If you're worried about state agencies intercepting your communications, you're going to have to give up certain conveniences, like web based email and consumer VPN.
The services you mentioned should have superficial security that's at least on par with dominant providers, and will hopefully keep your information from being intercepted for the sake of advertising. I think that's still worth something.
Just get one crypto device from the US, one from Russia and one from China, and then encrypt your stuff using all of them, one by one. Then no single secret service could decrypt it all.
How do you know rulers of China, Russia and USA aren’t best friends ever and share information at top levels? You simply cannot trust a third party vendor anymore, no matter where they reside and this includes your cpu too.
Any information that needs security from nation state level requires physical data diodes.
I guess you can use the method you mentioned for protection against lower level actors.
What he's describing only works for symmetric encryption. Assymetric is the problematic one. There is no real way to verify the trustworthiness of VPN/proxy systems.
I still trust it to not sell my data to the highest bidder for marketing purposes and such.
The NSA and other state agents may or may not be capable of reading my emails, but I don't think they would care about anything I write/receive and for sure won't sell/publish it because of the risk of the world knowing about their possibilities. It's still opposed to my interest in privacy, but the main thing I care about is my life not being an open book on the internet for everyone to see (or even just marketers), and ProtonMail sells that to me as a business model, which I still believe in.
yes, you're right. I chose them in the first place because they made me realize that there is no such thing as "free email", and I was glad to pay for mine to avoid ads and private data exploitation
You shouldn't trust anything completely. All you can do is manage your risk to the best of your ability and be aware that unless you are talking to someone on top of a mountain and neither one of you have a phone with you, everything you communicate, digitally or otherwise, is very likely being recorded or logged somewhere by someone.
You shouldn't have been trusting them in the first place. At least not completely. You're just taking their word for it and trusting a company blindly based on only their promise.
There is no way to run anything substantial like ProtonMail without getting tapped by agencies or even worst they will force you to integrate and cooperate. There are just many regulations and you have to comply.
The services you mentioned should have superficial security that's at least on par with dominant providers, and will hopefully keep your information from being intercepted for the sake of advertising. I think that's still worth something.