Secure Email Is a Marketing Scam
2026/04/18
I’ve been getting increasingly annoyed with this push toward the Proton ecosystem as the “privacy-friendly” replacement for Google’s ecosystem.
Yes—ecosystem. That word should bother you more than it probably does.
Because we have already seen how this goes. A company starts small, does one thing well, earns trust. Then it grows. Then it expands. Then suddenly it is not just email anymore. It is VPNs, storage, calendars, AI, and whatever else can be bolted on next.
At that point, it is not really about solving problems anymore. It is about keeping you inside.
And once you are inside? Good luck getting out.
People act like Proton is somehow “different”. It is not. It is still a for-profit company. The goal is still growth. The goal is still revenue. Slapping “privacy” on everything does not magically change that.
What it does change is perception.
A lot of people genuinely think Proton is some kind of nonprofit, or close to it. That is how effective the branding is. Meanwhile, you get a “privacy-focused AI” (Lumo, LOL) being pushed while the core email experience still lacks something as basic as proper mail client support.
But do not worry—you can use Proton Bridge.
Which is just: another layer, another point of failure, another thing you have to trust.
And naturally, it is behind a paywall.
Perfect.
Because nothing says “privacy” like needing extra software just to use your own email properly.
The more layers you add, the harder the system becomes to understand. The harder it is to audit. The easier it is to hide problems.
But hey, at least it’s packed into one convenient ecosystem.
And that is exactly why we should not be putting all of our eggs in one basket.
The Sales Pitch
Before you even sign up, they hit you with the usual wall of reassuring words:
End-to-end encryption, zero-access encryption, the standard for email privacy, secure by default, trusted by millions, protecting you from digital spies, and a discounted plan (because apparently privacy also needs a sale tag).
And of course they remind you that the usual giants—Gmail, Outlook, Yahoo, and the rest—scan your mail and build profiles on you. Convenient. Very convenient. Nothing gets people to open their wallets faster than a little fear.
This is not a coincidence. This is the product.
They are not just selling email. They are selling reassurance. They are selling the feeling that you escaped the mess, even when you are still standing inside another one.
Does all of this sound reassuring? Good. That is the point.
The Reality
Now step out of the marketing for a second.
Proton’s website is heavily dependent on JavaScript. That means every time you use it, you are trusting code that is delivered to you on the fly.
The same company that promises privacy also controls the code that handles your encryption.
Think about that.
Their own privacy policy says you may be asked to verify using Proton Captcha, email, or SMS. So much for anonymity.
They also say IP addresses, email addresses, and phone numbers may be stored temporarily, and that your IP address maybe retained permanently if they decide you have violated their terms.
“Maybe retained permanently” is doing a lot of work there.
Because what counts as a violation?
Whatever they decide it is.
Then there are payments:
They rely on Chargebee to process payments, and some amount is information is shared with third parties like PayPal, Stripe, and Bitcoin transactions.
So even in a “privacy-focused” service, your data still flows through external companies.
Because of course it does.
And then the classic line:
Company reserves the right to review and change this Privacy Policy at any time. As long as you are using the Services, you are responsible for regularly reviewing this Privacy Policy. Continued use of the Services after such changes are performed shall constitute your consent to it.
In other words: they can change the rules whenever they want, and if you keep using the service, you agree automatically.
No negotiation. No meaningful notice. Just silent consent.
That is the part they do not put on the homepage.
The part where “privacy” comes with conditions, exceptions, and a fine print.
The part where trust is not guaranteed. It is assumed.
Privacy, with Conditions
Proton does not just run an email service.
It also runs analytics.
According to its own policy, it uses self-developed analytics tools, stores them locally when possible, and says third-party services may process data to deliver website images.
“Self-developed analytics tools” sounds reassuring, right?
Because nothing says privacy like “trust us, we built it ourselves.”
What does it collect? How much does it collect? How exactly is it anonymized?
You are not really told.
And the best part is the phrase:
Analytics are anonymized whenever possible
Whenever possible.
Not always. Not guaranteed. Not by default.
Just whenever they feel like it can be done.
That phrase is carrying a ridiculous amount of weight.
And even if you take it all at face value, you are still left with the same reality:
You are being measured, you are being analyzed, you are part of “analytics.”
