First look at secure email provider ProtonMail
As you may know already, I have decided to retire my Gmail account and one of the email services that I consider using as an alternative is ProtonMail.
The service puts a strong focus on security and privacy, and since I received my beta account access just a few moments ago, I decided to write a first look review of it so that you know what it is about and what it offers.
ProtonMail is in beta right now, and the best option to get an invite right now is to support the company's Indygogo campaign. The campaign has already met the goal so you do not have to worry about it not reaching it and closing down because of it.
Anyway, you can also sign up for account access on the official site but that has been done by a lot of interested users already so it will take a while before you get access.
You have to set two different passwords during setup. The first is the login password that you use to sign in to your account on the website.
The second is the mailbox password. It is used to encrypt the emails of your account. Mails are stored in encrypted form on ProtonMail servers so that the company or third-parties with access (e.g. law enforcement or hackers) cannot read emails as they are not stored in plain text or with encryption keys that the server company has created (and can thus decrypt).
The downside is that if you lose the password, you too won't be able to read the mails anymore. All data is stored on secure servers in Switzerland.
When you sign in to ProtonMail, you are first asked to enter your username and account password. Once done, the encrypted data is sent to you.
You are then asked to enter the mailbox password to decrypt the data locally in the browser and get access to your emails.
ProtonMail uses end-to-end encryption meaning that the messages are stored in encrypted form on the server, and sent encrypted to the user.
Messages between ProtonMail users are also sent in encrypted form within the server network of the company.
Messages that you send to email addresses not hosted by ProtonMail can be send in plain text or encrypted as well. If you select encrypted, you add a password to them that is used to decrypt them.
The recipient needs to know the password to decrypt the message. The email itself will contain a link and instructions, and a click on the link opens a web page on the ProtonMail website where the password needs to be entered to decrypt the message and read it.
Another interesting feature is the ability to send self-destructing emails. This works only when you send the mail to another ProtonMail user or add a password to encrypt the message if you send it to an outside user.
The effect is that the email will expire automatically when the set expiration time is reached so that it cannot be accessed anymore.
A few features are not available right now, like sending encrypted attachments. This will be implemented however in time so that all contents are encrypted when you send emails using the service.
It is not clear yet if third-party access will be implemented eventually. As of right now, it does not seem possible to use third-party devices or programs such as Thunderbird, Outlook or mobile mail clients to access the data.
Mobile apps are a campaign goal that will be reached when it hits $500,000.
The mail client is quite basic at the moment. That is not necessarily a bad thing, but if you compare it to Outlook, Gmail or Yahoo Mail, you will notice the absence of features such as labels, tags, advanced search parameters or different interface themes.
ProtonMail does not reinvent the wheel, but it makes secure email more accessible to users. While you can set up a similar mail service locally using PGP and hard disk encryption, it takes much longer to set it up properly and can be a frustrating experience if you do it for the first time.
The downside is that you only get web access at the time of writing. While that can change in the future depending on stretch goals reached, it may turn away some users from the service because of that as it is not flexible enough in this regard.
Then again, nothing keeps you from using ProtonMail for important secure communications and another mail provider for everything else.
I think the PayPal mess gave them some free additional exposure, which always comes in handy. As for the features, pretty expected, standard stuff. As others have noted, though, I wish they’d drop Google Analytics – plenty of alternatives out there. Have mentioned that while signing up.
Quick observation, “send” should be “sent” twice here:
Messages between ProtonMail users are also send in encrypted form within the server network of the company.
“ProtonMail uses end-to-end encryption meaning that the messages are stored in encrypted form on the server, and send encrypted to the user.
That minor send/sent observation is just being downright picky.Anyone with half a brain knows & understands what the author intended.
I don’t get it. If you don’t hold the only copies of entirely secret, privetly created keys then how is it secure? Aren’t you having to trust the email provider? To me this looks like a company taking the opportunity to cash in on consumers’ ignorance over security.
Well the data is stored in encrypted form on the company server, and the only key to unlock it is in your hands. While brute forcing is a possibility, a reasonably long key should prevent that from happening anytime soon provided that the implementation has not bugs or flaws that can be exploited.
1. Does this mean that if I send an email from my protonmail account, it is unencrypted and in plain text until it reaches the Protonmail server (where it gets encrtyped) and then it is sent to the receiver encrypted?
2. If this is correct, is there a vulnerability of a 3rd party storing and copying the plain text email while in transit from the sender to the Protonmail server?
As far as I can remember, mail you sent from your account is encrypted if the recipient is another protonmail user or if you select to encrypt it if the user is not using Protonmail.
hmmm, I think my question is not so much about the msg being encrypted. But rather when does the encryption happen. Does it happen in the browser? Or does it happen when the sent email reaches Protonmail servers? I think this is regardless of who is receiving the email (another protonmail user or an outside email account).
I have been using protonmail.ch for a while and it’s an excellent service. However, the service is not suitable for replacing your GMail or any other mail account. You will not be able to use a mail client like Thunderbird or any other clients as it’s a browser webmail solution.
