https://hear-me.social/ is one possibility. It has the added benefit of a 12,000-character posting size as well, especially nice if the 500-character limit at .social was frustrating.

I’d ask for a refund.

You don’t send them the password. The password never leaves your device. The password is the decryption key to decrypt your encrypted private key, which is what they send to your device. This is why, for Proton Mail, and others that use this technique, it is imperative to have a strong password to protect your private key.

Proton stores your encrypted private key . An encrypted private key does not allow them to read your email or files.

When you log into a new device:
Proton sends the encrypted private key to your device.
You type your password.
** Your device** (not Proton’s server) uses the password to decrypt the private key locally in your browser or app memory.

That decrypted key is then used to decrypt your emails on your device. Proton mail sends you just the encrypted text.

There is one potential security issue:

Since Proton serves the website code (HTML/JavaScript) that performs the encryption, you have to trust that they serve you honest code. Proton could theoretically alter their website code to capture your password the next time you log in, which theoretically a government can force them to do.

However, this is a different threat than “they have the keys.” Currently, they possess the keys only in a form they mathematically cannot unlock.

"From time to time, Proton may be legally compelled to disclose certain user information to Swiss authorities, as detailed in our Privacy Policy. This can happen if Swiss law is broken. As stated in our Privacy Policy, all emails, files and invites are encrypted and we have no means to decrypt them. "

I hate these hasty generalizations about a group of people. It serves no purpose and gives less intelligent people a reason to be snarky against other people.