ProtonMail is a Switzerland based privacy email provider, the company stores your data encrypted in their servers and they claim that computer IPs used to connect to the account are not logged. I looked at the email headers sending myself a test message and I could see that ProtonMail does not include sender’s IP inside email metadata.
When you first open up and account (took me a few days to get an invite), you will be asked for two different passwords, one is the email login password and the second one, not known to ProtonMail, is the password used to encrypt email messages in your browser before uploading them to the server. There is no password length check or anything forcing people to use a complicated passphrase to stop new users from being negligent and making up a short guessable pass.
I also noticed that there is no automatic logout, you can easily forget about logging out of your account in a public computer and the person behind you could get access to your account two hours later.
Encrypted Swiss email service ProtonMail
If you correspond with other ProtonMail users, encryption is end to end, messages never leave the ProtonMail server network, they will not travel the Internet where encrypted messages could be intercepted by the NSA international fibre optic cable wire-tapping operation to attempt postliminary cracking with their supercomputers.
To interact with an external email account, like Gmail, you have the option to send the message in clear text, with no protection at all, or send a password protected link where the receiver will have to click on to read the message directly from ProtonMail encrypted servers. The link can be set to expire after just a few hours or two weeks, the message will no longer exist once the expiration date is reached.
There are a few weaknesses to sending emails in this fashion, one is that you will need to transmit the password to the other part, this will slow you down and is open to interception. Another security weakness is that there isn’t any kind of brute force protection, after somebody has read the message it will not be automatically self-destroyed as it should be. I could not see any counter on the page letting you know if the message has been previously displayed before you read it.
The good part of sending email messages with password protected links is that the receiver only needs javascript enabled in their browser to be able to read them and that the messages can’t be scanned en route.
ProtonMail settings and compose screen are simple but enough to get the job done. I appreciated a button to permanently delete all account and messages, regrettably this did not work for me when I tried it, it would do nothing when I clicked.
ProtonMail security model is based around owning their own hardware, storing it offshore outside USA and European Union laws, and fully encrypting their disks with the decryption keys split in between various individuals, with server integrity checks to detect illicit changes in the software, like somebody installing a key logger, but those checks can not stop a hardware keylogger in the data center, although since data is encrypted by the user browser, the most an unauthorised third party could do is to monitor computer IP connection logs.
This is an easy to use email service, perhaps the only free email service that claims to keep no user logs. The company implements well known open source cryptolibraries and they allege to be audited by computer security staff at CERN (European Center for Nuclear Research). The only problem I have with ProtonMail is that there isn’t a built-in system to send messages with your own PGP keys, this is the main reason why I can’t use them as my primary email provider.
PGP is the default standard for email encryption and I can’t ask anybody to stop using PGP encryption keys and switch to a ProtonMail account for javascript OpenPGP encryption, ideally, my perfect encrypted email provider must be able to import a PGP key from one of my friends and use it to secure data.
ProtonMail
Since this is our first review ever, the ProtonMail devs have responded with some more detailed comments of our own! Our thoughts on the PGP or not to PGP issue can be found here:
https://protonmail.ch/blog/protonmail-design-philosophy/
Andy
Easy to use private email. What’s not to like it’s been excellent. Why put up with data collection and pay lip service to privacy when signing up and takes 2 min? If you cant remember two passwords (then your not going to be interested) and Protonmail isn’t for you. Changing email addresses is simply a question of laziness for most people. Pleased to support the project
Martin
The Canadian firm thexyz offers a good fisma compliant service that rivals these advanced features – https://www.thexyz.com/email-features/
Alex
Nice early review. I particularly liked the idea for a counter on the number of times a message had been viewed. Any other thoughts on how to maintain security for messages to people on a separate (presumably not secure) email platform?
Robert Uomini
Hi,
I read your article about ProtonMail and wanted to tell you about my company’s “ProtonMail killer”. We call our technology Envelope-Content Splitting (ECS) and when added to a mail client (we currently offer one mobile product, ChiaraMail for Android, available for free from Google Play, with more implementations coming), makes the mail content invisible to eavesdroppers, such as mail servers and the NSA.
Rather than explaining in words how ECS works, here’s a short animation that shows ECS in action: https://www.youtube.com/watch?v=p6FqbYWFCCY
Note that no encryption is needed here:
1. According to Qualys SSL Labs, the ChiaraMail content server is more secure than Google or ProtonMail
2. Besides offering unbreakable in-transit security, ChiaraMail for Android provides 100% protection from spoofing and phishing attacks, gives senders the ability to change or delete their e-mail content after the message is sent, send large attachments directly to recipients, without requiring the use of kludgy third-party storage services, such as Dropbox or Google Drive.
3. Unlike ProtonMail, ECS works seamlessly with any e-mail address.
I welcome your review of our product and look forward to speaking with you soon.
Regards,
Robert Uomini
CEO, ChiaraMail Corp.
Hacker10
Hello Robert,
I am not updating this blog too often and there is a long list of things for me to write about already, due to this I am unable to review ChiaraMail.
Best of luck
hacker10