It’s quite demoralizing and frustrating from the corporate experience to be put in this position (I’m Skiff’s CEO). I see the greatest success for Privacy Guides to work with companies to make more privacy-respecting, secure services. We’ve done exactly that in good faith - respecting your criteria and allocating engineers on our team to get us to the point of recommendation. This costs an enormous amount for a product to implement.
We’ve now spent months implementing all of the best practices, both because we want Skiff to be as secure and private as possible, and because we want to be recommended on your guide. We’re becoming quite popular (almost half a million users in the last year) and would love to share and help grow your community while ensuring that products are held to high standards. Moving the bar constantly is extremely frustrating and demoralizing to our team. Transparently, it’s hard for us to even believe that the criteria are created in good faith.
Our solution for external sharing was not intended for email. It is much more powerful to share E2EE real-time collaborative docs/files with subpages, embedded E2EE files, and so much more. It’s both confusing and frustrating to require that we implement a less powerful, worse experience that was never part of the original spec.
Email headers is a reasonable feature to look for, but password protected emails and feature requests (like nested folders) are completely out of place.