| Based in | Switzerland |
| Storage | 5 - 20 GB |
| Price | $4.00/mo. |
| Free Tier | Up to 500 MB |
| Website | ProtonMail.com |
ProtonMail gets a lot of attention as a secure email service, even getting shoutouts in various media outlets. But when you strip away the flowery language, does this email provider really stand above the competition? And is it worth the above-average price? We’ll answer all this and more in our new and updated ProtonMail review for 2021.
If you want to protect your email from prying eyes, but don’t need the kind of protection that keeps spies and whistleblowers alive, ProtonMail could be the secure email service for you. It utilizes PGP encryption standards, end-to-end and zero-knowledge encryption. This level of encryption is very important in an age where even the US government can’t protect itself from massive data breaches.
Because ProtonMail positions its service as one of the most secure email options available, above and beyond other secure email providers, we’re really going to put it under the microscope in this updated ProtonMail review for 2021.
At the end of the day, only you can decide which is the best secure email service for your unique needs and threat model. So let’s get started.
+ Pros
- End-to-end (E2E) and zero-access encryption for Email, Calendar, and Contact information
- Operates under Swiss jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web client, encryption algorithms, Android and iOS code are all open source
- Support for custom domains
- Strips IP address from emails
- Can be used with third-party email clients through the ProtonMail Bridge feature
- Can import contacts and emails
– Cons
- ProtonMail does not encrypt email subject lines
- Sometimes requires personal information for verification of new accounts
- Confusing and expensive pricing
- Incredibly long beta test cycles
ProtonMail features overview
ProtonMail utilizes strong end-to-end (E2E) and zero-access encryption standards to protect all email, contacts, and calendar data. All your data is encrypted when stored on ProtonMail servers, except email subject lines (more on this later).
Note: To understand the difference between E2E and zero-access encryption, check out this excellent explanation.
Aside from this multi-tiered encryption system, ProtonMail has plenty of interesting features, including:
- The ability to send “self-destructing messages,” which are automatically deleted at the time the sender specifies.
- Address Verification, a way to ensure that a Public Key received from another user hasn’t been tampered with since you first verified it.
- Full PGP support.
- Premium accounts with a range of additional benefits, including a brandable Business account.
- The ability to send encrypted emails to non-ProtonMail users.
- Android and iOS mobile apps plus a web client.
- ProtonMail Bridge, which allows ProtonMail to integrate with other email clients that support the IMAP and SMTP protocols. This also allows you to import mail into your account from other services.
Overall, this is a good lineup of features.
ProtonMail company history and funding sources
The ProtonMail family of products is run by Proton Technologies AG, a company based in Geneva, Switzerland. The founders met while scientists at CERN and came up with the idea for a secure email provider in the CERN cafeteria, as the story goes.
Funding for ProtonMail has come from various sources over the years. Aside from regular paying users, Protonmail has also benefited from the following funding sources:
- In 2014, ProtonMail launched an Indiegogo crowdfunding campaign which brought in over half a million dollars.
- In 2015, ProtonMail accepted a $2 million investment from a US-based firm called Charles River Ventures (CRV).
- In 2019, ProtonMail accepted €2 million from the EU government to “develop a suite of encrypted services.”
ProtonMail is a bit more expensive than some of the other secure email services we’ve reviewed, such as Tutanota and Posteo for example.
ProtonMail does not encrypt email subject lines
One concern I have is that ProtonMail does not encrypt the subject lines of messages. From the ProtonMail website:
All ProtonMail data at rest and in transit is encrypted. However, subject lines in ProtonMail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments are end to end encrypted.
ProtonMail complies with the OpenPGP encryption standard, which is based on the proprietary PGP standard. In that standard, address-related metadata is part of the message header and must remain unencrypted to allow a message to reach its destination.
ProtonMail does not encrypt the subject of your emails. If this is a problem for you check out our Tutanota review, which does not rely on PGP and fully encrypts subject lines.
The ProtonMail approach makes them compliant with the PGP specification, but leaves this potentially-revealing data unencrypted. We will return to this important subject in a moment.
ProtonMail servers and data security
All ProtonMail servers are physically located in Switzerland in secure facilities. This means user data is protected by Swiss law, which generally provides for better privacy than USA or EU law.
However, ProtonMail makes it clear that if you violate Swiss laws, and they receive a Swiss court order, they will have to turn over whatever information they have on you to the Swiss authorities. This is where the lack of encryption for the Subject line of messages can become a problem.
While the bodies of your messages and any attachments should remain safely encrypted, addressing information and the Subject lines of your messages are stored in the clear and would be provided to the authorities. This information is enough to give anyone possessing it a good idea of who you communicate with and the subjects you discuss with them.
Additionally, ProtonMail may also be logging your IP address and providing this to government authorities. I learned about this by reading ProtonMail’s Transparency Report. This is another reason we also recommend using a good VPN service that hides your true IP address and location.
Some people also question how free from USA and EU influence Proton Technologies really is. Additionally, Switzerland now has data retention regulations, but ProtonMail argues that these regulations do not apply to their services, but rather Swiss internet providers.
All that said, the ProtonMail threat model document specifically states that,
“we cannot guarantee your safety against a powerful adversary.”
The spy agencies serving the USA and EU definitely qualify as “powerful adversaries.” Under most circumstances, this is a secure email service. But if you decide to take on one of the Five Eyes, violate Swiss laws, or do something else equally crazy, using ProtonMail is unlikely to save you.
Is ProtonMail really anonymous?
If you look at the ProtonMail home page, you’ll find this claim:
I like the idea of being able to create an account without providing any personal information. Just finding a secure and private email service is hard, which is why we have created this series of email reviews for you. An anonymous and encrypted email service would be great — but there’s a problem.
When creating an account to test out ProtonMail for this review, I was forced to go through a verification that is the exact opposite of “anonymous” — as they boldly claim to offer.
How does ProtonMail square this requirement to enter personal information, with their claim that, “no personal information is required to create your secure email account”? To me, it seems like a clear contradiction.
To attempt to explain away this contradiction, ProtonMail has created a page explaining their “Registration Human Verification” procedures, which you can read about here.
