As much as I like using Proton Mail and VPN, their current offerings have grown exponentially in size.
I would highly recommend anyone here to not put all their eggs in one basket. Proton can and has in the past disabled user accounts for no reason. This means that you will lose access to everything you use with them.
Only use Mail or VPN and use other services for other needs.
- Mail -> Tutanota
- Calendar -> Tutanota
- Drive -> Just make a NAS. I don’t trust any provider with file storage.
- VPN -> Mullvad
- Pass -> Bitwarden or Keepass
- Wallet -> Don’t buy crypto
- Docs ->
OpenOfficeLibreOffice - Sheets ->
OpenOfficeLibreOffice - Authenticator -> Aegis or Ente Auth
- Meet -> This is fine.
- AI -> Run something locally
Note that the “transparency report” is what passes for a warrant canary at Proton. Notice that they don’t report activity during the year, just an annual summary of all the legal orders they’ve received, how many they contested and how many they complied with.
Mind you that’s purely them complying with legal orders from Swiss court (often/usually acting on behalf of a foreign interest.) As the legal blog post outlines, there is a long history of american and israeli intelligence investing in encryption services and mathematically backdooring the products, which if that is the case with Proton, is a separate issue to the incidences tallied up on the so-callled transparency report.
When I first started using Proton they were not complying with over ten thousand court orders in a year. I think if I were looking for hosted services today I would be very skeptical about Proton and suspect that they trade on historic good will that they perhaps never deserved and certainly don’t deserve now.
If you’re going to use their services, treat them as any other small time corporate owned online service and do not entrust your freedom and safety to them if you have any reason to fear state level threats. ETA: Or even well funded corporate ones.