No Data Retention, no logs, and more transparency.
Things that should have been here.
Protonmail needs to be more transparent in the same way as it is expressively transparent, when it says that its service is hosted in Switzerland.
There are things we should not ask to do as we do here on this list, ask for encrypted data where it should already have, major keys etc.
These things should already be in place and not be something on demand.
Protonmail has an easier to use interface, but that does not mean it's not as accurate in privacy as it should be.
*E-mail traffic log: Messages sent and received should be a maximum of 24 hours.
*No IP address should be stored, never. This should be the only option.
*All metadata must be logically encrypted: If metadata is not encrypted, privacy is shallow.
*Do not save browser fingerprints, never.
*Desktop Client: A desktop app to generate or import pgp keys locally off line in an easy way.
*POP/IMAP/SMTP+LTS: Ensure people have the right to choose to save their emails to their own hard disks with their personal settings. This will also make people living in countries where the internet is slow, they can access their emails offline.
*Save the minimum of necessary information: If it is privacy it has to be privacy.
"Active accounts will have retained indefinitely." What data are retained for undetermined time? More transparency here!
This is very serious, a dedicated attacker with powerful features like the ... government? They can break down poorly crafted passwords and discover gaps with accumulated data, and of course, with the metadata present, this becomes easier.
*Why use Amazon and Dupont de Nemours servers?
*Why are you still with Godaddy?
You are absolutely right, please Protonmail team, take a look at this real issue!
They use Amazon servers, and Godaddy? I thought their datacenters were all located inside a mountain?