> The obvious solution would be "we don't take down unless there's a court order", but then you'd get exposé pieces saying how protonmail is a den for drug dealers/pedophiles/doxxers/cyber criminals

I think it'd be crazy to make a service worse because of worry over potential hit pieces that might whine about a perfectly reasonable policy. It isn't as if Proton Mail hasn't been accused of those things before anyway (along with accusations of being a honeypot and not private enough).

It's better to have integrity and fight for your users than to cave just to avoid click bait articles by people with irrational views.

No.

They currently do cooperate and they go get the odd bad press about this.

So doing what they actually claim to do would change nothing. Their current stance is just a cop out.

Yes.

Most CERT requests are valid and good and should be obliged.. but there should be a manual check involved.

Especially when an appeal is filed. Especially when the content is obviously security reporting.

Both extremes are wrong - don't ignore CERTs and don't mindlessly oblige them. Find one of the many reasonable middlegrounds.