The credit card doxing is the obvious lesson, but there's a deeper one that nobody's talking about: even with perfect encryption and a trustworthy provider, your email address is still a public attack surface. Anyone who knows it can reach your inbox.
Spam filters are the industry's answer, and they're all built on the same broken model — an algorithm decides what you should see. You're just trading one gatekeeper (Proton, Gmail) for another (their spam classifier).
What if inbox access was permission-based instead of filter-based? I've been building exactly this: unknown senders pay 100 sats via Lightning to reach you. Pay once, whitelisted forever. If the message was legitimate, 8 cents was nothing. If it was spam, the economics kill it at scale.
No provider trust required. No algorithm deciding what's important. The sender proves intent with the smallest possible economic signal.
The Proton situation isn't really about Proton — it's about the entire model of trusting a third party with your attention. The fix isn't finding a better provider. It's making access itself permissioned.
The credit card doxing is the obvious lesson, but there's a deeper one that nobody's talking about: even with perfect encryption and a trustworthy provider, your email address is still a public attack surface. Anyone who knows it can reach your inbox.
Spam filters are the industry's answer, and they're all built on the same broken model — an algorithm decides what you should see. You're just trading one gatekeeper (Proton, Gmail) for another (their spam classifier).
What if inbox access was permission-based instead of filter-based? I've been building exactly this: unknown senders pay 100 sats via Lightning to reach you. Pay once, whitelisted forever. If the message was legitimate, 8 cents was nothing. If it was spam, the economics kill it at scale.
No provider trust required. No algorithm deciding what's important. The sender proves intent with the smallest possible economic signal.
The Proton situation isn't really about Proton — it's about the entire model of trusting a third party with your attention. The fix isn't finding a better provider. It's making access itself permissioned.