My suggestion is that you use mailbox.org, https://mailbox.org, as a replacement for GMail and use protonmail.ch only for emails requiring encryption.
Martin, did you tried Startmail? Still in beta but IÂ´m liking it so far.
No, have not tried yet but want to give it a go.
Have you tried Startmail yet? If so, do you think it’s more secure than Protonmail?
Have not tried it yet sorry.
Delete ad from gumtree
I have some problems with the encryption developped by Protonmail.
That I’m waiting for the free and open source “MailPile”, https://www.mailpile.is/
Protonmail is an US company with the disadvantge of the ‘Patriot Act’.
Please read the site of MailPile which isn’t an US company.
Protonmail is a service offered by Quantitative Data Solutions S.A., Switzerland. Clearly not an American company.
Thanks NiHouMa for pointing that out. Yes we are an Icelandic based company. However, another key aspect is the deeper architectural design of Mailpile is that we depend up email’s decentralized nature to function. Thus, we don’t store or hold user data in any fashion as we offer no centralized server or services that could be subpoenaed. Another thing is that we are fully open source thus backdoors and trojans can easily be spotted and pointed out by the independent info-sec community!
Yes, my apologizes but when the founders Andy Yen, Jason Stockman and Wei Sun are American citizens they have to comply with US law. Doesn’t matter where they are in Europe.
I have to disagree. The founders are employees of the Swiss company Quantitative Data Solutions S.A., thus the laws of Switzerland apply. A Swiss company can never be forced to comply with the American Patriot Act.
“A Swiss company can never be forced to comply with the American Patriot Act”
Oh, yes they can. Just ask all the Swiss banks :-)
Wrong. It is not the citizenship of those 2 that matters, but the “citizenship” of the corporate entity.
I have become partial to Thexyz Webmail since I migrated last year, I have tried Fastmail, Lavabit but thexyz seems to offer greater mobile features.
“All data is stored on secure servers in Switzerland.”
All data is stored on SERVERS in Switzerland.
There is no such thing as a “secure server”. Anywhere. By anyone. At least, not if it has any route whatsoever to the Internet or any other network. And even a standalone machine must rely on physical protection which ultimately can always be bypassed or destroyed if the attacker has sufficient resources and motivation. Which, as ilev noted above, is indeed the case with the US vis-a-vis Switzerland.
People need to stop using the word “secure”. Things are “secure” only up to the exact instant that someone else with motivation and resources doesn’t want them to be.
There is no such thing as “secure email” and likely never will be.
Do not look to a provider to give you “email security”. The only “security” your email will ever have is strong encryption which is completely controlled solely by yourself and your recipients. And unless you’re a competent cryptographer who’s written his own stuff AND had it tested by others, you’ll still be relying on someone else’ software which may have been compromised along the way. AND you and your recipients also need to control access to the keys which is a huge weak point.
For MOST people, this is sufficient. If you’re at actual risk of life and limb – it’s not.
Look at the recent report on how US law enforcement has managed to penetrate almost EVERY encrypted communication they’ve tried to wiretap. It should give everyone pause to reconsider whether “secure” communication is at all feasible.
I have also dumped my Gmail account for my personal email as well as many other Google services. The best email provider I have found, in my opinion, is Runbox which is located in Norway. http://www.runbox.com
Norway has very strict privacy laws concerning email and personal communications. Runbox is also very serious about security and privacy. Mail sent through Runbox is protected by Extended Validation SSL with Perfect Forward Secrecy, ensuring encrypted communications between client and server. Email is encrypted using SSL which most good providers do, however, Runbox configures their web servers to issue a unique key pair for every single connection, and immediately destroy the keys once the session is complete. This method is called Forward Secrecy because it prevents anyone from retroactively breaking the encryption. A lot of email providers have one set of keys for all email sent through their servers. So, if NSA gets that key, they have everything. You can see runbox.com for more information.
I am very pleased with Runbox knowing that NSA, here in the U.S, most likely won’t be scanning my email which is stored in Norway and subject to Norwegian laws, not US laws. Email can be secured for the most part, and encryption probably can be broken using brute force for an extended period of time and at a substantial amount of money. Considering the time and expense to break the encryption, is your email really that important to NSA or anyone else for that matter? In some cases maybe, but not normally. So, relax and get a good email service that you like, preferably outside the U.S. and certain other countries, and you will be just fine.
My knowledge of the English language is insufficient, Anyhow a Hear, Hear for Richard Steven Hack. He is right.
But Arne Bowlen if the founders are American “citizens” they have to comply with US law! It doesn’t matter if they are employees of a Swiss company. The reply of ilev says enough. Beside that they working also at MIT, USA. In addition, all arguments a false sense of security. There is no security on the Internet even if you use Tails OS on a USB stick. Please wake up.
I still think that http://SaluSafe.com is superior and based on the open sourced CryptoHeaven. Look on GitHub for the source!
For people looking for solid alternatives to Gmail, I recommend Fastmail. It’s a pay service, but their fees are really affordable.
