It’s good to see their applications slowly making their way over to F-Droid. I enjoy some of their offerings but also see problems with putting all my eggs in one basket so I do not use all of them.
Why? I mean honest question. I think doing so is actually more safe. You have to trust less organizations with your data.
Emails can often be used to reset your password anyways.
Personally I do not store TOTP in proton pass for other important accounts. That for me seems the right mitigation.
And obviously you should regularly export your data from proton for offline backups. For that I recommend istorage datashur (https://istorage-uk.com/) drives with hardware encryption. Keep those in multiple locations and you have quite a solid setup if you’re asking me.
The way I see it is that being in the Proton ecosystem is not putting all your eggs in one basked, it’s more like putting all your eggs into one E2EE encrypted secure vault that is managed by a trusted party but only you have the keys to it.
I definitely agree with you that it’s preferable to lots of providers where their data policies are disappointing at best. But I run my own server at home with local access only and I feel a lot safer trusting a box that does not have any outward connections than Proton.
I do however backup very important things encrypted and stored in Proton Drive so I feel I’ve managed to strike a good balance there.
But to sum it all up, I feel, just like you that it’s better to only have one point of failure, especially when the alternative is using Google or Microsoft.
I use all the Proton services too, but I have a hard time with PP. As some people have pointed out, I’m not sure they’re necessarily willing to put all their eggs in one basket.
And what’s the difference between the F-Droid version and PP’s Play Store?