The law - for good or for bad - is what defines rights. If there is a judge which says that an investigation has to happen, and also the companies ensured that the claim is legit (you see from the stats that the context 15-20% of the data requests), then what else can be done?
You cannot operate illegally, so either you comply or you shut down.
I run Prometheus on a separate cluster, so I plug my servers with node_exporter and scrape metrics. I then alert with grafana. To be honest, the setup is heavier (resource usage-wise) than I would like for my use case, but it's what I am used to, and scales well to multiple machines.
I have seen this post and decided to respond via a separate blog post. https://loudwhisper.me/blog/containers-isolation/
The short answer is that yes, they do. And yes lowering the privileges of the user helps in avoiding container escapes, which basically makes the other advantages for containers valid. You can, however, achieve the same using (relatively obscure, imho) systemd settings, running with flatpak etc. Namespaces + Cgroups + Seccomp + Capabilities = better security. Containers make it easy to use all of the above.
They did not disclosing any content of any email. They disclosed the very little they have. Once they have been forced to log IP addresses and that was turned to law enforcement, another time they were forced to disclose a recovery email address. These facts if anything should help build trust in proton, as they show how little they collect and therefore can disclose. With signal is the same, they collect super minimal info (the time you last logged in and a couple more data points, I think), and that's what they disclosed in the past.
It's a non-news.