This is exactly what I alluded to. See Apple’s private relay feature.

But PM needs to lead the tech world in privacy technologies instead of spending efforts in justifying why it should be trusted.

Another thing, data at rest is not quite end to end encrypted. If an email comes from a non-PM account to PM account, it’s received in plaintext and then encrypted. Thus PM has that data.

My point was I think they have already the ability to do this (cited sources) but they don't.

Apple's private relay feature is good but they also suffer from recent trust issues.

Regarding the last point, yes if you send PM-Non-PM there will be plaintext email sitting in the Non-PM's inbox/sent items. But you do have the ability to send non-PM recipients password protected email where they have to read the email over at PM in their browser. Only a link to it sent by email and they need to know the password to access it.

Obviously it depends on your threat model, but if you're doing anything that sensitive you should probably not be using email as there's no way of truly making it secure to use.

Some people will be using protonmail just because they don't want their provider scanning their emails or targeting them with ads. PM do offer a free tier so they're not a bad choice for that use case.

Just to be clear, if you send an email from a non-PM to PM account, the email is plaintext in BOTH accounts!

That’s because, PM servers receive plaintext data. Then, they encrypt it. But there is no proof that plaintext is not logged.

It’s same as in VPN: trust us, we don’t log your data. No, invest in zero knowledge technologies please.

I can point out to many other possibilities for improvements in their email and VPN service. But they should lead us not other way around.

> That’s because, PM servers receive plaintext data. Then, they encrypt it. But there is no proof that plaintext is not logged.

Ah yes this is a good point. The only way to be sure is to client side end-to-end encrypt your data before you send it to any upstream mail service. E.g. using S/MIME or PGP. At this point you can then use any free mail service as you now “only” need to worry about leaked mail header meta-data.

We must be fair. Citing that plain text is readable before proton mail encryption is.... unfair.

A bad actor could place a proxy upstream, the problem has nothing to do with protonmail.

What protonmail tries to solve is your mail being encrypted at rest. It succeeds there.

Statements about "but they can read it" or "they can capture everything before..." is a separate issue, one of trust and different methods of state interference.

> Citing that plain text is readable before proton mail encryption is.... unfair.

Firstly it wasn’t me that made that observation but..

I don’t think fairness comes into it. If you’re concerned with that risk, use something else. All security comes with a set of trade offs and knowing which risks you’re protected from and which you are not, helps you make that choice.

ProtonMail are also very good at publishing their threat model, architecture and technical implementation as well as large parts being open-source.

> What protonmail tries to solve is your mail being encrypted at rest.

Actually it does better than that. It uses message-level encryption using PGP keys to provide that encryption at rest. Which in theory gives them zero access. Lots of services which tout encryption at rest are actually encrypting the block storage which mitigates against fewer and less likely threats.

That will just hide the IP, but not user's authentication and data. There are more simpler ways to proxy if you assume that the proxy front end is secure.