I just came across these "disturbing facts about proton mail". Let's say, hypothetically, that I administer a small org that now wants to move away from proton.
I guess I should just learn pgp, but that would be a tough sell for any boomer members.
EDIT: thanks for all the responses! It seems like my intuition was correct: email is inherently insecure, and proton is no worse than other email providers insofaras you don't let their marketing cause you to drop your guard. If it's illegal, keep it offline.
deleted by creator
This is roughly what I'd recommend, though I'd HIGHLY recommend setting up communications in such a way where the server is in the physical custody of the organization. This limits the spies to monitoring data in transit, whereas if you're hosted on something like AWS they can image the machine any time they want without your knowledge and collect data at rest.
PGP is probably the best tool available for email, but as you mentioned it is complex, and it is also not a panacea (however, it is not brain surgery. I recommend everyone learn how it works). I'd save email for correspondence outside the organization (newsletters, media contact, public inquiries, announcements, etc) and handle all internal communication using something that isn't burdened with 50 years of technical debt.
This leads me to recommend a private, non-federated Matrix instance, or something along those lines. Again, running on a machine in the organization's custody, so you can wipe that shit like Hillary Clinton the moment you start feeling suspicious, or spirit it away to an unknown place if the information absolutely must be preserved.
Except they have to furnish metadata to LEAs upon request, which is all that is needed in most cases.
deleted by creator
There's good basis to doubt their claims I use signal, but im still careful
deleted by creator
Lol I show you evidence that signal was funded by extremely shady alphabet agency connected sources, and you show me some sternly worded letters that somehow make federal warrants magically disappear, calling it "the proof".
Listen, I don't know shit. I dont know if the author that i linked, as well as all of his sources, have an axe to grind with signal, or what. I'm just saying I don't trust them and I don't think anyone else should either. I use signal, cautiously.
And yeah, I'm running graphene, I'm aware of phone vulnerabilities and I do what I can. I have friends who know way more about this than I do, but nothing is perfect.
deleted by creator