I have been using ProtonMail full-time for over five years, and recommending it for almost six. This blog is littered with references to it, along with several incremental updates. A lot has changed since ProtonMail’s beginnings. This post will cover the basics of ProtonMail: how it encrypts your data-in-motion, data-at-rest, and some other features.
ProtonMail: Because Privacy Matters
This post will also begin an in-depth series exploring ProtonMail’s considerable feature set. The fourth post I ever wrote on this blog was about ProtonMail. In it I enumerated a wish list of features that I would like to see integrated into ProtonMail. It’s funny to go back and read that post; every single thing I listed is now a feature of ProtonMail. This illustrates that a LOT has changed with ProtonMail. This series will take its time and go through most of these changes, what they mean for you, and how to use them.
Hopefully this series will provide something for everyone. This initial post will cover the basic features of ProtonMail, and is intended for those who are unfamiliar with the product – if you know someone who could benefit from this, please share it with them! Future parts will go much more in-depth and discuss “advanced” security features, and will be more likely to appeal to my longtime readers.
Protonmail – in case you aren’t familiar at all – is a provider of encrypted webmail. The philosophy leading to the development of ProtonMail was that existing encrypted email systems were too complicated. ProtonMail’s CEO Andy Yen told me once in an interview that he was of the opinion that, “one extra click [to encrypt] is too many.” The primary goal in developing ProtonMail was an encrypted-by-default system that didn’t require a bunch of additional steps. In that goal they have certainly succeeded; ProtonMail has over 10 million users.
ProtonMail’s key selling feature over other webmail clients is encryption. Though ProtonMail operates on a “freemium” model with paid tiers enjoying expanded features, all ProtonMail emails and accounts are encrypted. Let’s talk about what that actually means.
To encrypt data asymmetrically requires a pair of keys, one public and one private. The public key encrypts information that can only be decrypted with the correct, corresponding private key. With older, manual email encryption options the user is required to generate and maintain her own keys. She also has to manage public keys for recipients, storing them and encrypting outbound emails with them. If it sounds confusing, it is. The technical bar for implementing and using manual PGP is high.
With ProtonMail, the public and private keys are created automatically when the user creates an account. Rather than the user having to download and maintain these keys, ProtonMail manages them for him in a system of key escrow.
When you draft an email to an “@protonmail.com” email address, ProtonMail retrieves recipient’s public key. The message is encrypted with this public key and transmitted to the recipient. When the recipient receives the message, his or her private (decryption) key is retrieved from the ProtonMail server and the message is decrypted.
To prevent ProtonMail from being able to access users’ emails, private (decryption) keys are stored in an encrypted state. These keys are accessible only by applying the user’s password which he or she maintains. For a much more thorough explanation of ProtonMail security please see their white paper, available here.
Functionally, this means that you don’t have to take even one additional step to to get very good security of your emails while they are in transit. You just click “compose,” draft your email, and emails between ProtonMail users are automatically and seamlessly encrypted, end-to-end with no additional steps in the process.
Why would you want to encrypt your emails? There are any number of reasons. If you are using public Wi-Fi networks your emails are vulnerable to capture by a number of entities. Anyone within range of the Wi-Fi network can capture the packets that make up your emails. The network operator (owner of the access point) could also capture and inspect everything. Though a HTTPS connection (which all mainstream email services provide) offers some protection, this can be tampered with. Encrypting your emails also allows you to opt-out of default mass surveillance conducted by governments worldwide.
Another major feature of ProtonMail is zero-knowledge storage. “Zero-knowledge” means that even ProtonMail employees cannot access your data. Your emails can only be decrypted with your private key. While ProtonMail does maintain your private key, it is encrypted and can only be decrypted with your password. ProtonMail employees have no access to the contents of you emails. Let’s talk about the benefits of this.
First, at very least, this means that your information is not mined for marketing data. Your emails are truly private. With other, more mainstream email providers, your emails are not secure from the provider. The contents of your emails are a goldmine for Google, which scrapes them for keywords upon which advertisements are built. I consider this a strong enough reason to switch to ProtonMail.
Perhaps most importantly, zero-knowledge storage means that you are protected if ProtonMail is hacked. Let me be clear: if your account credentials are stolen, the hacker will have access to your emails. You can prevent this by using a strong password and two-factor authentication. If the ProtonMail service itself is hacked, however, your emails will not be revealed. Think this couldn’t happen? Yahoo has been the target of multiple successful breaches. Over 3 billion Yahoo accounts (every single one of them as of 2017) have been breached.
Sidebar: if you want to learn more about the breach of 1 billion Yahoo accounts by a state actor, check out Season 1 of Breach Podcast.
You may wonder why this is important. Sure, we don’t send long personal missives via email any longer, but your email account holds a wealth of information about you. This includes all the places you shop online, your billing and shipping addresses, the things you buy, your utility providers, your medical conditions and doctor’s appointments, contacts of old friends (that could be used to phish you), and on and on. With ProtonMail I don’t worry too much about a big breach spilling my personal data.
Zero access storage also protects you in other ways. First, because ProtonMail employees cannot access the contents of your emails, they cannot provide them to governments, even under court order†. Rogue employees at ProtonMail can’t access your stuff, either. Recently, a Microsoft employee’s credentials were stolen by a hacker that permitted access to the contents of Outlook.com emails. Since employees don’t have access to emails, this is another concern you don’t have to have with ProtonMail.
Money Where My Mouth Is
Obviously I am a fan of ProtonMail. However, I wouldn’t tell you to use something I wouldn’t be willing to use. I have two paid ProtonMail accounts. One is a ProtonMail “Plus” plan, and the other is a ProtonMail “Professional” account. I pay full price for both of these out of my own pocket and have received no discounts or subsidies whatsoever. Perhaps more tellingly, I have trusted ProtonMail with all of my email. I wouldn’t recommend a product to you that I wouldn’t be willing to use myself.
However…if you’re new to ProtonMail, I don’t recommend you rush out and purchase a paid plan. I recommend you begin with a free account. Get used to the interface and features. Decide whether or not ProtonMail meets your needs prior to committing to a length, expensive subscription.
Finally, I am admittedly a bit biased toward ProtonMail. I am somewhat “locked” into their system and moving to a new webmail client would be a heavy lift. With that said, ProtonMail is not the end-all/be-all. As they mention in their very own Threat Model, there is no such thing as perfect security. I am completely open to other providers; there are plenty of other good ones out there.
In summary, ProtonMail offers very good security. It protects the contents of your emails while they are in transit. It stores your data in an encrypted state where it is not vulnerable to rogue employees, intruders in the system, or (probably) governments. And it does all that while requiring no technical knowledge and acting like a “normal” email account. The technical bar for using ProtonMail is as low as that of Gmail, Hotmail, or Yahoo Mail.
Future parts of this series will cover more advanced features to make your ProtonMail experience as secure as possible. These include key generation and management, trusted contacts, access logs, and two-password mode and two-factor authentication.
For additional reading on the security of ProtonMail, I recommend reading their Threat Model. For a detailed, technical explanation of ProtonMail securtiy I recommend reading their security whitepaper.
Support Op-Sec on Patreon
†However, it is theoretically possible for ProtonMail to access future communications. This could be done by encrypting your emails with both the recipient’s public key and a public key controlled by ProtonMail. This would allow them to decrypt the version encrypted with their public key. This is true of any encrypted service provider that relies on a system of key escrow. I do not have any reason to believe ProtonMail is doing this but it would be disingenuous to indicate that this is a perfect security system.