If I have to choose between a company that freely sells and uses all my data versus a company that e2e encrypts my data and only complies with police and intelligence agency if it is specifically mandated by a swiss judge (and are fighing against it[1]), my money is definitely on the later
Is it perfect? Probably not. - Does it match my thread model? Definitely yes!
Also their privacy policy [2] allows to make a pretty well informed decision and map it against your thread model
And by the way, here’s the statement of the ceo regading the activist: https://proton.me/blog/climate-activist-arrest
[1] https://www.swissinfo.ch/eng/business/proton-wins-appeal-in-swiss-court-over-surveillance-laws/47052196 [2] https://proton.me/legal/privacy
It can’t bypass my network DNS if only my DNS server is allowed to send out via port 53.
It’s really fun to see how some devices are completely panicking. (I only have some chromecast music devices which do not need any internet) Anyway, I do hate that there are manufacturers who hardcode a dns into MY devices.
For the time I’m outside my network I do have a VPN which allows me to acces my pi-hole from outside (I never felt that the speed or latency is especially low)
There are even routers which allow you to re-route specific ports to specific devices. So, even if the device wants 8.8.8.8 the firewall would reroute it to my dns server
If you want a privacy friendly option that works from in/and outside your network without all the hassle above I can also recommend proton VPN which also procides tracker and ad blocking.
For me it depends how “hardened” the account needs to be.
For key accounts I keep the 2fa seperated (where possible with a fido token) For not so relevant accounts I add it to bitwarden. Because I probably wouldnt activate 2fa for these accounts if I’d have to pull out the phone each time
Edit: you also can add the 2fa token to a separate vault