3 Americans in Switzerland, establish a company for a “safe” e-mails, that’s really interesting …
Don’t use the e-mail services of *Thexyz, Fastmail and Salusafe* because their servers are located in the USA and therefore subject to the Patriot Act. I’m still waiting for the developments of https://www.mailpile.is/
Meanwhile, I realize that interested parties have built a profile of me as well as from all of you and Martin Brinkmann.
“Meanwhile, I realize that interested parties have built a profile of me as well as from all of you and Martin Brinkmann.”
You need to be careful, otherwise you might be arrested by HSI, ICE, FBI, CIA, USMS, Secret Service, aliens or some other agency looking for you. :-) :-)
Hushmail is a Canadian-based, Canadian-owned company, which means the copy of each key is sent straight to CSEC, which is a Canadian dealership of NSA+CGHQ.
What do you think of tutanota.de ? It’s based in germany and brags to be totally encrypted including attachments and even the subject line!
Email is not secure. Messages delivered to ProtonMail’s servers are readable, even if sent with TLS, it is ultimately RFC 5321 and 5322 plain text. ProtonMail may then encrypt the message with the userâ€™s public key before storing on itâ€™s servers, however if the user wishes to send a message it can only be sent in clear RFC 5321 and 5322 plain text. Less than 50% of SMTP servers implement TLS, so ProtonMail has no choice but to send and receive in clear text to the majority of mail servers, irrespective of how the messages is stored.
Whatâ€™s the real secure mail solution? Encrypt messages in the messaging client, like Thunderbird or Outlook using PGP and the like. The recipient can only read the message if they have the right key. The message header cannot be encrypted as it is used to route the message, but the body and any attachments are fully, privately encrypted. Then you can use Gmail, Hotmail, Yahoo, whatever, to send and receive with POP/IMAP, but not the webmail interface.
Email was never designed for the security requirements of today.
I don’t think anything beats the “send mail as alias” feature from Fastmail, which I am on right now.
Basically, it’s like a catch-all type thing where you can reply from the address sent to. Example, if I gave someone “[email protected]” email, I will be able to reply from this address as well. I don’t have to give out by main address.
Also, I can set up catch all “rules”, example – if “receipt email” + “ends with” + “[email protected]” = “delete”. so all emails received to [email protected] or [email protected] will go to Delete.
Obviously not ideal for Privacy minded. Because according to their Policies, employees technically can read your emails, and it goes on to say that “they maintain high ethics so we will not” etc.
Fastmail,fm; IP Location United States – New York – New York City – The New York Internet Company. Patriot Act and further explanations are not necessary.
Good article about secure email-providers, epecially good in even mentioning alternatives to google, outlook & co. As for german users like me, there are also german providers like posteo, which offers the same grade of security, even more: the payment is done anonymously, for it is not possible to associate payments with someone’s mail account. It would be good to read more stuff like this.
How to spell snake oil? P-R-O-T-O-N-M-A-I-L
Browser based cryptography is conceptually no different from server side crypto. Which is snake oil for the security gullible. And if it is implemented so poorly as for Protonmail, then all it takes to “hack” the platform is a browser, see link.
That’s why I’m with MyKolab, for their no-bullshit approach to this: https://mykolab.com/faq#encryptall
Does anybody remember ZipLip? ZipLip was the best web-mail service I have ever used- innovative and secure- the sent messages never left ZipLip servers- the recipients just got invitations to read the messages on ZipLip servers, one could send messages that would auto-destroy (expire), etc. The service was beautiful, free and ads-free but it was closed because of the pressure from 3-letter agencies I think.
You can achieve the same with ProtonMail.
Yes I suppose, but ProtonMail is not yet available for everyone- I got the following message when I registered:
You’ve successfully reserved your username. We’ll notify you when space becomes available in our public beta.”
Please be patient, you will soon get your account. You will find the waiting time worthwhile. :-)
I hope so. I am patient ;) Thank you!
Just read this thread while looking for a solution that will let Firefox 35 work with Protonmail, haven’t found a solution yet, I have a few add on’ns that are possibly screwing it up.
Any way whether Protonmail is the bee’s knees or not, I’m wondering if a lot of the commenters have a clue how it works, It’s possible I don’t.
I was under the impression that HTTPS meant that the data was sent encrypted to the server, and as the individual has the key to encryption algorithm it seems a bit of a waste to send the email to the server and then send the key to encrypt it. So I imagined it being encrypted at the users end.
Try to start Firefox in Safe Mode by holding down Shift before you click on the icon. This runs the browser without add-ons for the session.
What is the most secure email in 2016?
In development Mailpile, https://www.mailpile.is/
Protonmail is now avbl. for all. =)
Do they give you an acct instantly? Or is it still a wait to get an account?
Tutanota is the only one giving out accts to everyone immediately.
It’s all happens on the clock….tic, tic, tic…..good and bad stuff happens, opinions are shaped, resentments are formed, things change, the ages are shaped by fire, love is stronger.
I like protonmail, think I’ll try it for a while. IF it doesn’t work out, all human beings have a right to change their minds, but only at some point.