[x1798DE]

Yes, but they are clearly playing a bit fast-and-loose with things here. The whole point of end-to-end encryption is that it's a "trust no third parties" model (other than whoever provided your crypto software, which you can verify anyway). This is slightly better than Lavabit, but you're still trusting ProtonMail, who are providing the crypto implementation to your browser every time you use it. Depending on how it's implemented, they could potentially unilaterally revoke all your past secrecy by changing the Javascript code to capture your private keys.

Plus, they're offering self-destructing e-mails, which is impossible to provide, so already there's a bit of snake oil there. If they said, "It's not possible to provide real self-destructing e-mails, but you can set it up so that (assuming you trust us), we'll delete the messages from our servers after a certain amount of time, which is the best anyone can do." Instead they say that they are "more ephemeral than SnapChat."

[duaneb]

Do you trust OpenSSL?

[Xylakant]

> Do you trust OpenSSL?

Good question, but one with no influence on whether I trust protonmail. The threat model is different: Openssl is so widely deployed that all is lost for me if it's broken. I'd assume protonmail uses it for it's SSL connections (the webserver pretends to be an apache). If there's an exploit, the attacker can at any time MITM my connection to protonmail and at his discretion inject javascript that captures my decryption password or message.

[thecoffman]

All very fair points!