First, the system doesn’t always force you to enter personal information. They have, “an intelligent algorithm that determines the required verification method based on a number of factors.” Sometimes it will only require a reCaptcha to confirm that you are human.
At other times you will be forced to use email or SMS verification, or make a “donation” using a credit card or PayPal. In other words, their algorithm will decide for itself whether or not you are allowed to create an account without disclosing personal information. So let’s call it conditional anonymity.
The page also explains that if you do use email or SMS for verification, only a cryptographic hash of this information is stored. This hash, “is not permanently associated with the account that you create.” The page doesn’t explain if “not permanently associated” means “never associated,” or “temporarily associated.” Nor does it explain how credit card and PayPal verification is tracked.
I can understand the company’s desire to have processes in place to prevent spammers from abusing the system. But I can’t understand their claim that no personal information is required to create your secure email account with the fact that sometimes personal information is required. The fact that the email and SMS hashes are not permanently associated with your account doesn’t change the fact that you must provide them, then trust ProtonMail’s handling of them.
We have reviewed other secure email services that give you more privacy when registering for an account. For an example of this, see our Tutanota review.
My Two Cents: ProtonMail needs to clarify or eliminate the claim of offering anonymous email.
ProtonMail technical specifications
ProtonMail uses a variety of encryption algorithms to protect your messages. All messages are end-to-end encrypted and also remain encrypted in your mailbox until actively being read. The algorithms they use are open source versions of AES and RSA along with OpenPGPjs algorithms:
- AES-128
- TLS 1.0
- DHE RSA
- SHA 3
QuoVadis Trustlink Schweiz AG signs SSL certificates for ProtonMail.
Security features of the certificates include:
- Extended Validation (EV)
- Certificate Transparency (CT)
- 4096-bit RSA
- SHA-256 hash
ProtonMail hands-on testing
If you’ve used email services like Microsoft Outlook or Gmail, you will find ProtonMail to be easy to work with. For this review, we’ll be looking at ProtonMail Plus plan, the first tier of paid ProtonMail service. At this time, you need to have a paid ProtonMail account and access the beta version of the product to use some of the newest features, such as their new encrypted Calendar.
Creating a ProtonMail account
Creating an account with ProtonMail is pretty self-explanatory. You can get an account in a matter of minutes:
- Go to the ProtonMail website and select the SIGN UP button.
- Create a username and password. (Recovery email is optional.)
- Go through the verification steps
I’ve seen complaints that ProtonMail sometimes forces people to go through phone (SMS) verification if they try to sign up using a VPN or the Tor network. While I don’t like the idea that ProtonMail may force you to use SMS verification, I understand their desire to protect the service from spammers and bots.
Note: I have no reason to suspect that ProtonMail is lying to you about this, but I also understand that many people want to use ProtonMail truly anonymously. I could imagine someone like that using an anonymous payment method like a new, virtual credit card to make a donation. Or maybe renting an SMS number just long enough to complete the process. Even using a disposable email address then discarding it once the verification is done.
ProtonMail betas
Before we go further, we have to discuss how ProtonMail handles beta versions. They are serious about wanting community involvement in the process. As a result, the newest version of ProtonMail can be stuck in beta for a long time. How long? Years.
ProtonMail version 4 went live in October of 2019. I am writing this review in April of 2021 and ProtonMail 4 is still in beta 18 months later. I find this mind-boggling but that’s the way this team rolls, apparently. In response to the various complaints on Reddit, ProtonMail acknowledges the missed deadlines and delays:
So what does this mean to you? I don’t think it is a good idea for a privacy-oriented person to rely on beta software. By definition, beta software isn’t completely ready yet. This could include flaws, bugs, and/or exploits that undermine your privacy and security.
Unless you are comfortable with the real, but hard to quantify privacy risks of using beta software, I recommend you stick with the released version of ProtonMail (v3.16.61 at the time of this review).
I will be talking about some of the beta products related to ProtonMail, such as ProtonDrive and ProtonCalendar, but keep in mind that they are betas before deciding to trust your deepest secrets to them. This is especially important if you are looking for a Gmail alternative that offers all the necessary features.
Signing in to ProtonMail
Signing in to ProtonMail is easy and straightforward. Simply go to the homepage and enter your login credentials. When using ProtonMail, you have the option to create a recovery email inbox, which can be used if you lose your password.
Once you sign into ProtonMail, you can stay with the free plan or upgrade to one of the paid plans. As is common with most secure email services, the paid plans offer more storage and additional features over the free plan. We noted this same dichotomy in our ProtonVPN review.
Note: As we go through this review, I’ll let you know which features are available only in a paid plan or only in the beta.
The look and feel of ProtonMail
ProtonMail has a pretty standard interface, with a 3-pane “Row View” layout (we saw that when talking about encrypted subject lines earlier). They also offer the “Column View” option, as you can see here:
With Column View, you get all the usual folders in the left-most pane, with the ability to add any custom ones you wish. And like other privacy-oriented mail services, ProtonMail blocks remote content like images by default, giving you the option to load them right at the top of the window.
The web client works smoothly although there can be a delay when opening a message, given that the message must be decrypted before you can read it. Since the client is browser-based, instead of a stand-alone app, you might find that it slows down as the number of messages as your folders increase, but I didn’t notice any problems during testing.
ProtonMail Settings
You can customize the layout of your ProtonMail inbox by clicking the Settings icon, then selecting Appearance in the left-hand column of the Settings window. For example, I used the Layouts section of Settings to switch back and forth between the Row View of the inbox and the Column View.
Exactly what you can do here will of course depend on which ProtonMail plan you subscribe to. We’ll look at the differences between the plans later in the review.
Composing messages with ProtonMail
By default, you compose ProtonMail messages in a pop-up window called Composer. It comes with a good set of HTML formatting options, including inline images. This window appears in the lower-right corner of the ProtonMail window, and looks like this:
Once you get used to the layout, the composition window makes including things like Attachments, an Expiration time, a Read Receipt Request, and Encryption fast and easy. If you don’t like working in this little window, can make the Composer window large by clicking the Settings icon, then Appearance. In the Composer section that appears, select Maximized.
