According to Proton's AI answers:

Proton Mail is designed with a strong commitment to user privacy and security. Here’s what you need to know about the information Proton Mail can provide to law enforcement:

Encryption: Proton Mail uses end-to-end encryption, which means that the content of emails is encrypted on the user's device and can only be decrypted by the intended recipient. Proton Mail cannot read or access the content of your emails.

Metadata: Proton Mail can access certain metadata associated with user accounts, such as:
    Account creation date
    Last login time
    IP addresses used to access the account
    Email headers (sender, recipient, subject line, timestamps)

Legal Process: Proton Mail will only disclose user information to law enforcement if it receives a valid legal request, such as a court order or subpoena, that complies with Swiss law. Proton Mail is subject to Swiss privacy laws, which are among the strictest in the world.

No Backdoor Access: Proton Mail does not have backdoor access to user data. The company is committed to protecting user privacy and will resist unnecessary or overly broad requests for information.

Transparency Reports: Proton regularly publishes transparency reports detailing the number and nature of legal requests it receives. These reports provide insight into how Proton handles requests for user information.

In summary, while Proton Mail can provide certain metadata to law enforcement under valid legal requests, the content of encrypted emails remains private and inaccessible to Proton or any third parties.

Metadata in the context of Proton Mail refers to the additional information associated with your emails that is not part of the actual email content. While the content of your emails is end-to-end encrypted and only accessible to the sender and recipient, metadata can include the following details:

Account Information:
    Account creation date
    Account status (active, suspended, etc.)

Login Information:
    Timestamps of when you last logged in
    IP addresses used to access your account

Email Headers:
    Sender's email address
    Recipient's email address
    Subject line of the email
    Timestamps indicating when the email was sent, received, or read
    Information about the email's path through servers (though Proton Mail minimizes this due to its encryption practices)

Message Status:
    Whether an email has been sent, delivered, or read (if read receipts are enabled)

It's important to note that while metadata can provide some context about email activity, the actual content of the emails remains encrypted and private. Proton Mail is designed to minimize the amount of metadata collected and stored, and it will only disclose metadata to law enforcement if it receives a valid legal request that complies with Swiss law.

Yes, there have been instances where law enforcement agencies have made valid legal requests to Proton, and in some cases, these requests have led to investigations or arrests. However, Proton's transparency reports do not provide specific details about individual cases to protect user privacy and comply with legal confidentiality requirements.

Proton regularly publishes transparency reports that summarize the number and types of legal requests it receives, as well as how it responds to those requests. These reports provide insight into the nature of the requests and Proton's commitment to user privacy.

For example, Proton's transparency reports may indicate the number of requests received from law enforcement agencies, the types of information requested, and whether Proton provided any information in response. However, the reports do not name individuals or provide specifics about individual cases.

If you're interested in learning more about Proton's transparency reports, you can find them on Proton's official website. These reports demonstrate Proton's commitment to balancing user privacy with legal obligations.

Just found out they have a proprietary AI service...

1. You shouldn't "trust" as a basis for security or privacy. Eg for protonmail, Proton can still read your incoming emails if they arrive unencrypted; the only way to avoid that is to send E2EE email, which unfortunately most email is not. You should assume that if they can, then they are.

2. If you have to use proton for whatever reason (can't afford to pay to self-host things, don't know how to and don't have time to learn, etc), it's perfectly fine for everyday use for things that are not particularly sensitive ie you don't have a highly resourced state actor actively trying to obtain that data. Just always keep the first thing in mind. Too many people treat anything that calls itself "encrypted" as a silver bullet.

I was actively looking to move my family over there.

When the CEOs spouted his Trump BS it made me look a little harder.

I see that they've doxed an activist.

They claim to be open source and then as you drill down you find out that some of their stuff is open source and some is not.

Switzerland looking at amending their privacy laws to further force companies to log and dox VPN users. Proton claim they would be willing to move the company outside of Switzerland if these laws take effect but will have to wait and see I guess.

There's a crap ton of either PR or fanboying going on for this company. I really want to see them get their shit together but you can't just discount this stuff like it's not happening. 400 people running around going I have never had any trouble with them privacy wise, and I don't think they all sell any of my data, It's not a good indicator of a company's privacy prowess.

I think we have good enough reason not to trust the CEO from his Twitter, and I think their marketing department is slimy as shit. I think the country they're based out of is going to force them to comply with too many court orders.

I'd say there less likely to market your data than Google/Microsoft. But they're also less likely to anonymize it correctly if they do so. Since Google runs their own ad network they don't need to sell your private data to other people to use it to market against you.

If Trump called up Andy Yen and asked him for a name, home address, IP address, phone number, and credit card mapping for all of his users he would fall over himself to provide that for hopes of a government contract. That doesn't sit well with me for a privacy concept.

If you're not worried about being doxed by a state agency, and would just prefer your data not be sold rather than it being a absolute critical thing because they might not sell your data, there definitely good enough.

If you're a little worried about putting all your eggs in one basket and want to be able to move from company to company without turning the world over, I would look at tuta and disroot, mulvad and backblaze. Or maybe even self-hosting nextcloud for the storage component on one of those services that allows you to just spin up nextcloud on a vps with single click.

For what ? Security or anonymity ? Likely yes for the first but no for the second. For example

https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification

run mailbox.org bring your own encryption

Proton just completed their SOC 2 Type II audit:
https://proton.me/blog/soc-2

Accomplishments like this are why I continue to trust Proton and remain a paid user.

If you're using Gmail, and you're considering alternatives for privacy reasons, then 100% without a doubt, objectively and unequivocably, Proton is the better choice of the two.

There are other email providers with privacy assurances, and yes, you can self-host, but don't let perfection be the enemy of the good.

To address the trustworthiness of Proton directly: I've been a Proton user for about 10 years. It gets the job done. I have complaints, but privacy is not among them.

I think you can trust the operational side of it. I don't think they've had many detrimental oopsies, the services work. I used them for a year and then jumped ship. One reason is the favorable comments by their CEO about the 47 administration, which I didn't like. Another reason is the nitty gritty - they don't clearly advertize what's part of what package and I felt that was by design to get you to upgrade. And they definitely see themselves as a basket for all of your eggs. If you are moving there because you want to degoogle your life you end up just protonizing it. It's better to spread around your stuff so you're not dependent on one provider. If you just want a good VPN and don't care about the rest of their services and the politics, you could make worse choices.

Swiss have one of the strongest privacy laws and Proton is pretty save to use.

the ceo is potentially fascist. they might be ok now, but there's no way to trust it long term if that's what you are hiding from.

if you are coming from gmail or hotmail its gonna be better, but that's kind of a low bar.

It's a corporation, so, no.

You need to specify what you want an alternative to, as Proton hosts a lot of services.

I think they are trustworthy and the sexy alternative to Gmail. I've been testing both Proton and Tuta as my replacement. Proton is more expensive, but provides more services. Tuta is smaller, cheaper and gives off a user centric vibe. Proton seems to be emulating bigtech a bit too much with their release of a privacy chatbot today. I'm personally leaning towards keeping Tuta over Proton.

That depends on your risk tolerance, which is a decision you have to make yourself.

Depends on your threat model. What are you defending against?