Yes

I use Proton services (among others) since years and i think that they are pretty trustworth with stable services and fair conditions.

Use a custom domain for your important accounts. That way, if you decide you don’t like Proton, you can move to Tuta or a different provider and recreate your addresses there. That way, the only thing you have to change is some DNS records.

I’m currently testing the paid version of tuta and proton.

Regarding the other services, as other said, keep things separate. Personally I use self hosted bitwarden for passwords and Synology drive for well, drive.

it was some years ago. But during an outage, one of their services turned out to be routing traffic through Israeli / Unit 8200 company servers.

My trust in proton evaporated back then.

https://cryptome.org/2015/11/protonmail-ddos.htm

Personally I would split them so they are not all in the same place. So for email use something like proton or tuta, vpn could be mullvad and a local password manager such as keepass xc synced with syncthing.

I agree with what others have already said about Proton being “good enough” for some threat models. And I second the argument about other options – such as Tuta for email, Mullvad for VPN, etc.

I’d just add one more thing. Once a company offers me to “handle” my digital privacy toolkit, I loose trust. Because a) it’s less resilient b) less secure c) less private. I would think twice before trusting emails, calendars, contacts, passwords and network security — to a single company.

I think their services are generally pretty good, yes.

But their frontends really aren’t. Their web apps are serviceable for desktop use. The Proton Mail desktop app is essentially the web app in an Electron or CEF wrapper. But on the desktop you can at least use Proton Bridge to then use whatever IMAP mail client you want.

On mobile, you can’t. You have to use their services with the corresponding app they provide on Android and iOS. I moved from iCloud Mail to Proton just a few weeks ago (and I also had Proton a few years ago), which meant I had to switch from the default iOS “Mail” app to the Proton Mail app, as Proton doesn’t support IMAP without a bridge (naturally, as IMAP doesn’t support end-to-end encryption).

Unfortunately the Proton Mail app is not a fully native app but instead it must be using React Native or something similar. It’s a low effort port of the web app, meaning very few integrations with iOS were actually done. For example, Apple Mail can show the email content in the notification, Proton Mail doesn’t. At least you can mark mails as read in the notification, but you can only see the subject line without opening the app. Offline functionality is very limited as mail contents aren’t cached on device, which can also make opening specific mails very slow (comparatively at least), and overall the app just feels less responsive compared to a native Swift UI app. UI animations aren’t “attached to your finger”, instead they just fully play once triggered no matter what. Calendar attachments just show up as an .ics file that you then have to download and open to add them to your calendar instead of just having a simple “Add to calendar” button.

But the worst part is that the iPad version is basically just the iPhone version blown up to fill the screen. It doesn’t have a multi-column layout with your inbox on the left and the selected mail on the right. Nope, just like on the phone app, you open a single mail, it takes over the whole screen and you have to go back to your inbox again.

For that reason I didn’t even bother with their calendar service.

The VPN app is fine. The iPad app is the same blown up iPhone app as well, but you don’t actively use the app for more than a few seconds to pick and connect to a server, so I don’t care.

Proton Pass is a little bit better (it’s also newer I think), it does have a separate iPad layout. It also integrates well with their email alias service (SimpleLogin, although the SimpleLogin service standalone is a bit different still). I still use 1Password though because of the SSH Agent integration on desktop and it also comes with a Safari iOS browser extension for additional convenience features over just the native OS integration for password managers.

I actually use SimpleLogin and while it’s technically not an OG Proton service, you do get their Premium service included with your Proton subscription (Proton owns SimpleLogin now). Very good service and hey, it has a pretty solid iOS app.

I didn’t really use Proton Drive yet, but I’ll probably use it for archiving some stuff by just uploading it through the web interface. Last time I checked they didn’t have a native Linux client yet (for Dropbox-like folder sync), but somebody hacked support into rclone I think, although the API isn’t documented on Proton’s part, so it’s probably not super-reliable.

That’s it, right? Apparently Proton might acquire Simple Notes, and I’d sure take that included in my subscription, although I feel like Proton should focus on vastly improving their existing services first before they broaden their portfolio.

For my threat model, yes they are trustworthy enough. I am not concerned about concealing my identity from a government investigating me for some alleged crime, but rather just transitioning away from Google and investing my time and money into a company that better respects my privacy. As a result, the centralisation doesn’t concern me as much as it does others and I am fine using Proton for VPN, email, calendar and storage. I also use SimpleLogin, which is now owned by Proton. All their applications are well designed and reliable for basic use in my experience, and it is more affordable for me to bundle these services together. I would definitely recommend them to people like myself, but your threat model sounds a little more complicated so you might want to do some further research and see what else is out there.

Been using Proton stuff for years. Some things are super annoying and just don‘t work. Their software engineers are mediocre at best. This made me move everything away from Proton a couple of years ago. Funny enough, all the other privacy focused providers annoyed me even more. So after 1-2 years without Proton, I moved everything back :D

Don‘t expect too much and you will be fine. Simple features you know from other services might be missing. Support is meh, but you rarely have to use it.

claims to be secure

closed source

total snakeoil

Self hosting

The climate activist thing they did pursuant to a warrant, which every company will do, and the only thing of interest they turned over was the person’s recovery email…which was personally identifiable. From there the authorities got everything else. IIRC, they got access to the person’s iCloud. None of the person’s emails or anything like that was given out. If you are strictly concerned about privacy you shouldn’t use a recovery email so that your login can’t be tied back to you.

As far as the service, I am using Mail and Pass daily and like both. I use the VPN and Drive sparingly, but I have enough space on it to stop using my Google Drive. Calendar is useless for me because of the lack of CalDAV support… and also because I can’t have many calendars on the free plan.

It hits the sweet spot between privacy and ease of use for me. YMMV.

Well, I just got blocked for replying all to an email with two recipients and now I can’t access my email, calendar, passwords, or VPN, so that’s great.

Others have touched on whether its trustworthy, but let me paste a comment I made a while back about why I like it so much from a functionality standpoint.

Let me tell you why I like it. It lets you generate a new email alias and password instantly whenever you make a new online account somewhere. Or just whenever you want. I’ve been slowly changing all my accounts over to their own unique email alias that can’t be tied back to my main email. My main address is known by nobody at all.

The main benefits are if someone steals a password, the email address that comes with it will only be useful for that one account. (I don’t need to go over the benefits of a standard password manager.) and so if that email is leaked or added to a spam list, I simply delete that address after changing the address for the single account it was used for. I can tell exactly which address is getting spam easily. 0 spam. Ever. Spam email has been solved for me.

Proton remembers which sites use which email/password as well.

Other than that, it’s just good for privacy. Having a different email for each account makes it harder to track a user across accounts.

These addresses are somewhat auto generated, with the name of the site along with a random word and a few numbers. But if you want to create another email address, you get a handful of custom ones for free with the subscription too. You can revoke these the same way, so you can have a professional looking email to hand out to people that’s not auto generated, without giving out your account’s root email address.

Edit: I also want to specify that while all of this is technically possible through other means, Proton makes it easier than any other option. Plus access to a good vpn, a nice replacement for Google drive (for storage and basic editing, at least) in addition to the email service and password manager mentioned above. A very good deal, in my opinion.

Edit 2: it sure sounds like I’m a paid shill but I can assure you I just really fucking love Proton and I get too excited about things.

I’ve been using their services for the last 2 years and have no complaints. I started on the free plan and have moved up to the family plan with custom domains and aliases for everything.