Oddbean new post about login | logout proton screams feds to me
Why
Cause trust us. They claim to be extra private but their servers of course can read all your emails. Don't trust. Verify.
also a lot of bad practices, like no possibilities for free tier to use imap and smtp. This enforce their first party clients to users where faulty pgp implementations or backdoors of any kind can be inserted; also clients are open source but there is absolutely no attention to reproducibility or good FOSS development practice in general. Also extensive use of wasm and jit javascript in the login page of webclient that only god know what it does and reportedly leaks infos when connecting trough onion domains. And yes, in the end is just a "trust us, we are the good swiss people, google bad" narrative, without ANY technical better solution respect what google offers...
What service would you recommend instead?
depend on what you need. Mail is a protocol where if you dont selfhost, the provider can do what he want with your identity and your data. You can encrypt all mails, but still a lot of metadata is leaked (also, if you use mails for common services means you cant encrypt all mails and your data is leaked to provider on daily basis). So the best way is compartimentalize your identities, use different mails for different needs, and selfhost if you really need something more in terms of privacy. Frankly all services are pretty the same, I use protonmail as a kycname@mail.com, I dont expect any privacy from them. For pseudonimous mails cock.li is a good provider, he is very open and clear with what he can do. Hopefully nostr will make mail obsolete.