Note: You can only set an expiration time on messages sent to other ProtonMail users or encrypted messages sent to non-ProtonMail users. You cannot make an unencrypted message to a non-ProtonMail user expire.
There are a few keyboard shortcuts that help with composing messages. But you won’t find more advanced editing features such as macros and automatic suggestions.
Sending messages to non-ProtonMail users
Like some other secure email services, such as Tutanota and Mailfence, ProtonMail gives you the option to send encrypted messages to people who don’t use the service. The recipient will need to know the shared password you are using, so that will need to be arranged outside the system. These encrypted messages automatically expire in 28 days (but you can set a shorter date if you wish). Here’s a screenshot from our tests:
The recipient will then get an email with a secure link. If they enter the correct password and click the View Secure Message button, they will be able to see the message you sent them.
This system seems to work very well, as long as you can share the password outside the ProtonMail system to get the process started. For this endeavor, you could consider using a secure messaging app.
Searching for messages in ProtonMail
ProtonMail has a very limited ability to search your messages. Because messages are encrypted (except while you are actually viewing them), the client can’t search message bodies. This, of course, can be frustrating and really limit your ability to find the message you are looking for. Here’s a screenshot of the search feature:
Version 4 of ProtonMail is supposed to have improved search capabilities compared to previous versions. However, message body searching is still not available, but searches are much faster, and you can use complex search terms.
Comparison to Tutanota search – In comparison, we noted in our Tutanota review how this email offers full-text search capabilities — and has done so since 2017. To do this, Tutanota creates an encrypted search index which can then be searched locally on the users’ device.
ProtonContacts
The ProtonContacts secure contact manager is integrated into ProtonMail, giving users a secure way to protect their contacts while functioning smoothly with ProtonMail.
ProtonMail creates ProtonContacts encryption keys for you. It uses those keys in their zero access encryption system to encrypt clear text contact data, ensuring that once they do encrypt your data this way, even ProtonMail can’t read it. ProtonContacts also uses digital signature verification to ensure that no one else can secretly tamper with your contact information. ProtonContacts is also implemented in the mobile apps.
Note: Email addresses in contacts are not encrypted using zero access encryption. Why? Because ProtonMail needs to be able to read the email address to make sure your message gets sent to the right place.
ProtonMail beta versions
If you want to use the beta versions of Proton Technology products, you’ll need to be using a paid version of ProtonMail, and launch it in beta mode. Once you have a paid subscription, you can get into the beta as follows:
- Log out of ProtonMal.
- On the login screen, Enter your login credentials in the form.
- Instead of clicking the Sign in button, click the BETA link (see below).
Doing this launches the beta (4.x) version of ProtonMail. In the top left corner of the window you’ll see a new icon (currently a 3 by 3 array of dots). Click this to see a list of the current beta versions of the products as shown below.
Like ProtonMail, ProtonContacts has a beta version under development. In keeping with the idea of avoiding beta products whenever possible, we’ll skip the beta of this one and concentrate on ProtonCalendar.
ProtonCalendar (beta)
Building an encrypted calendar sounds pretty easy at first. Just encrypt all the data until the user opens the calendar, then decrypt the data for them. But just as an email service has to interact with other email services, a calendar service needs to be able to interact with other calendar services.
Even worse, a full-powered calendar system needs to be able to share events with other calendar systems. The engineers battled with this complexity for over a year, and on December 20, 2019, they announced the arrival of ProtonCalendar.
ProtonCalendar has been in beta for over a year now. I have no idea when the final version will be released, but last I checked, the final version should include:
- calendar sharing
- event invitations to anyone (whether they use ProtonMail or not)
- the ability to sync the calendar with events found in your ProtonMail inbox
ProtonCalendar is also scheduled to be added to the iOS and Android apps at a a future date.
ProtonDrive (beta)
In November, 2020, Proton announced the release of ProtonDrive in beta. This is a basic secure cloud storage feature that can be used with certain accounts. However, as we noted in our ProtonVPN vs NordVPN comparison, the Proton team has a habit of restricting features to only the highest-paying subscription tiers.
We see that ProtonDrive is only available to the following users at this time:
- Visionary or Lifetime accounts
- Accounts with both ProtonMail Plus and ProtonVPN Plus with one-year or two-year plans
- Accounts with both ProtonMail Professional and ProtonVPN Plus with one-year or two-year plans
How long will ProtonDrive stay in beta? Who knows. But given Proton’s history, it could be a really long time. I’ve seen a growing chorus of ProtonMail users voice their frustration over the endless beta status of this and other products:
This will someday be a welcome addition to the Proton product line. But if you need secure (non-beta) cloud storage now, I suggest you consult our guide to the best cloud storage instead of waiting for ProtonDrive to come out of beta.
ProtonMail mobile apps
ProtonMail has apps for both iOS and Android. I’ve been working with the Android app and it looks good and functions smoothly. At the time of this ProtonMail review, the Android app had 34,000 reviews with a solid rating of 4.5 out of 5 stars.
Since our last major review, Proton Technologies completed the process of making their Android app open source. However, it is still not available on F-Droid. The iOS app is also open source. This app gets a score of 4.2 out of 5, with over 2,000 reviews.
ProtonMail business features
ProtonMail also offers a service for businesses that provides “end-to-end encryption to secure your business communications.”
This service includes migration tools and dedicated support to transition your business from its current hosting to the ProtonMail infrastructure. It incorporates a user hierarchy allowing your Email Administrators to manage user accounts appropriately.
Given the current limitations with search and calendar, I’m not sure ProtonMail would be a great fit for businesses that need all these features. There are other good options that are more fully-featured, such as Mailfence or Mailbox.org.
ProtonMail Support
ProtonMail provides differing levels of customer support depending on which subscription plan you have. Not surprisingly, free users get a basic support level, with access to a searchable knowledge base and some helpful step-by-step guides. As you move up through the paid plans you get email support and eventually priority support.
ProtonMail cost and pricing plans
Since they don’t display ads in their clients, or sell access to your messages to advertisers, ProtonMail charges for their services. As you can see below, ProtonMail has four pricing plans, including a free tier with 500 MB of storage.
