> In a way, for ProtonMail (in your browser) to be "end-to-end encrypted", you have to trust Proton. But that kind of defeats the purpose of end-to-end encryption.

Yes, and every VPN in the world (that isn't self-hosted) relies on trust that they won't share your info, not even your fingerprint - which defeats the purpose of VPNs. It's very hard to have perfect security. OK, impossible.

▲

palata an hour ago | parent [-]

Sure, it's always a tradeoff. There is no "perfect" security, but there is "better" and "worse" for the threat model.

My point here is that when you run a webapp from a browser, you have to trust the server. When you run a program that you download on your system, it's easier to check that it doesn't change and to make sure that others get the same one.

	▲	mapontosevenths 42 minutes ago \| parent [-]
		Exactly, as with all security you have to ask what the threat model you're defending against is and what you're willing to pay. If it's "Google knows too much and I want an alternative" Proton is great, cheap, and convienent. If it' "my own government might kill me" then it might be time to think about self hosting.