It's a hard problem because people want similarly privacy respecting solutions to all their other needs as well. I also don't love a single company handling all the important bits. It doesn't matter if it's Apple or Google or Proton. That's why I don't use most of their suite and prefer FLOSS whenever possible. This is not possible for email (yes I've tried to self host, it sucks ass and emails get dropped).
I don’t see how a separate notes product expands the attack surface of the email product. At best it might use up some of their engineering team’s attention. But the email product may also just be "complete" (mostly about maintenance). So perhaps they can work on other things without sacrificing its quality?
From that perspective, we would prefer to focus efforts on securing the Proton account as much as possible. There are two actions the user can already take.
First, enabling 2FA will take the risk of compromise down to almost zero (our data on compromised accounts supports this also).
Hi there, this is not an AI generated response. We are replying to the comment on attack surfaces, and how our focus is on securing a single Proton account by enabling 2FA and Proton Sentinel rather having to manage security for multiple accounts.
Please speak to your superiors and let them know that this corporate style rings poorly on hackernews. See if they can at least let you speak more personally, less press release. It may go a long way towards improving perceptions here. Or at least credibility.
I'll cut the corporate account some slack; the parent commenter's criticism is sarcastic and a straw man.
I got the point of the proton account politely saying "we secure the account holistically and having an additional product is not an expansion of attack surface".