The E2EE claim is BS, unless qualified by saying that the platform supports GPG-encrypted emails only. Proton makes the same claim and it’s just completely false. E2EE is not possible with existing email protocols.
The main point they try to make is that once emails land, the platform itself can't read them because they immediately encrypt it with your key, of course, this process is impossible to know for sure. And of course, using PGP or whatever is already a secure medium on all email providers, nothing to really solve here.
Even as some says, even if Cure53 or whatever respectable company does an audit, it still guarantees nothing. Only real way today is with Enclave with proper implementation of attestation and more, anything running server-side can't be checked.
It's quite disappointing that we find many good developers today that still trust ToS of a service as if it was any form of real security, it worth nothing outside of the legal aspect, ToS has nothing to do with code.
Even as some says, even if Cure53 or whatever respectable company does an audit, it still guarantees nothing. Only real way today is with Enclave with proper implementation of attestation and more, anything running server-side can't be checked.
It's quite disappointing that we find many good developers today that still trust ToS of a service as if it was any form of real security, it worth nothing outside of the legal aspect, ToS has nothing to do with code.