“So @ProtonMail received a legal request from Europol through Swiss authorities to provide information about Youth for Climate action in Paris, they provided the IP address and information on the type of device used to the police https://t.co/KtKF4wn3wv”
Nextcloud is not a mail-server, don’t confuse it. Nextcloud has an Email app which can be connected to your account. They use LDAP for most services with few exceptions (f.e. Gitea).
If you have questions about the Email server and the webmail use you can ask them directly about it. The email stack I tell you that is one very known and is actively maintained.
The case with Rainloop is quite different because have been subject of controversy in the past regarding to its security, you can always ask about it.
About the security audit: most tasks at Disroot are SysAdmin/DevOps tasks can be checked in different repositories as they are deployed with different DevOps tools like Ansible ( https://git.disroot.org ). If there is something non-Standard/custom that should be audited (as this is the source of audits, not configurations that have been already audited commonly or are recommended already by security teams) you can always ask to the maintainers by email to support[AT]disroot[DOT]org. Sometimes they work close with maintainers of different software for bugfixes, etc (Nextcloud and different apps of it as example).
If you think there is something to be doubt, just start reporting to it to improve it instead of putting this as a supermarket of products which should be chosen exclusively and to which you cannot do anything. Protonmail is by source something that is not going to change in the same way that Disroot could by the base of it.
Nextcloud is not a mail-server, don’t confuse it. Nextcloud has an Email app which can be connected to your account. They use LDAP for most services with few exceptions (f.e. Gitea).
If you have questions about the Email server and the webmail use you can ask them directly about it. The email stack I tell you that is one very known and is actively maintained.
The case with Rainloop is quite different because have been subject of controversy in the past regarding to its security, you can always ask about it.
About the security audit: most tasks at Disroot are SysAdmin/DevOps tasks can be checked in different repositories as they are deployed with different DevOps tools like Ansible ( https://git.disroot.org ). If there is something non-Standard/custom that should be audited (as this is the source of audits, not configurations that have been already audited commonly or are recommended already by security teams) you can always ask to the maintainers by email to support[AT]disroot[DOT]org. Sometimes they work close with maintainers of different software for bugfixes, etc (Nextcloud and different apps of it as example).
If you think there is something to be doubt, just start reporting to it to improve it instead of putting this as a supermarket of products which should be chosen exclusively and to which you cannot do anything. Protonmail is by source something that is not going to change in the same way that Disroot could by the base of it.
Disroot isn’t security oriented.