I just came across these "disturbing facts about proton mail". Let's say, hypothetically, that I administer a small org that now wants to move away from proton.
I guess I should just learn pgp, but that would be a tough sell for any boomer members.
EDIT: thanks for all the responses! It seems like my intuition was correct: email is inherently insecure, and proton is no worse than other email providers insofaras you don't let their marketing cause you to drop your guard. If it's illegal, keep it offline.
Aside from hosting your own email servers, doing your own encryption, running your own software and personally verifying every email you send to, most of these things are largely unavoidable. It's effectively impossible for a third-party email service/website/software to 100% guarantee against doing script injection/credential and info-harvesting on behalf of a government.
However, some of these are still non-negligible flaws, I am also curious if there is a better provider out there.