Eh, we are entering an area of speculation. The right answer is 'only google knows', but since you are asking twice this question, let me try to take a wild guess:
- Google, an advertising company, benefits from having access to the plaintext of people's messages. They can advertise this as 'secure' but only for the comm channel.
- Proton mail, advertises itself as: "ProtonMail is the world's largest secure email service, developed by CERN and MIT scientists. We are open source and protected by Swiss privacy law.", featuring end to end encryption, anonymous email, mobile clients etc.
- Fastmail: "Secure, reliable email hosting for businesses, families and professionals. Premium email with no ads, excellent spam protection and rapid personal support."
If I'm a product manager of GMail, I'd be more scared from Proton mail than FastMail. In fact, anything featuring end-to-end encryption will be approached with negativity, because then GMail can't target ads, which are the main cash cow for google.
May be unpopular opinion, but I think that's the correct criticism here.
When I decided to move off Gmail,I had the paranoia hat on, and looked for something rock-solid. ProtonMail sounding so good on paper, fails to live up to sone common sense questions. If the encrypting infrastructure is closed and under their control, it boils down to trusting them on their pinky promise. False pretense of privacy and security is worse than being paranoid and defensive.
I chose Fastmail. I pay for my email service and don't expect them to sell me out. Get to use a functional email system that lets me search my emails(ProtonMail lacks this ability).[0]
Being aware that my emails could be snooped on by some government somewhere.. so nothing sensitive goes in there. That's what OTR or other personal encryption systems are for.
[0] - https://protonmail.com/support/knowledge-base/search/
I can see all sorts of criticism leveled at ProtonMail, but this seems a bit disingenuous. They're trying something different than GPG, which had 20 years to prove itself and failed to gain any traction.
Sure, you have to trust their software, but is that fundamentally different than trusting the GPG software, or did you do a full audit of that?
GPG, when used correctly, is theoretically secure. Protonmail, like Lavabit, is insecure by design. They make no mention of this; they claim the inability to read your messages, which is trivially false.
GPG has a track record of being secure against many adversaries, including the NSA. It's used by most Linux distributions for package signing, so you probably already depend on it -- even if indirectly.
I don't expect GPG to be completely secure. But it's not based on deception.
The trivial attack is based on them sending you compromised code, right? Because that seems to comparable to an attack on GPG where their downloads are compromised.
I get that there's a difference in degree, i. e. GPG binaries being checked against hashes and having a long track record as an organization, but is that fundamentally different?
I could see ProtonMail evolving to, for example, using a browser extension that allows you to use a known-good version of the crypto library, and informing you of changes.
Point being: it isn't perfect and I'd prefer something based on standards. But e-mail encryption has failed, even though it is often more personal than websites where TLS has been successful. ProtonMail is a legitimate attempt in a space that seems to need a new approach.
The difference is that, any time you check your email, a basic TLS MitM could exfiltrate your entire inbox without your or ProtonMail's knowledge — exactly the same threat model as Gmail or any other webmail provider.
Further to that, I'd trust Google's infrastructure to withstand compromise much more than I'd trust a datacenter run by a small company that I know much less about. (Tinfoil hat: sure, I have to assume that the NSA has a copy of my Gmail inbox, but god knows who else may have owned ProtonMail.)
