[dane-pgp]

Someone should carry out a study where they test whether people can create a ProtonMail account and send an email from it (with a control group trying to do the same using Gmail). They could title the resulting research paper "Why Johnny Can Now Encrypt".

[duskwuff]

I don't know of any tests specifically for ProtonMail, but "Why Johnny Still, Still Can't Encrypt" tested the usability of another in-browser PGP interface and found it lacking.

[hammyhavoc]

I've heard fairly compelling arguments for why ProtonMail isn't a good choice if you want privacy due to where your keys are saved.

[iggldiggl]

And it still involves some significant trade-offs in terms of functionality: Potentially worse (spam) filtering and no full-text search unless you keep a full local copy of your mails around (which is rather unreasonable on a phone and impossible with webmail).

And those trade-offs are more or less fundamental if you want to access your mail from multiple devices, but at the same time don't want to trust your server to handle decrypted mails.

[hammyhavoc]

All depends on your threat model. I would never expect to receive sensitive information via email in 2021 when there are protocols like Matrix available. Even my bank and utility providers only send me email notifications telling me to login to their platform to view sensitive information. At this point, other than select business communications, email has been relegated to a two-way notification system for most people.

Sure, I send a lot of emails, but likewise, if I had anything worth keeping private, I certainly wouldn't be sending it in an email, even an encrypted one.