Review: ProtonMail

ProtonMail is an email service developed by a team of scientists who met while working at the European Organization for Nuclear Research (CERN) in Switzerland. The idea behind ProtonMail is to provide an easy to use email service with built-in end-to-end encryption and state-of-the-art security features.

ProtonMail

Crowdfunding success

ProtonMail appeared in June 2014 on crowdfunding platform Indiegogo. The goal was to raise $100k in order to setup the system and the hardware resources. Soon after the start of the campaign, backers started piling up, and the project collected more than $550k in funding. Less than 2 years after the campaign, ProtonMail is used by over a million users around the world.

Hardcore security

When setting up your account, you need to specify two passwords. The first is needed for logging in, while the second is connected to your private key for encrypting and decrypting communication. In order to register, you don’t need to share any personally identifiable information. The company behind the service (Proton Technologies AG) doesn’t have access to any of the unencrypted data, and no metadata, including IP addresses, are recorded.

ProtonMail

Their primary datacenter is located under 1000 meters of granite rock in a heavily guarded bunker that can survive a nuclear attack. All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO), which offer some of the strongest privacy protection in the world. As stated on the ProtonMail homepage, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel them to release the extremely limited user information they have. Also worth noting is that the company doesn’t use a cloud service, but instead stores the encrypted data on their own servers located across Switzerland.

ProtonMail’s front end encryption is open source and uses the OpenPGP.js library. Last August, developers released ProtonMail 2.0 as open source. While the ProtonMail core security and functionality features were open source from day one, this release made the web client open source as well.

Half a year ago, ProtonMail servers were targeted with substantial DDoS attacks. Getting back online was top priority, so they paid the ransom and soon afterwards deployed Radware’s Attack Mitigation System to thwart any future attacks.

Email experience

The interface is well thought out and designed. It provides countless customization options aiming for the perfect user experience. The default layout is based on columns, so I quickly switched to the row layout, as I’m more accustomed to it due to using Gmail. The only thing I miss in Protonmail is the “Collapse all” feature, to expand all of emails in a long thread.

ProtonMail

When composing emails, ProtonMail users have the opportunity to create an expiration date for outgoing emails.

ProtonMail

The ProtonMail service has internal authentication logs. When I say internal, I mean that these details are available only to the account owner, and are recorded and encrypted with all the other data inside the account. As I mentioned earlier, Proton Technologies AG doesn’t log IP addresses, but this information can be logged inside your web client session. If you don’t need them, just wipe the logs and switch to basic mode which doesn’t record info on the IP addresses you logged in from.

ProtonMail

ProtonMail is a secure email system, but how do encrypted emails align with spam filtering? Just a week ago, ProtonMail developers published a detailed blog on this topic, in which they explained that:

Emails that come from third party email providers obviously cannot be delivered with end-to-end encryption, but upon reaching our mail servers, we will encrypt them with the recipient’s public key before saving the messages. All this is done in memory so that by the time anything is permanently stored to disk, the email is already unreadable to us. This gives us a very limited window to perform spam filtering on incoming messages.

The methods they use in this short timeframe include checking the IP address against a spam blacklists, deploying custom Bayesian filters, comparing the email checksum against a database of known spam messages, and some anti-spam techniques which they cannot detail for security reasons. Of course, there are also user-generated whitelists and blacklists.

ProtonMail

Sending encrypted email to non ProtonMail users

Email communication between ProtonMail users is end-to-end encrypted, so what happens when you need to communicate with colleagues that are using alternative email providers?

There are two options you can use:

Don’t use encryption: This is the default option. While the email will stay encrypted on ProtonMail servers, the recipient of the message will get a standard, plain text message.

Use encryption: By hitting the lock icon in the “Compose email” window, you can set up a password that will be used by the recipient to open your email. The recipient will get a message with details and a link to the ProtonMail web interface, where she can use the password to open the message in question. Of course, the recipient doesn’t have to be a ProtonMail user to do this.

ProtonMail

When the recipient opens the message in her browser, she can carry on with the encrypted communication by using the “Reply securely” button.

ProtonMail

ProtonMail for iOS

A ProtonMail app is available for Android and iOS devices. The iPhone version that I’ve been using for a couple of weeks is probably the best looking email application I’ve seen for iOS. The choice of colors makes it easy on the eyes, the interface is fast, intuitive, and highly functional.

ProtonMail

Accessing your mailbox from the mobile app is similar to the process you need to go through in the web version: you have to enter both the account password and the decryption password. Through the app settings, you can set up PIN-based or Touch ID-based authentication to bypass the “two password” logins.

For security reasons, I would also suggest enabling the “Auto lock time” feature, which requires you to authenticate again after X minutes of inactivity.

ProtonMail

Free vs paid versions

ProtonMail is free to use, but has two paid options, as well. The free version allows for:

  • 500 MB storage
  • No custom domains
  • 1 address (identity) you can use
  • 150 messages sent per day
  • 20 labels inside the inbox
  • Limited support

ProtonMail Plus starts with 4 EUR per month and offers upgrades for all the features from the Free version (5GB+ storage, 5+ addresses, etc.), as well as the possibility of using custom domains.

The Visionary tier, priced from 24 EUR per month, provides bigger upgrades (20GB storage, 10 custom domains, 50 addresses), unlimited sending and labels, and priority support.

Final thoughts

ProtonMail successfully combines a highly secure environment for email communication with top notch usability and a fantastic look and feel across the different devices. Job well done!