The Free plan, with 500 MB of storage, 150 messages per day, and 3 folders / labels could be enough for you. If not, one of the paid plans will likely meet your needs.
When you compare ProtonMail’s paid plans with those of other secure email services, you’ll see that they are more expensive than the competition. In fact, to get access to all of the basic features, such as a catch-all email, you will be coughing up $8 per month.
Note that the Free, Plus, and Professional plans all offer ProtonVPN as an option, while the Visionary plan has the VPN built in.
ProtonMail alternatives
While there are several secure email services on the market, Tutanota is the first alternative I would suggest. Rather than using PGP and S/MIME, Tutanota has rolled out their own encryption standard incorporating AES and RSA, which encrypts the subject line, supports forward secrecy, and can be updated/strengthened over time. Tutanota has also rolled out a fully-encrypted Calendar feature.
My verdict: Tutanota is the best alternative to ProtonMail in the high-security category. (It is based in Germany.)
There are other alternatives to ProtonMail that offer a lesser degree of encryption and security, but with more features:
- Mailfence is a Belgium-based email that has many features, integrated PGP support, and it works well for groups/teams.
- Mailbox.org is another good option based in Germany with many features and options for teams.
Both Mailfence and Mailbox.org support custom domains.
ProtonMail FAQ
Here are some of the more common questions about this product and its related components such as ProtonMail Bridge.
Is ProtonMail really secure?
There is a lot of debate out there about how secure ProtonMail really is. Aside from the financial ties to the US and EU that we discussed earlier, there have been some criticisms of the service on other grounds as well.
- The browser client uses JavaScript encryption libraries. These are considered to be less secure than the libraries used in the ProtonMail mobile apps.
- Leaving the Subject field in the clear (for PGP compatibility) means more data could be exposed to those spying on the message traffic.
- A paper published at the end of 2018 criticized ProtonMail’s cryptographic architecture on a number of grounds. However, these same criticisms could be applied to any browser-based email client (not just ProtonMail). Here is the response from ProtonMail.
On the subject of using PGP, there are also some benefits in terms of security. OpenPGP is an open standard, which has been extensively audited for security, and is battle tested, and well proven to be secure. ProtonMail also the maintainer of OpenPGPjs, which is the most widely used open source encryption library and has therefore been thoroughly audited.
Lastly, we also have to keep in mind that ProtonMail is arguably the biggest name in the private email space. This makes it a good target for criticism, as we also noted in our NordVPN review, as the largest VPN provider.
Can ProtonMail hand over my data to the authorities?
Because ProtonMail uses E2E and zero-knowledge encryption, there isn’t a lot of data that they can hand over to anyone. The only thing that is stored unencrypted is message headers and the email addresses of contacts.
Even here, Proton Technologies says they won’t hand over any data unless directed to by the appropriate Swiss authority. Your data is about as safe as it can be using publicly available tech.
A bigger risk to the security of your data, is the way governments are pushing to break end-to-end encryption. There are constant efforts to force companies to insert “backdoors” into their software that would allow law enforcement to bypass encryption. This recent Fortune magazine article nicely describes the situation in the United States today.
Can you switch between paid and free ProtonMail versions?
Proton Technologies allows you to switch between the free and paid versions of this encrypted email service. You can go from a paid version to the free version, but if you do you’ll lose all the premium features of the paid version you are leaving. You can also return to a paid version from the free version. How? By subscribing to the paid version you want. You won’t lose any of your messages when you do this.
What is ProtonMail Bridge?
ProtonMail Bridge handles encrypting/decrypting messages when you connect it to a third-party email client. The ProtonMail Bridge page describes it best:
Bridge runs in the background by seamlessly encrypting and decrypting messages as they enter and leave your computer. The app is compatible with most email clients supporting IMAP and SMTP protocols.
You must have a paid subscription to use the bridge.
ProtonMail review conclusion
ProtonMail is a polished and popular end-to-end encrypted email service that will meet the needs of many regular users.
As one of the most popular secure email services on the market, with a free basic account, it is a great option for regular encrypted communications with friends, business partners, and others who want protection from routine snooping and hacking. You will, however, need to be patient about getting advanced features thanks to ProtonMail’s extended beta test cycles.
For those who want maximum security with full encryption of subject lines and strong data security, or simply faster delivery of new features, Tutanota might be a better fit.
Is ProtonMail the best secure email service for you?
I can’t tell you that since everyone’s needs are different. There are many factors to consider when selecting a secure email provider and the choice all comes down to your own preferences. You can learn more about ProtonMail on their website here:
https://ProtonMail.com/
Alternatives to ProtonMail
We have numerous email solutions that offer a higher level of privacy and security. You can also check out our full lineup of recommended secure email providers.
We also have a roundup guide on temporary disposable email services if you need a quick email for registration.
And here is a list of other email services we have reviewed:
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Hey, @Sven,
I posted this article elsewhere but also find I should post and comment here.
This article removes the negative as far as funding, from what I see. Thoughts?
https://protonmail.com/blog/crv-investment-other-news/
Thanks.
Hi J.M. Yes I think it’s good news when a sketchy investment firm in Boston is no longer a shareholder in your privacy company. So I guess this is a positive development…
Charles River is a highly reputable venture capital investor. Key is whether you believe Protonmail is really telling the truth about CR’s exit or whether CR didn’t like PM strategy and walked away.
True.
At this point I do trust PM as everything I have read, seen, and talked through matches.
So whether they walked or were pushed out, I just see they are gone.
I believe that there are many more secure Tor browser alternatives. And as far as I know, the use of this browser is prohibited in some countries. The simplest, of course, is protonmail, and I also want to add another one to the list. Utopia p2p [https://utopia-ecosystem.com/] is a secure decentralized ecosystem with its own cryptocurrency, electronic wallet and a separate browser Idyl. Also, for registration in this ecosystem, the use of personal data is not required.
protonmail is safe ?
https://privacy-watchdog.io/protonmails-creation-with-cia-nsa/
I addressed this website already.
If you look down to October 12, 2020, my comments are there.
