I think I know the answer, bit maybe I’m missing something
Since proton only sends and receives encrypted emails to other proton accounts, that means that when you get or send an email to someone else, they have to send / receive unencrypted and there is no way for us to verify what they are doing. Right?
Also if most accounts are google Microsoft, they still get 90% of my emails. By switching to proton I think I’ve gained nothing, while losing convenience , added another trust point, and having two different companies have my data instead of just one
Proton drive, calendar and VPN I think are fine
Sorry for the poor syntax. I’m at work working on email related things, and this topic kept distracting me. I might correct it later


Kind of tired of beating the dead horse on that story, but part of privacy is that you need to trust the company that you’re dealing with.
He’s out there openly praising on authoritarians move to install a puppet government and open the gateway to corporate corruption. If our privacy companies are going to be sneaky and dirty, we want it done in the shadows. All he had to do was stay quiet. But he got noisy, then the PR department started gaslighting, and none of that’s a good look for a privacy company.
The thing is, Trump doesn’t give two shits about anybody, and the guy running the company should have known this.
But now it’s old news, it can die. He can prove that he can run the company by good faith measures and doing the right thing instead of by trying to gaslight people through PR.
My general opinion is that if a company requires trust, it’s not a good privacy option. We have suffered the consequences of trusting companies a lot of times. I’m not doing that again. All I care right now is the code. If we have to alternatives with the same product but one CEO is an asshole and the other not, then I’m going with the non asshole. But I’m not going to sacrifice my privacy to switch companies jus because UNTIL NOW the other provider seems nicer. That can change at any time. Email is specially a problem since switching emails is the most time consuming part
You have to trust that:
Code is good, but there’s a lot of operational information there that doesn’t get exposed by being open.
Code in the face of no malice wouldn’t be a large worry. They rolled over on a French activist and doxxed them for the French government. Those logs should not have existed in a privacy company.
Again, this is all old news now. Let’s see him make hard decisions to protect the clients and turn the PR side of things from “the empire did nothing wrong” to hey, let’s have an open dialog.
i don’t care about their VPN. the issue you describe is very real, but it’s inherit to all vpn providers. what i care right now, is their email service. you can switch vpn providers in less than 15 minutes, but email takes days. so i wouldn’t want to go around doing all of that every time some employee says something stupid.
and btw, if you use native installed apps, then the worry of them serving malicious javascript goes way down because any change they make on the complied package would be very likely to be very obvios to someone, because its open source ( i won’t go into detail here).
Yeah, I feel you about not wanting to move your email. Email is inherently insecure. My only real problem with their email is that they give people and false sense of security that their email is secure. It’s only secure as long as it’s on their network and it’s not like it’s end-to-end. If i remember correctly, their back-end email server is one of the things that’s not open.