Due to the recent announcement of Proton moving to a non-profit structure (although not becoming fully non-profit) I’ve decided to take another look at them and really, Proton Unlimited is an enticing offer. However, the fact of everything from mail, to accounts, to storage being in one place is somewhat disconcerting. Also I recall them being decent, but not particularly outstanding at refusing to provide data to outside sources, there was a situation a while back where they handed over information of a climate activist.
To be fair, mail is insecure by default and if you’re going so far as to write to another Protonmail user you might as well use something actually secure and I am not exactly planning on breaking the law so I’m not too worried about data being handed over to authorities, yet it still leaves a bitter taste in my mouth and with the state of politics where I live there certainly is a concern that, being queer, I should also be a bit weary of governing bodies as well, as laws may change in the future.
Basically, by switching to Proton I’d be putting a lot of trust in them, instead of splitting it up between things like Mullvad, Bitwarden, etc. and besides a password manager (and to some extent my email provider), while dramatic, a single failure at any point wouldn’t be a total disaster. Are they trustworthy enough for the convenience benefits to be worth it to any of you?
You don’t have to use all the services, most of them have an excellent free tier. My setup is paying for VPN, using the free tier of pass and self hosting my email and cloud storage.
Legally they (and every other company) are required to hand over data to the police, however they can try to have as little data as possible. While Proton doesn’t take as extreme measures to protect your privacy as for example mullvad, they have no log policy and such. I believe the case where they had to collect data (IP address, which they normally don’t collect) they received a legally binding order from the Swiss government which normally is used for serious crimes. Every company has to follow these orders, so this isn’t a proton thing but rather a Swiss law thing.