I redirect your thought to this fact:
If ProtonMail, the reportedly #1 secure email in the world, were to violate that trust with millions of users, why is there only a couple of posts and one blog site that is saying this?
I assure you, if PM was indeed in violation of this, they WOULD be found out and the noise of that splash would be web wide.
Duh gag orders exist, and there’s only one Ed Snowden who was saying what he was saying, too. It doesn’t mean the problems stated in a minority’s report don’t exist as stated. It doesn’t mean they do, either… but how many users of Protonmail understand the math behind the cryptography used, for example?
In my jurisdiction, the intel gathering methods the police or security services use are hidden from the court for ‘national security’ purposes, so we’d never find out this way if Protonmail collaborated with them, for example.
Anyway thanks for trying, this whole thing is severely cat-and-mouse, isn’t it?!
Agree. However, a target as high as PM would be still a MAJOR hit on news if it did fail.
Second, unlike the EU and USA, CH has several laws in place that are really good.
Here are a few links that I found:
https://secureswissdata.com/switzerland-privacy-data-protection-laws/
https://www.cloudwards.net/swiss-privacy-laws/
https://protonmail.com/blog/switzerland/
https://protonmail.com/blog/switzerland/
https://www.lexology.com/library/detail.aspx?g=292c3925-8663-4fdb-8f1c-2eaf4b262634
This gives a good start. There should be here the coverage of MLAT treaties, Gag orders, and Assist papers.
Digging deeper I ran across many other links, but this is a good start.
The case you made about the secrecy, true, except if they do work on this, someone, somewhere will get that info out. The fact of silence gives me more comfort since they are the largest. Plus, PM has activly been working on strengthening Swiss laws for privacy.
My main arguments still stand. I say again, the very things the guy on that blog hits PM with, he absolutly ignores when it comes to Tutanota. Why?
Dealing with the math behind the encryption, your right. I don’t know. I am not there. But when the OpenPGP libraries are used across the net and credit given for maintaining these libraries (even from competitors such as CTemplar) and they have been “battle tested and hardened, I would trust that more than a self rolled encryption.
I have explained what a friend of who does security said about self rolled encryption…can you really trust the implementation?
In the end, it does all go back to trust. Which I agree, sometimes feels like going around in circles.
I guess we are just both trying and doing our best.
One more thought, the author uses Tutanota as his email.
Besides the inherint issues with them, I believe he may be biased.
I at least admit I am.
Protonmail does not seems safe for privacy !
“we cannot guarantee your safety against a powerful adversary.”
Nobody can or will “guarantee your safety against a powerful adversary.”
I am really impressed not only by your in-depth review but you obviously researched, in-depth, a question from a commenter. Well done Sven!!
I have recently created a Free PM account and have been satisfied overall. My only surprise and concern for my personal usage is the lack of the ability to create sub-folders. I have searched and searched and I am pretty sure sub-folders is not a feature. Perhaps on the paid version but there is no indication to that affect either. In fact, in the PM comment section it seems that this has been a concern of users since at least 2015.
In the big picture this is not a really big deal but it is one of the little nuisances that would inevitably continue to pop-up when trying to organize messages.
I cannot comprehend why this feature is not available and therefore believe it should have gotten a listing under the “Cons” list in your review.
So far I’ve only heard good things about Protonmail. I’ve really thought about actually using it. And this contributes heavily to it. Thanks for talking about this!
Has anyone tried to create a workspace on Android with Shelter and be able to have two email accounts for example Protonmail with two separate inboxes ?
I think Shelter is reliable as it is open source.
https://play.google.com/store/apps/details?id=net.typeblog.shelter&hl=en_US&gl=US
What do you think ?
Proton mail sucks. Deleted my accounts – no recourse (forget your BS recovery email – never worked!!)
Tech support must speak an alien dialect as several emails resulted in asking for info emailed in previous emails!!
Add that to stealing the information from 3 million Zoho users – I think Zoho is a dangerous place to tread!!!!
Beta calendar for android is now out for paid members!
https://protonmail.com/blog/calendar-android-beta/
Update:
Been playing with it for a few hours now, and so far the syncing between the app and the Beta Desktop is working flawlessly.
I am hoping to see a share calendar feature come out soon, but for now, it is really good.
Another brilliant feature for Basic, Plus, and Visionary users!
Really great item to have for there are many times I have found mistakes after I hit send.
https://protonmail.com/blog/undo-send/
@pega,
No, POP3 doesn’t work. You have to use the bridge.
The do have directions for setting it up. Here you go:https://protonmail.com/bridge/
The directions are pretty easy to follow but there are a few tricky points as well.
They are really good for CS so reach out to them if you need help.
Bye,
With Thunderbird can I download my Protonmail account mail using POP3?
Proton did a audit of their public keys to protect against batch GCD attacks. Here is their report. Links are in the article to more advanced stuff if you are interested.
https://protonmail.com/blog/batch-gcd/
Thanks for this thorough review!
As a complement, it would be very interesting to discuss some common opinions against ProtonMail, like e.g. https://privacy-watchdog.io/truth-about-protonmail/. How much sense do such negative claims make? How can we as end users understand what is real and relevant?
@Matt,
I read through the site and here are my thoughts:
1) I find it interesting that really the only company he goes after is ProtonMail. For being a “Watchdog” he is letting a whole lot slip by.
2) Please notice his contact email. Tutanota. While it may not be bad, there are some issues he doesn’t bring up (which, btw, he doesn’t allow for Proton).
3) The evidences he is “proving” is a lot of here-say. I will explain why in a minute.
4) he tries to bridge a chasim between the NSA and PM. Interesting leap.
I could go on, but let me share what I have discovered and asked.
First, I am not new to PM. been almost a year now using them. I have spent a lot of time asking questions and searching. Here are some notes.
1) He uses the report from a professor who neither had his report peer reviewed or tested. Lot of claims with no real substance.
2) the thrust of the letter deals with web apps and the risks. Yet Tutanota, interesting enough, uses web apps. Why no problem from him? Is he using the desktop client? Maybe. But that is buggy at best when I did. So, how safe is it?
