Sure, it's always a tradeoff. There is no "perfect" security, but there is "better" and "worse" for the threat model.

My point here is that when you run a webapp from a browser, you have to trust the server. When you run a program that you download on your system, it's easier to check that it doesn't change and to make sure that others get the same one.

▲

mapontosevenths 2 hours ago | parent [-]

Exactly, as with all security you have to ask what the threat model you're defending against is and what you're willing to pay.

If it's "Google knows too much and I want an alternative" Proton is great, cheap, and convienent. If it' "my own government might kill me" then it might be time to think about self hosting.

	▲	palata an hour ago \| parent [-]
		> "Google knows too much and I want an alternative" Proton is great, cheap, and convienent. I think that Proton does a good job with the suite (docs, sheets, calendar, password manager), and I believe they have a good VPN (for what we may expect from a VPN). Interestingly, Proton started with ProtonMail, and I find it's the least convincing of their products: 1. As an individual, writing from your ProtonMail account to (probably) someone on GMail doesn't change anything. 2. As a company, writing from Proton to Proton is a good idea, but there is no need for end-to-end encryption: just choose a mail provider you trust, I guess? 3. The ProtonMail end-to-end encryption in the web browser defeats the purpose of E2EE: you have to trust Proton anyway, because they serve the code every time your employees load the page.