Just politely. Wrapped in better wording. Packaged as something harmless.
Privacy, apparently, comes with a dashboard.
Metadata Is the Point
Even if you ignore content encryption, Proton still has access to:
Sender and recipient, timestamps, subject lines, IP addresses in certain cases.
That is not a minor detail. That is the part that actually matters.
Because metadata is often more revealing—and more valuable—than the content itself.
Yes things like:
- Who you talk to.
- When you talk.
- How often.
Is far more valuable to companies than the actual contents of the talk itself.
You do not need to read the message to understand the pattern.
And yes, their policy also says unencrypted messages from external providers are scanned for spam and viruses. That means the message is processed before it reaches you. Whether they store it or not is beside the point.
So even in a “secure” email service:
Unencrypted emails are analyzed, metadata is always available, and patterns can always be built.
That is not uniquely evil. That is just how email works.
Which is exactly why pretending email has become fundamentally safe because of branding is so absurd.
The Illusion of Control
Encryption happens in your browser.
That means JavaScript is doing the work. And that JavaScript is delivered by the provider.
Every time you open the site.
So who controls your encryption?
They do.
If the code changes, you will not know. If the code is compromised, you will not notice.
Because you are not running a fixed program. You are running whatever they send you today.
That is the part people do not think about.
Oh, absolutely—because what could possibly go wrong with trusting a system that can rewrite itself every single time you refresh the page? Totally normal. Totally stable. Definitely not something that could be compromised on a whim… or quietly compromise you instead.
But hey, don’t overthink it—millions of people already trust it! And they don’t fully understand how it works right?… That’s even better. That just makes the whole thing smoother, don’t you think?
Paywalls and Limitations
Want to use a proper mail client?
You need Proton Bridge.
Which is paid.
So let us translate that:
- Real usability = paid
- Real control = paid
The free plan is not just limited. It is designed to keep you inside their interface, inside their rules, inside their ecosystem.
And if you want out?
You pay.
Because apparently even “privacy” comes with a subscription tier.
The Pattern
This is not just about Proton. The reason I picked up on it is that I got annoyed with all the ads and sponsors I see.
You could replace the name with Tuta, or any other “secure email” provider, and most of the same issues would still apply.
Different branding. Same limitations.
These services all follow a similar model:
- Limited or nonstandard encryption
- Heavy reliance on web mail
- Poor interoperability
- And a strong push toward staying in their system.
At first glance it looks modern. Convenient. Streamlined.
In reality, it is restrictive.
If you cannot use your own mail client, you do not fully control your email.
You are locked into: their interface, their implementation, their security model.
You do not get to choose how your data is handled. You just get to trust that it is handled correctly.
And that is the real problem.
Convenience over Control
All of this is justified the same way:
“It is easier for the user.”
And yes, it is easier.
But that convenience comes at a cost: less transparency, less flexibility, more trust required.
You trade control for simplicity.
That is the deal.
What Actually Matters
If you care about privacy, stop obsessing over the provider.
Focus on control.
- Use a mail client
- Avoid web mail whenever possible
- Always use PGP yourself to encrypt the contents to the mail, on your computer, before you send it
- Roll out your own email server, it’s really not that hard. (It’s only about 5 - 10 dollars a month)
Plus if you have your own email you get these premium features all for free:
- Unlimited email addresses
- Unlimited email aliases
- You truly own your own email
- You can use it as your brand name
- A custom domain name is yours to keep forever
- Zero tracking at least on your server
- Better SPAM protection
- Catch-All-Inboxes
The things these companies advertise like zero-knowledge encryption, no-trust policy, quantum-safe encryption, etc, etc. Matter far, far less than the ones I listed above.
Plus you can’t expect email to be fully private, no matter how hard you try, metadata is always there. If you really want max-privacy just talk to the person in question privately with no smart devices around you. If that’s not possible use XMPP or IRC or even Matrix.
The moment your security depends on someone else’s website, it stops being your security.
It becomes trust.
And trust is exactly what you were trying to avoid in the first place.
Email is not secure. It never was.
Everything built on top of it is just trying to make you forget that.
And once you understand that, the illusion breaks.