"ProtonMail makes the software that handles the keys!"<p>Well yes, they do, but that's true for any cryptosystem where you did not personally audit the source code and then compile it yourself.<p>That copy of GnuPG on your Linux box? Did you audit the source? Are you aware of the underhanded C competition and how... well... underhanded a source-level bug can be? If you didn't compile it, do you know all the people who have the CentOS/Debian/etc. package signing keys?<p>ProtonMail isn't perfect but it's better than plain text e-mail stored with a company that's known to make a business model of data mining you. Don't call it "snake oil."