Generally the rule of thumb is: if a service (including one focused on privacy and/or security) actively advertises itself (which Proton does a lot: especially through content creator sponsor-deals), be extremely wary. I was once also considering migrating to Proton, but luckily tried integrating the account into Thunderbird first; which led me to second-guess Proton’s intentions. It really didn’t sit well with me, they’re baiting users into (over-)committing to their service, encrypt their (primary) mailbox’s contents, and as a result paywall the process of data-migration (including to third-party email clients).

I instead went with a humble Disroot mailbox (I make a yearly donation to), and use fully separate Proton addresses as effective aliases: as I’m not interested in them being associated to my personal email anyway. Other than that, I’ve simply integrated all email accounts (I care about) into Thunderbird. For the big-tech accounts, I’ve backed-up their contents in Thunderbird, re-imported them locally (to be able to search them), and deleted all contents from the servers. I’ve changed the email of more important services to the Disroot account, and listen for any others I might’ve forgotten, on the empty big-tech accounts (which rarely receive anything).

For password managers I’ve always used KeePassXC: synced across devices by having the (encrypted) database on Google Drive, and later synced locally using Syncthing. The KeePassXC-Browser extension does the filling on the browser, and I’ve always used Keepass2Android for mobile (through the keyboard). Nowadays I just use my laptop for anything requiring login, and rarely use secondary (mobile) devices to begin with: eliminating the need for cross-device syncing altogether. The KeePass database lives on my secondary hard drive, and make sure to create backups periodically (which also goes for Thunderbird contents).

Limiting the services you depend upon also helps tremendously, so that even if all passwords are lost, you rarely feel affected. I’m confident I could lose 99% of my passwords, and wouldn’t care whatsoever. In fact, I’ve effectively been through that process already (when changing all recursive passwords to stronger, unique ones: through the “forgot your password?” fields), and could easily do it for important services once more. The most valuable piece of advice I could give, is to identify the important parts, and start from there. If you care enough for the emails effectively held ransom by Proton, perhaps configure the bridge once and extract the data; never to return.

It really is… I’ll definitely further explore some of the concepts mentioned in this piece. The GDPR foremost, the role insurance companies play in this, and perhaps common implementations.

Yeah, I’m really wondering how many, of these 'Business 2 Business/Government (B2B/B2G) “solutions”, are hiding in plain sight. Researching ‘smart cities’ led me to tech100.pro, back then listing: videtics.com/en/integrations, showing Genetec as a partner. Ultimately, it’s just a matter of knowing what to search for: it all right there, just not marketing itself to you and I, but to organizations instead.

I’ve sunken way too much time into writing this haha. But I figured it important enough