
Why ProtonMail is more secure than Gmail - _uy6i
https://protonmail.com/blog/protonmail-vs-gmail-security/
======
pushcx
This post would be improved by discussing that their [threat
model]([https://en.wikipedia.org/wiki/Threat_model](https://en.wikipedia.org/wiki/Threat_model))
is so different than Google's that it regards some of Google's business
practices as threats. And that, in turn, there are threats that Google treats
as much bigger threats, bringing their own world-class security team to.

Calling this fundamental difference in approach "more secure" manipulates the
less-informed instead of educating and almost eliminates the chance of a
worthwhile conversation about tradeoffs and values that could be very
flattering to ProtonMail.

~~~
HenryBemis
It can be simplified to:

Gmail + 0$ per month = zero privacy for you and anyone who emails you, plus
Uncle Sam has full access to your life.

Protonmail + 4$ per month = you will never see ads for a <insert_item_name>
like the one you just bought, plus you will be driving Uncle Sam crazy!

~~~
3pt14159
Uncle Sam can root your machine. If Uncle Sam is the threat vector you're
better off using pen and paper.

~~~
arglebarnacle
This comment seems to conflate resistance to mass surveillance with resistance
to targeted surveillance. It's almost as if the fact that I'll never be able
to resist a targeted attack means that I shouldn't attempt to have any privacy
at all, but surely that's not right.

Encrypted messaging apps and services like ProtonMail have never been
primarily to help people with Snowden's threat model. They're for people like
you and me to reclaim a semblance of privacy, and they work even with "Uncle
Sam" as the threat model in a limited, dragnet surveillance sense.

~~~
dsacco
_> They're for people like you and me to reclaim a semblance of privacy, and
they work even with "Uncle Sam" as the threat model in a limited, dragnet
surveillance sense._

They don't work, because the US government's modus operandi is compromising
machines or forcing users to provide access to their encrypted data. It's
unclear to me why, if you take as premise a government capable of forcing one
of the most valuable organizations in the world to hand over its data, you
believe a company several orders of magnitude smaller is safe because it's
"end to end encrypted" and has servers in Switzerland.

Put another way, I find the concept of a government willing to force Google to
give up data but unwilling to use operational vulnerabilities to achieve the
same thing to be contrived - how is this not just an arbitrary line in the
sand?

Furthermore, the heuristic itself is a red herring, in my opinion. It is far
more likely that Protonmail has a critical security vulnerability inherent to
its software than Gmail does. And even if we assume that the government
doesn't want to spend economic resources on actively compromising _you_ as an
individual, why would the government not spend resources on a system to
compromise you passively as part of an en masse campaign? In other words, are
you using a custom built computer with parts designed by a boutique firm from
another country immune to the wiles of government backdoors?

How do you decide where you want to stop down the rabbit hole, and are you
really doing so empirically?

~~~
njarboe
"Put another way, I find the concept of a government willing to force Google
to give up data but unwilling to use operational vulnerabilities to achieve
the same thing to be contrived - how is this not just an arbitrary line in the
sand?"

In the US we have a constitution the prohibits searches of our papers without
a warrant signed by a judge. It might be out of fashion is some circles, but
the rule of law and not just rule of power is quite popular and I would say a
superior system of governance. Many Chinese who are acquiring assets outside
of China feel the same way.

~~~
rainbowmverse
Those laws are implemented by humans who don't always follow them, or only
follow them for certain groups of people.

------
geofft
Threat model, threat model, threat model.

There are some people for whom "The government is literally after me,
personally" is a valid threat model. There are some people for whom "Google
employees with privileged access to Gmail are conspiring to be after me,
personally" (one assumes there's a two-person rule for access to individual
inboxes or deploying code that scans inboxes) is also a valid threat model.

However, those people should consider that the government will be willing to
use either software 0-days or algorithmic 0-days to attack them (see e.g.
Stuxnet taking out Iran's nuclear program using a previously unknown method of
generating SHA-1 collisions, that looked kind of like how the academic
community knew to generate collisions but with a different fingerprint), in
the government case. Or that _any interaction with anyone who uses Google_
must be avoided, in the Google case. See e.g.
[https://mako.cc/copyrighteous/google-has-most-of-my-email-
be...](https://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-
has-all-of-yours)

For normal people (which includes me and probably everyone else commenting
here)? Google seems at least as likely, probably a tiny bit more, to protect
me from threats like "A personal relationship has gone bad and someone who
isn't a government and isn't Google is trying to impersonate be me" or "I
don't want to lose access to my email" (remember that availability is a part
of security!).

~~~
ekianjo
> "I don't want to lose access to my email" (remember that availability is a
> part of security!).

Arent there many (difficult to judge how many) cases of people losing access
to their Google account, and therefore about everything they had online
(photos, email, videos, etc...). That is also scary enough, especially when it
happens randomly with no clear reason why and the support of Google seems to
be limited to sending info via forms in the hope of a future human
interaction.

~~~
JumpCrisscross
> _the support of Google seems to be limited to sending info via forms in the
> hope of a future human interaction_

People underestimate the power of a calm, deliberate letter sent by post with
an elected representative or two copied.

~~~
linkregister
Why include the elected representatives? Is that an implied threat of
“reinstate my email or these legislators will regulate you into being a public
utility”?

~~~
JumpCrisscross
> _Why include the elected representatives?_

It shows you're serious. Most people complain to blow off steam. This is what
customer service handles. If you want something done at the corporate policy
level, _e.g._ to have policy changed or have a decision made per policy
reversed, you attack at higher levels.

The traditional form of leverage is legal. Have a lawyer pen a letter gets you
out of customer service. It is as effective as it is expensive. Next best is a
regulator (you can think of these as narrowly-scoped, publicly-funded
lawyers). Unfortunately, nobody regulates Google.

So your final threat is getting a lawmaker pissed off with you. This is less
about passing legislation (it's hard to pass legislation; everyone knows that)
than creating an official, reliably-corroborated paper trail which could go
public, causing PR damage, and/or damage relationships the company may want to
lean on in the future.

More practically, I don't want to sit around writing and responding to
letters. Having someone else do the back and forth with me Cc'd is more
pleasant.

 _Disclaimer: I am not a lawyer. This is not legal advice. If you need legal
advice, contact a lawyer._

------
uptown
Here's the thing with email. You can sign up for Protonmail ... but you've
still got to use email to correspond with others. And in all likelihood many
of those individuals will be on GMail or some other less-secure provider
unless you're using Protonmail as an enterprise solution, in which case the
ratio of "secured" vs. "unsecured" recipients would likely tilt towards
secured.

Email is insecure, and most users don't even consider security when using it.
I've seen my own social security numbers sent out via email. I've seen
corporate card credit card numbers sent via emial. I've seen other
confidential financial documents and a myriad of other things sent via email
by people who didn't know or didn't care that the method of transmission isn't
secure because frequently it's not their information at risk. In my
experience, medical data is treated differently because there are laws around
how it can be communicated and stored. Until there's regulation placed around
other pieces of information, and those laws get enforced, I don't know that
people will change how they use and abuse email.

~~~
MHLoppy
This was probably the biggest unsolved issue I had when seeking out a new
email provider.

"Switch to this other email provider" is not going to get much of a result
from your gmail/outlook-using contacts (especially if money is involved), and
wouldn't even solve this issue unless you convert absolutely everyone to, for
example, Protonmail. "Hey man can you set up this thing called PGP?" is
probably even worse unless your social circle is all technically minded
already. Even in a group of "nerds that play video games", I'd be surprised if
even half of the group even know what PGP _is_.

So long as we're stuck with email as we know it today, it really seems like
there is just no bolt-on solution that can be used to "fix" it.

------
reacharavindh
The engineer in me loves the promised End-End encryption and all the cool
stuff. But, the inconvenience of "unable to search contents of emails" is a
deal breaker towards encrypted email for me. My primary concern was
Google/Microsoft scraping my emails to build a profile of me. My emails could
give away very personal information that I do not want to be used for
advertising.

My money finally went to Fastmail. Excellent email service - just works and
doesn't try to be super smart and take over the world.

~~~
duality
Didn't Google stop scanning Gmail for ads targeting?

