Proton isn't opsec, it's just the best available commercial clearweb host that still has to follow all the laws and comply with warrants, but won't be arbitrarily selling your metadata or engaging in the adtech garbage.

Kagi is to google as proton is to gmail.

You get web mail, custom domains, decent security, decent spam detection, solid features, and no PII being sold. Nice, clean, simple - I like paying them money. I feel good about doing business with them, and I don't run into that often these days.

Yes it does have access to your data, at least any email coming from or going to another mail provider. Because those are not end to end encrypted. Only encrypted in transit (and even that is optional). So they need to handle the plaintext at the point of transmission.

I really don't like this about proton, they're always going on about their encryption but most emails they've seen in plain text on their SMTP servers. Because that's just how SMTP works. And so has the provider of the other party.

Once they've put them in your mailbox they can't decrypt them again but I always consider a single exposure a loss of confidentiality. The only emails this doesn't apply to are those from people using PGP (yeah all three of them) and those on proton themselves.

In my view this Achilles heel makes most of their protections irrelevant. But they still market it as if it's the email equivalent of signal, which actually can't see what you say at any point of transit. And non technical people have no idea about the difference.

Ps I'm not blaming proton for not having a technical solution for this because interoperability makes it an unsolvable problem. But I do blame them for their marketing around it.

> Do you wanna do naughty things?? Don't use such services do to so.

Is that really what happened here?

https://en.wikipedia.org/wiki/Stop_Cop_City

404 Media has an excellent track record and is very reputable, if you're saying the "red flag" applies to them.

I really don’t think 404 Media having a login gate is a red flag. They’re a business that needs to make money and the alternative to subscriptions is ads, which would be exponentially worse for user safety than what exists today.

That's 404 media's approach. That's why I only read their headlines.

In theory you could open up your protonmail account over tor and with bitcoin (or does that not work anymore?).

Its been a good while since I tried them out. Why I don't recommend them anymore is because when I didn't extend my subscription in time (expecting an account downgrade), my mail was locked and emails hold on to as random. Allowed to login only for payment.

That was one red flag from me, the second was when they shared IP address logs of a French protestor. E̶v̶e̶n̶ ̶t̶h̶o̶u̶g̶h̶ ̶a̶t̶ ̶t̶h̶e̶ ̶t̶i̶m̶e̶ ̶t̶h̶e̶y̶ ̶h̶a̶d̶ ̶a̶ ̶n̶o̶ ̶l̶o̶g̶s̶ ̶p̶o̶l̶i̶c̶y̶,̶ ̶i̶f̶ ̶I̶ ̶r̶e̶m̶e̶b̶e̶r̶ ̶c̶o̶r̶r̶e̶c̶t̶l̶y̶.̶ ̶O̶r̶ ̶i̶f̶ ̶I̶ ̶d̶o̶n̶'̶t̶.̶

> Proton only has access to your IP and device ID, not your data.

I like Proton. I use Proton.

However, the problem with proton is that if you access your email via a web browser, there's nothing stopping protonmail (to my knowledge) from reading your email from within their webapp via JS. This type of attack could be targeted at the behest of authorities.

So, actually, Proton COULD read your email (IFF you use webmail).

Here you are: https://archive.ph/Zvw3O

>Proton is a privacy based email server, it is not the dark web where you can do as you please without consequences.

If you are so hard-pressed to do something, then maybe setup your own smtp server

What device identifier are you referring to, something like the MAC addresses of your network cards? How are they retrieving that via a browser?

Proton doesn't really protect anything email related unless the recipient is also using protonmail. The article also points out they sought payment data, not "IP and device ID" information.