This captures my opinion related to some security questions. These questions are somewhat specific but are absent considerations like scalablity, language access, comfort with technology, and risk assessment. Therefore, these are blanket responses that may or may not provide value to the reader/end-user.
The response to this is always contingent on what risk one is facing but, generally, RiseUp is an amazing provider with good politics, relatively secure infrastructure, and a deep commitment to protect their users. That said, RiseUp does not offer the features which many users take for granted in both interface and functionality. I am not overly concerned about their warrant canary situation because they have taken the opportunity to move towards a zero-knowledge framework so that this concern can be largely put to bed.
Services like ProtonMail and Tutanota are very good BUT users often misconstrue how these services work. The most secure Tutanota or ProtonMail emails are those to addresses using the same service (e.g. Tuta to Tuta; Proton to Proton). Unfortunately, we all don't use the same secure services so email becomes particularly porous.
Commercial (not gratis) services like GSuite and Office365 have good security and user controls. These have specific terms of service which make them substantially more secure from vendor and third party scanning than the free products (e.g. GMail/Hotmail/Live).
Personally, I feel folks should avoid free commercial services (GMail) for movement work as the terms of service favor commodification of your data and your behavior patterns. These services also lead to curious access questions (e.g. if I share a GDoc using my GSuite account with a GMail user, which terms of service govern how my GDoc is scanned, accessed, indexed, etc?).
Email is a very risky mode of communication because, even if folks are using encryption, the metadata footprint can't be addressed. This is important when thinking of things like human network mapping or allegations of joint venture/conspiracy/association.
So, maybe we move some conversations to ephemeral messaging...
Signal is great where folks have reliable SMS. The reliable SMS makes Signal an imperfect solution in places like Latin America, Africa, or other places where SMS might not work as expected. Signal has been demonstrated to not leave a substantial swarth of metadata and, when used through the desktop client, it has the potential to be an email substitute. Martin Shelton has done great write-ups about using Signal securely. My favorite Signal feature is being able to set message deletion.
I don't object to WhatsApp too strenuously because for many folks where Signal is not an option, particularly migrant communities, WhatsApp helps folks communicate in a relatively secure manner. While turning off backups which undermines the security model takes human effort, the effort is minimal. WhatsApp also has the advantage of being used broadly and not just by security conscious users. Unlike Signal, you can't have messages expire/self-delete.
Wire is really wonderful in that it addresses a salient issue with WhatsApp and Signal: both services are tied to your phone. That means that Wire allows you to create an account with a disposable email address and have relatively secure communications which are end-to-end encrypted. Wire also has a teams function that looks very promising. As a side-note, the quality of voice and video over Wire is really remarkable and, when thinking about security, we have to appreciate the value of video as an authentication mechanism (e.g. am I really talking to Ken?).
While it can be considered more of an identity tool/service, Keybase has a very good chat and collaboration platform which is relatively secure. It isn't sexy but it's very functional.
Collaboration: What is your opinion of what is secure about each of these services, and what is not?
Slack
Trello
Doodle polling
Anything else you might recommend
Storage: For purposes of storing privileged Attorney-Client Communications or Attorney Work Product, what is your opinion of what is secure about each of these services, and what is not?
Dropbox
GoogleDocs
OneCloud
Anything else you might recommend