[zabuni]

Web based encryption. Pointless. If you trust them enough not to send you bad Javascript, you trust them not to read your emails. You trust them with your private keys.

If you trust them with all that why even encrypt the mail client side?

[Caprinicus]

It's not about whether you trust them not to read your emails, its about whether they would be able to turn them over to anyone with a valid request. The decryption is local, they could send modified code specifically to you that returns whatever password you type in, but there's no legal mechanism for forcing that in switzerland and I imagine that practice wouldn't go unnoticed if they did it to comply with every request they got.

[snowpanda]

To be fair, ProtonMail Bridge is available in beta for all paid members right now, which will allow you to use it with Thunderbird.

https://www.reddit.com/r/ProtonMail/comments/77ifdx/protonma...

[joefreeman]

Yep. And the same argument applies to their apps. We need an open standard with an app built by a trusted third party.

[ZenoArrow]

For email clients, Thunderbird is still being developed (latest release was from less than a month ago):

https://www.mozilla.org/en-GB/thunderbird/

Also, the V1.0 release of Mailpile is meant to be coming soon:

https://www.mailpile.is/

https://github.com/mailpile/Mailpile

For setting up your own email server...

https://mailinabox.email/

http://www.iredmail.org/

[beingmyself2]

I understand your point of view, but these are different levels of trust. You can audit the javascript they are sending you and (potentially) notice it is a ruse. If they are reading your email after you send it to their server though you have no way of knowing.