To clarify:
ProtonMail. I don’t hate it, but their choices in what to monetize is bizarre to me, like the ability to make more folders than three, you have to pay to have more folders. Also, it’s not a perfect mail system, you’re going to not get or be able to send 100% of mail because there are mail services people or businesses use that simply don’t register when using ProtonMail.
In an age where there are tons and tons of things out there that is a subscription, paying for the ability to have more features that have been normalized would turn off some people.
Proton is not stellar privacy wise either. They claim to be privacy oriented but according to their own transparency report their compliance rate is near 90% and they rarely actively contest the requests. In 2025 data was conceded in over 8000 cases.
–Edit–
In other words they seem to be voluntarily handing out user data to pretty much anyone who happens to ask.
I’m not really sure what people want when they raise this complaint about Proton, it’s going to be true of any company. They can’t refuse a legal order, there’s very few jurisdictions on earth where the authorities will just allow a business to refuse to comply with a legal order and the ones that do are not worth running a business in. As far as I know, they’ve never given up content of emails or traffic logs.
If your threat model includes the authorities of the US or any country you might happen to be in, then you shouldn’t be trusting any business that might be compelled by them.
Legislation does not require blind obedience. Requests can and sometimes should be contested. Proton doesn’t seem to be taking a very active approach when it comes to contesting requests.
For example German based tuta seems to be much more active with contests, with reported 75% of user data requests contested/denied, which goes to show that resisting requests can and should be done.
While there are differences between the two companies (tuta being a much smaller player and certainly with its own problems) the difference in compliance percentages is simply staggering.
Iirc signal also doesn’t fight requests. They just don’t have anything to hand over.
Proton OTOH has plenty of info on their servers, like the recovery email address, your payment info, etc… It’s all optional, but to be safe from governments you need to know what is not safe to tell them.
They could come up with a better scheme for payment, idk why they don’t do the automatic gift card method.