[mynameisvlad]

When they claim to provide secure email, what benefit do they gain from lying to all their users and potentially being discovered and the blowback from that?

It's great that you aren't taking things at straight face value, but they have very little benefit from doing what you say they could hypothetically do and an incredibly amount of risk and potential to blow up in their faces. In business terms, it's a ludicrous proposition to actually do what you claim they could do.

At the end of the day, you can claim all the hypotheticals in the world, but do you have any proof that they're actually doing anything remotely like what you say they could be? Because I haven't seen anything that would come even close to the scenarios in your hypotheticals.

[Sir_Cmpwn]

What happens when their government compells them to secretly begin siphoning off email, ala Lavabit?

[mynameisvlad]

Once again, massive hypothetical. Is there any proof this is even remotely the case? Has Switzerland's government suddenly decided centuries of consumer privacy go out the window and are asking to do such a thing or even implying they would? Yes, it's possible, but, once again, there's absolutely no indication that this is even remotely going to happen. At a certain point, hypotheticals like this just plain aren't helpful.

You claim they're "a scam". That has certain implications, including willful misuse of data/money. Can you prove they're actually "a scam", or is all of this just posturing because they aren't running their company in the exact way you would want them to?

[Sir_Cmpwn]

Why do we have to engage in hypotheticals about whether or not anyone will act in a morally upstanding way when we could instead design systems which don't require trust at all? Or better yet, use estalbished systems which don't require trust?

[mynameisvlad]

Because the general population doesn't give two shits about truly trustless systems, they want "good enough". And, while you and a few others might care about it, that's not enough to actually pay the bills, especially when designing trustless systems costs more money than an alternative. Your hopes and dreams don't pay for infrastructure, unfortunately.

So, once again, what about Protonmail makes them a scam, other than not doing things exactly the way you want them to? I've seen absolutely no indication they're a scam from any of your comments or their replies, and your grievances seem to boil down to one feature (the bridge) being paid-for. That's hardly scam-worthy.

[Sir_Cmpwn]

I'm not talking to the general population, I'm talking to Hacker News. And among the general population, people who really need encryption are not necessarily going to know how to use it, but need to understand what kinds of guarantees are being made to be safe.

A service which makes you pay to extract your own data with standard tools is a scam in my book. If you don't support IMAP and outgoing SMTP you can't even call yourself an email provider in my book.

[mynameisvlad]

You might not be talking to the general population, but ProtonMail is at the end of the day a service provider intended for the general population. They can't sustain their business on security-conscious people alone, so their decisions are going to be targeted towards the general population to some degree. Whether you like it or not, you have to think from the perspective of the general population because nobody is going to cater to the incredibly specific niche you live in. Even within HN, your arguments represent a minority. I highly doubt even a double-digit percentage of the HN readerbase cares about this issue as deeply as you do.

Then your book is flawed and doesn't align with the actual definitions of "scam" and "email provider". Especially for the former, there's a much higher bar, and your arguments are far from meeting it.

[Dylan16807]

That's not what Lavabit was ordered to do.