Yep, which I think is why it’s more important to see what data is being collected and stored, rather than giving up data based on how trustworthy an entity seems
If the tool doesn’t collect or log the data to begin with, then there’s nothing that can be stolen/taken/demanded
The solution in this case might be for Proton (and the other companies) to list out risks and data collection information along the way.
We need X in order to do Y. Read more on how Y works. Now here are some risks, and how to avoid them: