they make a lot of promises about security, but email can truthfully only reach a certain level of security. the comment from @RTRedreovic@feddit.ch shows weaknesses in relying in protonmail to protect various aspects of your communications, but they sell themselves as TOTALLY SECURE.

the lady doth protest too much.

so they’re no more secure than, say, google, when you implement your own e2ee on top of email with PGP or something. but the promises of enhanced security actually set people up to expect more than that. coupled with the fact that they don’t even let you use imap or pop, it’s not exactly a hacker’s dream service.

The UI has improved a lot since their re-brand, so I doubt that’s it.

Proton only uses E2EE for the message body (including attachments). The subject and headers are not end-to-end encrypted.

That’s not entirely unreasonable, since they use that data for the search function on the server side. Nobody’s really cracked the nut of E2EE search, though there’s been some interesting research in the field recently.