This is a bad idea right? We aren't supposed to decrypt then verify usually, correct? I'm told this is standard for implementations of OpenPGP, but it just seems like a horrible design (of course OpenPGP itself is probably bad).
I didn't write https://latacora.micro.blog/2019/07/16/the-pgp-problem.html (the writing is too good, a giveaway that it's a 'tptacek joint) but I did review it and helped shape its contents and generally subscribe to its message :) In particular you are correct, and specifically GPG's MDC thing is some weird nonsense that does not deserve to be in use in 2019, let alone being in a product that describes itself as having top-notch security.
(Mostly I think I get why Protonmail does what it does, but GPG+email is a losing horse. It also doesn't help that protonmail addresses are a mild predictor for content not worth reading. I haven't quite had Popehat's experience of protonmail being a proxy for overt, virulent white supremacy, but... certainly have seen it be a proxy for poorly informed opinions on security :-))
Setting aside the technical issues for a moment, your last point is interesting to me.
One of the things that bugs me about security/privacy discussions is the rampant paranoia and misinformation, and it tends to be the louder voice in the discussions lately. I have to wonder if Protonmail being such a visible figure means that it attracts people who're inclined to fall under the aforementioned.
i.e, the people who use Protonmail for mostly innocuous reasons just don't say anything, so the poorly informed bits float to the top.
It's like apartment ratings, I guess - nobody writes a rating for a good one.
Disclaimer: I interviewed with PM last year and was offered a role, but for various life reasons didn't take it. They're pretty smart people though so I'm inclined to give the team the benefit of the doubt - I don't think any of this influences my comment above, but worth noting.
When I decided to ditch google a while back I considered switching to proton mail. Their marketing resonated with what I was looking for. After some thought I realized that email is fairly insecure by design. Even if proton mail fixed all of the security issues associated w/ email it all goes out the door the moment I communicate with a non-proton-mail address. Almost all of my friends and family use gmail, and most of the volume of email I receive comes from businesses. For my usecases, proton mail is basically security theater.
What's worse, proton mail makes many dubious claims. They claim that "All emails are secured automatically with end-to-end encryption." This is clearly false. They state that "ProtonMail's infrastructure resides in Europe's most secure datacenter, underneath 1000 meters of solid rock." Ok, cool, but how does that benefit me? The emails are already end-to-end encrypted (but not really). Am I expecting commandos to raid a datacenter and steal my encrypted emails? They say that "Our story begins where the web was born, at CERN." Again, who cares?
End-to-end encrypted email is not on my list of must-haves (or even on my list of wants). When I need a secure communication channel, I use Signal. Proton mail overstates what they provide, and they spend a lot of effort on frankly useless security measures.
Maybe! Certainly other environments with an emphasis on anonymity, pseudonymity or privacy in general have turned out to be terrible cesspools. But on the other hand, Signal and Whatsapp aren't. It's also not necessarily a broadcast-vs-1on1 problem: while I'm often frustrated with HN, it takes care of the white supremacists pretty effectively.
(Mostly I think I get why Protonmail does what it does, but GPG+email is a losing horse. It also doesn't help that protonmail addresses are a mild predictor for content not worth reading. I haven't quite had Popehat's experience of protonmail being a proxy for overt, virulent white supremacy, but... certainly have seen it be a proxy for poorly informed opinions on security :-))