The service puts a strong focus on security and privacy, and since I received my beta account access just a few moments ago, I decided to write a first look review of it so that you know what it is about and what it offers.
ProtonMail is in beta right now, and the best option to get an invite right now is to support the company's Indygogo campaign. The campaign has already met the goal so you do not have to worry about it not reaching it and closing down because of it.
Anyway, you can also sign up for account access on the official site but that has been done by a lot of interested users already so it will take a while before you get access.
You have to set two different passwords during setup. The first is the login password that you use to sign in to your account on the website.
The second is the mailbox password. It is used to encrypt the emails of your account. Mails are stored in encrypted form on ProtonMail servers so that the company or third-parties with access (e.g. law enforcement or hackers) cannot read emails as they are not stored in plain text or with encryption keys that the server company has created (and can thus decrypt).
The downside is that if you lose the password, you too won't be able to read the mails anymore. All data is stored on secure servers in Switzerland.
When you sign in to ProtonMail, you are first asked to enter your username and account password. Once done, the encrypted data is sent to you.
You are then asked to enter the mailbox password to decrypt the data locally in the browser and get access to your emails.
ProtonMail uses end-to-end encryption meaning that the messages are stored in encrypted form on the server, and sent encrypted to the user.
Messages between ProtonMail users are also sent in encrypted form within the server network of the company.
Messages that you send to email addresses not hosted by ProtonMail can be send in plain text or encrypted as well. If you select encrypted, you add a password to them that is used to decrypt them.
The recipient needs to know the password to decrypt the message. The email itself will contain a link and instructions, and a click on the link opens a web page on the ProtonMail website where the password needs to be entered to decrypt the message and read it.
Another interesting feature is the ability to send self-destructing emails. This works only when you send the mail to another ProtonMail user or add a password to encrypt the message if you send it to an outside user.
The effect is that the email will expire automatically when the set expiration time is reached so that it cannot be accessed anymore.
A few features are not available right now, like sending encrypted attachments. This will be implemented however in time so that all contents are encrypted when you send emails using the service.
It is not clear yet if third-party access will be implemented eventually. As of right now, it does not seem possible to use third-party devices or programs such as Thunderbird, Outlook or mobile mail clients to access the data.
Mobile apps are a campaign goal that will be reached when it hits $500,000.
The mail client is quite basic at the moment. That is not necessarily a bad thing, but if you compare it to Outlook, Gmail or Yahoo Mail, you will notice the absence of features such as labels, tags, advanced search parameters or different interface themes.
ProtonMail does not reinvent the wheel, but it makes secure email more accessible to users. While you can set up a similar mail service locally using PGP and hard disk encryption, it takes much longer to set it up properly and can be a frustrating experience if you do it for the first time.
The downside is that you only get web access at the time of writing. While that can change in the future depending on stretch goals reached, it may turn away some users from the service because of that as it is not flexible enough in this regard.
Then again, nothing keeps you from using ProtonMail for important secure communications and another mail provider for everything else.