Totally with you.
I am sure Proton do its best regarding privacy.
I rely on this privacy providing solution.
Beyond that I am convinced that privacy is a hot-burning issue to come.

The moral/ethical debate reduces its field to one of the two moral/ethical option POV from a binary POV.

If the last spaces of freedom have to take security concerns into account, privacy no longer exists.
Using human nature as a point for security is like judging a weapon for the same reason.
Good and bad is a whole field of discussions and thoughts by themselves.

To me Proton should follow an absolute neutral way to make sens to me.
Since privacy is what we pay for, then the best possible privacy is what we should get.

Is it not also the case that there are legitimate reasons that accounts need to be handed over to authorities?

I am all for privacy and a better internet than we have, but I do not think it should be constructed in such a way that high tech criminals can vanish into legitimate privacy services.

No need to get explicit, I am sure everyone can think about a few examples of activities online that have to be able to be tracked and handed to authorities.

I think a lot of people forget data is needed to catch/find bugs and holes. Money is needed to be independent. People are needed to grow and people hate things that are too hard.

I like this conversation in general and glad it's happening. Also, props and respect to ProtonMail for having a go at this project.

RE: DNSSEC registrars - Not hating on waiting out registration time that has already been purchased, and DNSSEC is a legit requirement, but it seems like it would be pretty easy to get ethically better than hucksters like GoDaddy at least after the domain registration expires. For instance, I haven't seen or heard nonsense of any kind out of DreamHost, and they are a company that conspicuously supports and contributes to OSS, seems transparent, and are a registrar that supports DNSSEC. Why not use a registrar like that to distance ProtonMail from GoDaddy's baggage? Seemed like strange bedfellows to me too. (+ I'm not a DreamHost employee)

more transpearency is always welcome but the questions have been answered by "Anonymous commented · March 23, 2017 19:45 " right?

Even if you run the DNS infrastructure the traffic to the domain can be redirected by GoDaddy by pointing it to another set of DNS servers. It would be much better if it is any registrar with no presence in US.

The comment "Anonymous commented · March 23, 2017 14:45" has basically covered everything.

We will add that the reason Godaddy remains the registrar is because they are one of the few registrars to support DNSSEC. Using Godaddy as a registrar is not so problematic because we run our own DNS infrastructure.

I agree that these questions are important and even if the answers are what we expect, they should be easier to find or even be presented to the user in the welcome e-mail to educate the population on how and why it's private.

Why use Amazon and Dupont de Nemours servers? They just don't (IP Location Switzerland - Vaud - Lausanne - Proton Technologies Ag)

- *E-mail traffic log: How do you want to be able to read your mails if they are not stored?
- No IP address should be stored: it is the case, they are stored if you enable IP logging
- All metadata must be logically encrypted: they are, but not end-to-end because because it's not physically possible
- Save the minimum of necessary information: it's the case
- Why are you still with Godaddy? Godaddy is just the registar, not the hoster where do you want them to go? why?
- What data are retained for undetermined time: check the privacy policy maybe?
- Do not save browser fingerprints, never: they don't

And i'm not a staff member

There are valid questions tho

You are absolutely right, please Protonmail team, take a look at this real issue!

They use Amazon servers, and Godaddy? I thought their datacenters were all located inside a mountain?

Good questions