3) JavaScript is active for the site (I kmow the risks here) however, upon logging in, JavaScript is disabled. I know because I emailed and asked.
4) Financially, yes, they did receive funding. The EU, Swiss Gov, and Venture Capitalists. Asking them to what degree they have a say, I was told, and I quote, “ProtonMail is owned by the employees. The outside revenue did not and never will give them a controlling voice.” What is further, let us turn the eye on Tutanota a minute. Secomd, the EU and swiss money was not just singled out to PM. It was to help develop a privacy service, if I remember how it was explained.
5) Unlike PM, Tutanota IS a member of the EU and is a member of the 14 eye nations. Have you looked at their retention laws? The author of the site neglects to point that out? As far as retention laws for PM, please see the link in my last post below.
6) Searching for more info regarding the other claims (reading messages, NSA, etc.) I wish to answer all of that in one thought. PM is the big name. They are going to be targeted by EVERYONE. Naturally, that is the name of the game. If, and I do mean if, PM compromised or was truly a spying org, would that not be a much BIGGER noise than a few out of the way people and blog sites? Yet crickets.
7) back to security, my question for the author is, did he make his own keyboard? How about monitor? Mouse? Cpu? Why? Let’s say Logitec desided to be maliciouse. Would they have to crack the encryption? Nope. They can program the firmware to capture keystrokes and report it. Well, there goes privacy.
The author really seems stuck on the NSA. They are bad charectors for sure, but don’t toss out this angle while letting the EU go free.
8) CIA? I don’t believe it. I am not going to say why I know this (and no, it has nothing to do with my position. I have said before I am with an NPO). But this is a stretch. Longer than the NSA angle.
9) MLAT? He does realize that EVERY Email providor is required to respond to a legal court order. Again, an email I sent asking about this was answered. They said, “An MLAT treaty has never been filed for us.”
It seems that he has a burr under his saddle, and he is taking a moment of fame.
But lets consider the security set up. PM is using tried and true standards. CTemplar uses the same and credits PM for the work they do. Tutanota rolls their own. Has it been set up correctly? We don’t know. How about the engineering? Maybe. But the real danger here is that someone may THINK they have security and because it is only tested with Tutanota, are we sure?
It all comes down to trust. We all most trust. I have my biases, and I am not a fan of Tutanota. Not even close. But even I am willing to say that if they work and do things right, give them credit. But the blog? I see anger and hatred and no ammount of objective looking at facts will change his mind.
Now, I will respond with two links of my own. But please know that I am not arguing or attacking. You had asked for a discussion and I am simply responding. If we don’t agree, no problem here. But I think that I laid my case out as well as I. Could at the presant time.
Here are the two links. I did not include the Reddit thread about this topic as. I don’t like them. However, it was an interesting discussion for sure.
https://protonmail.com/blog/cryptographic-architecture-response/
This next link is interesting. Please not what is said about both PM and Tutanota:
https://binsec.nl/email-security-privacy-concerns/
Hope these help.
I sent the article to Protonmail.
They sent me this reply. I forwarded a copy to Sven, so he can authenticate it.
On Tuesday, February 16, 2021 8:43 AM, ProtonMail wrote:
Hello,
Thank you for contacting us.
We have read the article that you linked carefully and we have to say that what they claim is truth is based on bunch of assumptions and mis-interpretations.
We will try to comment on the accusations in the same order as they are presented on the web page.
1. ProtonMail offers the users to log into their account through our Onion site due to privacy reasons. Some users simply prefer to use TOR and we allow them to access their accounts through our Onion site. The fact that we have an onion site does not automatically mean that we are linked to CIA. We are not related to CIA in any way, nor we have any backdoors that would allow anyone to access anyone’s messages. We also do not allow sign-ups from the Onion page as part of our anti-abuse measures.
2. The claim that we do not use end-to-end encryption is a lie, and in fact, the author of the article that you linked has also linked our explanation on this topic.
https://protonmail.com/blog/cryptographic-architecture-response/
ProtonMail uses zero-access encryption to store the user’s messages on our servers and we certainly use end-to-end encryption.
https://protonmail.com/support/knowledge-base/what-is-encrypted/
https://protonmail.com/blog/zero-access-encryption/
3 and 4:
Proton Technologies is majority owned by employees of the company, and is solely under Swiss jurisdiction. Information about the company and our directors are in public record, and can be found in the Swiss commercial register: http://ge.ch/hrcintapp/externalCompanyReport.action?companyOfrcId13=CH-660-1995014-1&ofrcLanguage=4
Regarding VMS, VMS is not an investment fund or investor. It’s part of MIT (http://vms.mit.edu), which is an university in Cambridge, Massachusetts. As a company heavily focused on cryptography research, we do share research with many of the world’s top research institutions, including CERN, MIT, ETH Zurich, and several other research institutes. This is actually a benefit as it ensures that our technology is thoroughly checked by others to be certain it is secure.
5. The present employer of people that used to work for us in the past does not mean anything.
6. If someone uses EML files, that cannot mean that they are automatically related to CIA. EML is a file extension that is used for an e-mail message saved to a file. EML files are widely adopted.
7. This is not correct, because we do not have access to our user’s messages, nor the means to decrypt them.
https://protonmail.com/blog/zero-access-encryption/
8. We have used Radware in the past for DDOS protection, but they never had any access to any data.
https://protonmail.com/blog/a-brief-update-regarding-ongoing-ddos-incidents/
https://protonmail.com/support/knowledge-base/email-ddos-protection/
9. This is not true and we don’t see how this claim is a security concern of any kind.
10. We are unable to comment on this.
11. See points 3 and 4
Also, you are welcome to review our terms and conditions, privacy policy and transparency reports.
https://protonmail.com/terms-and-conditions
https://protonmail.com/blog/transparency-report/
https://protonmail.com/privacy-policy
If there is anything else we can assist you with, let us know.
Best Regards,
The ProtonMail Team
—
https://twitter.com/ProtonMail
https://facebook.com/ProtonMail
https://www.instagram.com/ProtonMail/
https://www.reddit.com/r/ProtonMail/
Want to support ProtonMail? You can upgrade or donate!