[https://www.nytimes.com/2017/06/23/technology/gmail-
ads.html](https://www.nytimes.com/2017/06/23/technology/gmail-ads.html)

~~~
rurban
More importantly they give any government agency free access without any
warrant to fulltext search any customer.

US law interpretation of IMAP. Only with a POP3 service you are safe.

~~~
skybrian
"Without any warrant": what do you mean?

~~~
linkregister
Under the Stored Communications Act, law enforcement may get emails or other
information under third party control with only a subpoena.

Retrieving email via the POP3 protocol typically deletes the email upon
retrieval, making it impossible for the third party to comply with requests
for already-retrieved emails.

~~~
bhandziuk
>POP3 protocol typically deletes the email upon retrieval

What POP3 client are you using that does this? I've not seen it before. It
gets marked as read but that's it.

~~~
linkregister
Geez, Eudora? Outlook Express maybe? I haven’t used POP3 in a decade.

It used to delete from the server after downloading locally. This was when
most email mailboxes had a capacity of 10MB.

~~~
bhandziuk
I'm writing something that uses POP3 right now and thankfully it doesn't
delete anything. I'd have to do things a lot differently if that were the case

------
agrinman
"Zero Knowledge Encryption" is just a marketing term... I wish marketing would
not cross wires with real crypto, it makes me skeptical that they really know
what they're doing. They're not the only company doing this and they should be
called out for it like spideroak [1].

ZKP[2] is real branch of cryptography and they do not use it AFAIK.

[1] [https://spideroak.com/articles/why-we-will-no-longer-use-
the...](https://spideroak.com/articles/why-we-will-no-longer-use-the-phrase-
zero-knowledge-to-describe-our-software/)

[2] [https://en.wikipedia.org/wiki/Zero-
knowledge_proof](https://en.wikipedia.org/wiki/Zero-knowledge_proof)

~~~
dfc
I was just as bothered / put off by the "Zero Knowledge Encryption." But your
comment is a little disingenuous. Spider Oak ultimately did the right thing
and given your link it is clear you are aware that SO has stopped using the
term.

------
idontgetproton
I don't understand this. Let's say I receive a newsletter from some website.

That newsletter is not PGP-encrypted, so at some point the Proton Mail servers
must be able to see a plaintext version of it. That means I have to trust that
they never store that plaintext version.

In addition, even if they immediately encrypt it and store the encrypted
version, how can they do so such that only I can read it? Is the key generated
from my password? How come it's possible to reset my password with a recovery
email address then? Surely they must be storing the key somewhere, in which
case storing encrypted messages is pointless.

EDIT: apparently my second point is incorrect, forgetting your passphrase will
indeed leave your emails permanently encrypted. The first point still stands
though, it's not zero-knowledge at all if they receive the plaintext of my
private emails in the first place and I have to trust that they don't store
it.

~~~
icebraining
From what I understand, there are two passwords; the Mailbox passwords, used
for encrypting and signing emails, is in fact unrecoverable, and you'll lose
your emails if you forget it: [https://protonmail.com/support/knowledge-
base/resetting-mail...](https://protonmail.com/support/knowledge-
base/resetting-mailbox-password/)

~~~
blfr
Yes. But you enter the second password into the Proton webapp if you use it so
it's not exactly beyond their reach.

~~~
matthewaveryusa
You are correct in your assessment, but this statement holds true for any
application. You must read the source before executing it -- and en suite you
need to trust the hardware that's executing said code.

As it stands you don't send your password to proton -- they send you an
encrypted private key that the password you type decrypts (at email creation
time you generated that private key in your browser via openppg.js ) They most
certainly could change their API to send the password to the server once it's
typed in the UI. This isn't unheard of and there is large suspicion that law
enforcement made hushmail modify their API for certain users of interest in
order to decrypt their mail.

~~~
pfg
The lack of code signing in web apps and the added attack surface of having
your web and application server (which are in control of the code that users
run) exposed to the internet matter a lot in this context.

Attacks on build systems of native applications aren't unheard of (CCleaner,
that Ukrainian tax software, etc.), but it's far more involved and more likely
to be detected, whereas web app backdoors can easily be delivered exclusively
to the target and only for as long as needed to pull off the attack.

