[ttul]

Even if Proton has all the best intentions, by concentrating a lot of interesting accounts, they will most definitely fall victim to sophisticated attacks by well funded adversaries. I doubt that Proton's security is better than Google's security. If you want a truly secure mailbox, it would be far better to use Google than Proton and just PGP encrypt anything truly sensitive.

[burrows]

> If you want a truly secure mailbox, it would be far better to use Google than Proton and just PGP encrypt anything truly sensitive.

You know this? How?

[chrismorgan]

Look, saying Google might be going a bit far, given that PGP doesn’t encrypt everything about the message, but the sentiment is broadly correct: for security, it is better to use independent, trusted encryption and a deliberately untrusted network service provider, than to trust the claims of benevolence of a network service provider that it provides trustworthy encryption. In the former case, you hold the keys and the Google cannot wrest them from your grasp by any means. In the latter case, the Proton frames it as though you hold the keys, but in actual fact they access the keys every time you do, and could at any point decide to duplicate them.