Most people don’t compile their clients, Proton could potentially compile a malicious version.
If you ever use the web version, they could send you a malicious javascript.
Sure, you can compile your clients, but even then, most incoming email are not end to end encrypted, Proton has access to the plaintext of almost every email you receive, things like password reset links, verification codes, etc…
They could also log any metadata. IP addressed, time of access, email address that you sent to and receive from.
This is the importance of it being open source. If they started shifting away from that then it would raise eyebrows
Umm… open source doesn’t mean a lot.
Most people don’t compile their clients, Proton could potentially compile a malicious version.
If you ever use the web version, they could send you a malicious javascript.
Sure, you can compile your clients, but even then, most incoming email are not end to end encrypted, Proton has access to the plaintext of almost every email you receive, things like password reset links, verification codes, etc…
They could also log any metadata. IP addressed, time of access, email address that you sent to and receive from.