Proton doesn't really protect anything email related unless the recipient is also using protonmail. The article also points out they sought payment data, not "IP and device ID" information.

▲

niam 21 hours ago | parent | next [-]

This seems misleading inasmuch as your correspondents aren't all on the same mail servers.

Yes, correspondence between you and Build-A-Bear, and between you and your local terrorist cell, are unencrypted individually. But Build-A-Bear presumably doesn't know about your correspondence with the cell, and the latter presumably has some interest in not sharing organizational data access with the former.

I suppose you do have to trust that Proton isn't served a directive to snoop on your correspondence in transit with other providers. But that's still a much better position than leaving all of your historical data unencrypted at rest.

▲

lucb1e a day ago | parent | prev [-]

> unless the recipient is also using protonmail

Or any similar service from another vendor? Or hosts their own email. If someone using Protonmail emails me, their data is also not getting sold for example, it's just stored on my laptop

	▲	wolvoleo a day ago \| parent [-]
		Even if it's another self hosted service, proton still needs the plain text in order to send it to them with transit encryption only. Proton does have interoperability with PGP/GPG but very few people use that because of its UX.