@yogthos Indeed. Transparency is lacking. Laypeople probably don't know that the metadata is plainly visible to PM admins & all mail servers transacting w/Protonmail. Msg payloads are protected by crypto unless malicious js is pushed to someone who is targeted. #Hydroxide fetched over Tor can counter that (right up until #Protonmail pushes a #CAPTCHA which forces users into a browser).