alt Hacker News> Proton only has access to your IP and device ID, not your data.
I like Proton. I use Proton.
However, the problem with proton is that if you access your email via a web browser, there's nothing stopping protonmail (to my knowledge) from reading your email from within their webapp via JS. This type of attack could be targeted at the behest of authorities.
So, actually, Proton COULD read your email (IFF you use webmail).
Replies
You always put trust in the vendor even if they use e2ee because the end clients are made by them.
They can just send things without e2ee from any of their clients (not just web).
> This type of attack could be targeted at the behest of authorities.
No? How can authorities tell them how to do their business?
Is even that needed? Nothing e2ee about the emails you receive normally, they could just read them right away if they really wanted to. And that is to say nothing about the metadata.
>So, actually, Proton COULD read your email (IFF you use webmail).
The authorities can also read your self-hosted email if they had a warrant to search your house. Even if you enable FDE they can do a cold boot attack.