[kylec]

Anyone that values their privacy should never trust a service like this. The idea of in-browser encryption and decryption is nothing new, and it always suffers from the fact that the server can replace the client side software at any time without warning. If you must use a browser, find a plugin that you trust that works with any webmail service. Better yet, use an actual mail client and encrypt/decrypt in that.

[fareastcoast]

I think the idea of ProtonMail is to serve the part of the population that mostly uses the browser. Obviously if you wanted to be super secure, there are more sophisticated methods out there, but they aren't exactly accessible to the non-HN population. I don't think we should say, just because a perfect browser based solution isn't possible, this shouldn't exist at all. It's like saying, do something only if you can do it perfectly.

[tptacek]

Even if I thought this was a sensible way to describe the value of the service (I don't): that's not remotely what this site says. It makes expansive claims about security, which it can't possibly back up. Why should ordinary people be expected to trust them with secrets?