[0daystock]

E2E encryption only matters when the cryptosystem is reputable, open and withstood the test of time and scrutiny.

E2E encryption only matters when the identity provider is trustworthy, unlike most services which manage the PKI on users' behalf.

And most importantly, E2E encryption only matters when both sides apprehend the strengths and limitations of it, and practice appropriate opsec.

After reading this article, I'm not sure how Proton delivers on any of these requirements. It seems to infantilize a complicated infosec topic to comfort laypersons using their service instead, not unlike most of their marketing material I've seen.

[throwaway0x7E6]

agreed, but I'd venture even further - there are no trustworthy providers. anyone can be forced, coerced or compromised, especially commercial entities

[damon_c]

Check out NuCypher (I work there) It attempts an approach at dealing with this. https://www.nucypher.com/network

It's open source, decentralized, there are hundreds of providers... and it doesn't rely on trust. As long as less than half of them are forced, coerced or compromised you should be ok.