I was sent a new article claiming that Protomail is compromised.
See: https://theconsciousresistance.com/protonmail-is-insecure/
reposted here:
https://healthimpactnews.com/2021/protonmail-is-inherently-insecure-your-emails-are-likely-compromised/
Unlike the Privacy Watchdog article mentioned above, this author identifies themselves and is not anonymous. Additionally, when I tried to email the Privacy Watchdog site, the email bounced, it seems defunct. The author of this new article is known within privacy circles.
I’d like to see people critically evaluate his claims.
I’ve used ProtonMail for years now. I didn’t realize until I got a bounced email that ProtonMail appears to be heavily routed through and dependent on Chinese servers! Header excerpts below:
Reporting-MTA: dns; mail-41103.protonmail.ch
Authentication-Results: mail-41103.protonmail.ch;
Received from mail-02.mail-europe.com by mail-41103.protonmail.ch;
X-Spam-Checker-Version: SpamAssassin 3.4.4 on mailout.protonmail.ch
So, what gives? Is PM safe to use or not??
.ch is actually the Swiss top-level. .cn is China.
@Sven and all others,
Sven, please feel free to post the info on these links anywhere else on the site. It can go in so many areas and has a lot of impact.
Great info! One argument is the “6 mo retention law” that many say subjects ProtonMail.
Info on that as well as a law update: https://protonmail.com/blog/eu-data-collection-illegal/
Another good news for US people: https://protonmail.com/blog/congress-antitrust-report/
Good info, thanks J.M.!
Of course.
Fantastic website Sven. The world owes you! (unless this is all false info and your are one of ‘them’, but I doubt it).
Excellent in-depth Proton’ review here!
Not the most important issue but, I’ve never seen anyone comment on the fact that P’mail’s free tier is not supplied with spellcheck as standard (unless it is in v4). No issue, just use an open Word doc’, but its a pain.
On another note – they do respond directly to phishing concerns, thought can duplicate template auto-responses. Also, they went outside the box and helped me regain a password! Noteworthy.
Import/Export app is now available, out of Beta. All open source. Not yet available for free version but coming.
https://protonmail.com/blog/import-export-app-release/
Saw this and wanted to share: https://protonmail.com/blog/searches-increase-for-email-privacy/
One basic complaint about a design aspect of Protonmail: ‘Trash’ is listed in left nav right above ‘All Mail’. It is quite easy, even when careful (but sometimes busy/distracted), to inadvertently click ‘All Mail’ (rather than Trash) then delete, then damn!, realizing that ALL of one’s email across ALL folders have just been eliminated forever. Whether a change to the placement of ‘All Mail’ (away from being co-located by ‘Trash’), or maybe give users a Settings option to suppress display of ‘All Mail’ … this is a significant enough issue that I have decided to leave Protonmail and try competitor secure email services that do not have this key design issue.
Here recently, Protonmail just announced the coming of ProtonDrive. It is there answer to Office and Google’s cloud services.
Wow! Just saw the misstype.
Their not there.
Thanks for writing this article. You should let people know that Tutanota is based in Germany (part of the 14 eyes), so, in theory, more likely to cooperate with other countries than ProtonMail (based in Switzerland and outside the 14 eyes).
Hey Tom, yes and we covered that issue more in the Tutanota review.
@Sven Taylor
Just an FYI. But, I believe that Protonmail’s forums are moderated against any “implied” dissatisfaction of their product. I purchased the Plus version of Protonmail based upon your review and some other review sites which had rated Protonmail as highly recommended. It seemed to have all the features I was looking for; most especially, the ability to import my Gmail accounts. I posted the following on their message board below the Import-Export Knowledgebase article. My comment was put under moderated review. Here’s my message:
“I am attempting to use the Protonmail Import-Export application. I receive the error message: CANNOT AUTHENTICATE – INCORRECT EMAIL OR PASSWORD.
I tried troubleshooting this error using Mozilla Thunderbird (new installation). I was able to download my GMail into Thunderbird without issue (meaning my username and password were correct).
Since there was no prompt from the Protonmail Import-Export application for 2FA that I received while importing into Mozilla Thunderbird, I temporarily disabled 2FA. I still was not able to import my GMail emails via the Import-Export application.
My next step in troubleshooting was to import my Gmail emails from Mozilla Thunderbird. The Protonmail Import-Export application could not see any emails to import. I had the correct file location.
I have already sent an inquiry via the support-form.
So far, I am very disappointed in Protonmail’s Import-Export application since it was a major selling point in purchasing your product.”
Mr. Taylor, that was my entire post. It was removed by the Protonmail moderators. I received zero feedback from them in regards to my message. I still have not heard back from Protonmail’s staff regarding my issue with not being able to import my emails from another service.
I posted my message because it included the troubleshooting steps that I took (in the hope that if someone else was having the same issue that they might want to try those troubleshooting steps as well to see if they could succeed where I couldn’t).
By the way, I signed up for the free version of Tutanota (since it was also highly recommended). but their import functionality is still in the “planning” stage.
You may want to check out Mailfence. The import feature works well.
Thank you for the quick reply. I’m looking at Mailfence now. I really appreciate your honest reviews and how in depth you are regarding the products.
You mention only Tutanota as a more secure mail service than ProtonMail.
Maybe you forgot CTemplar or did not try that out when you wrote this.
I was sorely disappointed in Protonmail. In all the research I did about email sources and privacy, not once did I see a review, comment etc. warning Protonmail users that outgoing emails may be undelivered if the recipient blocks all incoming emails arriving from overseas (due to cyber attacks). I learned this the hard way. I will say that Protonmail was swift to reply to my help ticket. But since their server is outside the USA, no hope.
Ahhh yes. The fact that you used an email provider located overseas was not indication enough that it was “overseas”. No provider can inform you of all private policies. While an extreme example, no email can be received from GMAIL on SIPRNET. Or more applicably, employees working on a sales floor can only send to and receive mail to domains whitelisted.
This is a due diligence issue rather than a provider issue. The same would apply to Tuta or any other overseas provider.
