to not run those systems at all and shut down the service e.g. as Lavabit did, because you can be (both legally and practically) forced to compromise your systems.
Yes, it is a government bluff. What will they do? When was the last time you heard a sysadmin got in jail for not keeping logs? Worst they risk is having a few machines seized and a fine. Unless of course they actively promote their services to the mafia or terrorist groups, which is definitely not the case.
Also related, it's very important to not respect unjust laws. Laws are designed by lawmakers to oppress the people, and it takes popular organizing/revolt to make them slightly fairer. Without civil disobedience and popular self-defense, USA folks would still have legal slavery and apartheid.
In the tech world, standing up to unjust laws is not uncommon. Mail providers such as Riseup are famous for standing up for their users (unless they're cryptoscammers which is not covered by the ToS). Lavabit also notoriously committed seppuku rather than rat on users. In Germany, Freifunk ISP defied all data retention laws and went all the way up to the supreme court to uphold privacy rights and not keep logs on their users. That's what i expect from a privacy-oriented service provider.
In France, where data retention laws have been deemed illegal by the european court of justice , the government still insists ISPs and other service providers must spy on users. In that case, are you supposed to respect the laws of your local corrupt government, or abide by the constitution and declaration of human rights in accordance with the highest legal courts?
If you're a small provider who doesn't intend to get into legal trouble, don't pretend you can protect users' privacy against unjust abuses of power. If you're a big corp like Proton, you definitely have enough resources to stand up to an obvious case of political repression. I understand and to some extent respect their decision, but it should not be framed as if they didn't have a choice!
Lavabit is really the key reference here, no reason to point to revolutions, that goes a bit far. But instead of providing the government with user data Proton had the option to stop operating the compromised email service, or if necessary to fold the company. That is what was necessary to do in this situation. Instead the caved to the (now clear to be illegal!) government request and ratted out their user. That's unacceptable for this kind of service.
Also, iirc, the problem with Proton is that they did not only hand over the data, they collected the data in advance to later possibly hand them over. That would be a systemic failure.
I did not exactly mention revolution, but that's an important topic. The government needs to keep tabs on everyone because they're unjust and therefore fear the mob. The only way to deal with this problem entirely is not via legal/technical means but via a global revolution that does away with "government" entirely.
> they collected the data in advance to later possibly hand them over.
My understanding (from previous reads) is that they had to enable IP logging precisely for this user that was targeted. If they had just done nothing, there would have been no data to give away or seize.
tl;dr: Proton failed their customer by designing their service in such a way that this PII disclosure was possible. That they folded under legal pressure instead of calling any government’s bluff shows that they are willing to compromise their own systems at their users’ expense, and get paid for the privilege. Their customers deserve better.