> Their entire business - email and VPN both - embodies the same philosophy that Mozilla does.
ProtonMail doesn't report security vulnerabilities to the users, when researchers discover them[1]. It has also publicly boasted about hacking a phishing site, when claimed the journalist's report was based on "unsubstantiated rumors"[2]. I really hope that it has nothing to do with the philosophy Mozilla embodies.