I’m a paid ProtonMail user and just now came across an article in Security Week written by Eduard Kovacs published on May 30, 2019. Even though it has been a year, I haven’t seen any further discussion about these accusations against ProtonMail. The article is titled: ProtonMail Accused of Voluntarily Helping Police Spy on Users and the link is: https://www.securityweek.com/protonmail-accused-voluntarily-helping-police-spy-users. Below are a few quotes from the article:
“On May 10, Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, had a presentation on cybercrime at an event. Martin Steiger, a Swiss lawyer who had been live-tweeting from the event, claims Walder incidentally mentioned ProtonMail as a service provider that voluntarily offers assistance to law enforcement for real-time surveillance, without requiring an order from a federal court.”
“While ProtonMail provides end-to-end encryption, which prevents the company from reading the actual content of emails, it does have access to metadata. Citing the U.S. National Security Agency (NSA), Steiger pointed out that metadata can be highly valuable to law enforcement and intelligence agencies.”
“ProtonMail cannot be used for any purposes that are illegal under Swiss law. Not only is this against our terms and conditions, we are also obligated by law to assist police investigations in criminal cases. However, the claim that we do this voluntarily is entirely false,” ProtonMail said.
“Laws are subject to interpretation, and because the relevant Swiss law itself is ambiguous, there are differing interpretations of the law. Steiger’s interpretation is different from the one taken by the Swiss government agency tasked with enforcing the law, whose directives we are legally obligated to comply with. His interpretation, therefore, is just an opinion, and not grounded in legal reality.”
“Laws are subject to interpretation, and because the relevant Swiss law itself is ambiguous, there are differing interpretations of the law. Steiger’s interpretation is different from the one taken by the Swiss government agency tasked with enforcing the law, whose directives we are legally obligated to comply with. His interpretation, therefore, is just an opinion, and not grounded in legal reality.”
“However, we also do not agree with the interpretation taken by some branches of the Swiss government. Therefore, we have asked the Swiss Federal Administrative Tribunal to rule on the appropriate interpretation of the law, and we will appeal to the Swiss Supreme Court if necessary. Until a ruling comes down (in one- or two-years’ time), our company policy has consistently been to take the most pro-privacy position, which is indeed the position we have taken in all our court filings,” it added.
“Steiger says ProtonMail still hasn’t addressed some of the points from his article, and claims the company threatened to take legal action against him for defamation.”
So, should we still feel that our privacy is being protected by ProtonMail? After reading this article, I don’t really know what to think. Sven’s review here clearly states that ProtonMail metadata is not encrypted. I think that the question would be based on whether ProtonMail is voluntarily giving open access to users metadata possibly in real time to the NSA or other US spy agencies.
ProtonMail clarified this in a blog post here. But Steiger also removed his blog post and retracted the claims. Make of it what you will.
I just found this interesting site: http://protonmail.uservoice.com/
There are a lot of suggestions and comments. Of course you have your spammers which really drains but those that are real are very good.
Proton does listen, it seems, to their customers. Thought I would spread this
I have suddenly lost 6 months of mail today. I have a free account with protonmail for 3 year now. I am a Daily user.
How can this happen?.
Last week, the ProtonMail Abuse team disabled our Paid Visionary account we had open for several years. We operate a small offshore domain/Crypto/e-banking consulting firm.
Over the last few weeks, an offshore bank stole over $50,000 from one of our partners by refusing to process the withdrawal. Over these weeks, we learned this bank has a reputation for creating absurd hurdles to processing client transactions.
As a result of this, we sent several (aggressive) messages to this bank including a link to blog site we created in order to expose this banking scam.
As a result of this, the bank seemingly contacted ProtonMail to attempt to indicate we were “harassing them” or something to that regard. As a result of this, our account was immediately deactivated by ProtonMail.
Since then, we have ZERO access to ANY Emails/Contacts from 10+ addresses linked to the account including addresses used by our clients/partners.
Our attorney sent a letter to ProtonMail and they refuse to give any detailed information and only suggest we were involved in “impersonating a company and scams”.
These email accounts are linked to 2FA for Crypto, Websites, and other e-services we own.
I am honestly shocked an encrypted email service would behave like this. Even Google or Yahoo would never shut down an account entirely, provide barely any response, and not even give you access to your Contacts/Emails to change providers.
I am pleading with ProtonMail to treat the situation with seriousness and re-activate our account or at least allow us to temporarily re-gain access to it. Thank you.
Interesting, thanks for sharing this information. I’m going to look into this issue more because I recall seeing other complaints about accounts getting suspended without any explanation.
Utilizes phone number verification
– this is completely optional, you can use a dedicated hardware device for MFA auth
Android app, IMAP bridge, and backend are closed source
– not true
It’s hard to trust someone offering privacy advice when they can’t even do basic things like read the product description before writing about it…
Dan, the statement “utilizes phone number verification” is completely true and accurate. We did not say it was mandatory.
The closed source “Con” was overlooked as that was a recent update. But I have removed it from the “Con” list.
Dan,
Please see my updates below. I have been trying to keep up with it as well.
I have mentioned this to Sven and am willing to leave it to him if he wishes to change it.
Second, Sven has a lot going on and every little update is best reported by us as commentors. I would urge patience with Sven.
Our own posts help the site and brings a wide range of wisdom and knowledge that really do help.
Thanks for the update though.
I Agree with that – things change so fast but we’re all stuck at around 2012 in web technology relating on our ends. Those that read from all points of the web will have key points they could share as friendly – “Did you know or Hey that’s change now?” type of ‘hey this wrong now’ as could you update it. Heck too I’d bet Sven reads more than many here.
Dan does probably possess a little better knowing to currents of things that interest him – so he’s needing to see an updated area of a topic here, but man he has some questionable vibs coming from him. Maybe too other parts of the site here scares him and in striking back or out for seeing many Internet dangers of the things brought together under one roof. He couldn’t control it as he’s found it’s one deep black hole pit to sucking up your data.
Could be. A lot of information could cause a feeling of dispair.
Not saying he is but just trying to point out a way to and to not approach something.
Believe me, I can be very abrupt but I work on keeping myself under control.