~~~
twiss
I've been working on adding code signing to web apps, using Service Workers:
[http://blog.airbornos.com/post/2017/08/03/Transparent-Web-
Ap...](http://blog.airbornos.com/post/2017/08/03/Transparent-Web-Apps-using-
Service-Worker)

The main blocker is
[https://github.com/w3c/ServiceWorker/issues/1208](https://github.com/w3c/ServiceWorker/issues/1208)
(which would fix the non-critical but less-than-ideal issue described under
"Service Worker lifecycle" in the blog post).

------
rahiel
The end-to-end encryption is only between protonmail addresses, in practice
when you email people with gmail/hotmail/yahoo etc. it doesn't matter if
protonmail can't read the e-mail, the other party can. (Their solution for
that is to send an e-mail that contains a password-protected link with the
actual message [0], I find this procedure inconvenient.)

Gmail could be as secure as Protonmail by using PGP yourself [1]. And then you
can keep your desktop mail client.

Also Google won't need to pay criminals if they're DDOS attacked like
Protonmail in the past:
[https://www.forbes.com/sites/thomasbrewster/2015/11/05/proto...](https://www.forbes.com/sites/thomasbrewster/2015/11/05/protonmail-
pays-to-stop-ddos/) (this is when I gave up on Protonmail)

[0]: [https://protonmail.com/support/knowledge-base/encrypt-for-
ou...](https://protonmail.com/support/knowledge-base/encrypt-for-outside-
users/)

[1]:
[https://emailselfdefense.fsf.org/en/](https://emailselfdefense.fsf.org/en/)

~~~
endijs
I wanted to touch this part: "And then you can keep your desktop mail client."
. Actually you can use your desktop mail client with ProtonMail too. All you
need to do, is install ProtonMail Bridge. It's in closed Beta right now, but
it works pretty well (i'm using with Thunderbird).

------
pcrock
Anyone remember HushMail? The end-to-end encrypted email service that didn't
have the ability to decrypt your emails? They were eventually coerced to
change their code and record passwords in order to gain access to an encrypted
email account. ProtonMail is the same thing, give or take, just in
Switzerland. They can be coerced just like anyone else.

People whose lives are dependent on secure communication still need to manage
their own PGP keys. Once protonmail makes it possible to use your own email
client with your own keys, then I'd say it's worth trusting.

~~~
tonyztan
I'm not sure there is a legal mechanism to force ProtonMail to add a
backdoor...

> "Nearly every country in the world has laws governing lawful interception of
> electronic communications. In Switzerland, these regulations are set out in
> the Swiss Federal Act on the Surveillance of Postal and Telecommunications
> Traffic (SPTT) last revised in 2012. In the SPTT, the obligation to provide
> the technical means for lawful interception is imposed only on Internet
> access providers, so ProtonMail, as a mere Internet application provider, is
> completely exempt from the SPTT’s scope of application. This means that
> under Swiss law, ProtonMail cannot be compelled to backdoor our secure email
> system."

[https://protonmail.com/blog/switzerland/](https://protonmail.com/blog/switzerland/)

~~~
heisenbit
Not all governments restrict themselves to legal means. Turkey for example has
recently started abusing Interpol search warrants to go after people outside
their jurisdiction. The country of citizenship is usually clued in and is
resisting but dare to go on vacation in a another country.

Not all actions of the US government have survived legal review and some may
argue the latest administration is more prone to such accidents.

~~~
kazen44
But then it becomes more a question of politics instead of (inter)national
law.

Heck, the EU and US are already not on good terms on the subject of
privacy/intelligence gathering, so i doubt this would be done so easily.
Especially with the current US administration.

------
corobo
Hows the spam filter? I fell in love with the idea of switching to other
services before on their marketing copy but I'm back in Gmail. It all rests on
how good the spam filtering is _by default_ not after I've received x good and
y bad emails.

Unfortunately in this case it sounds like there might be a tradeoff between
securing my internet postcards[1] and training spam filters.

[1] and that's all they are really, postcards. We've known that for decades,
you can't patch envelopes over emails at this point.

~~~
acidburnNSA
> by default not after I've received x good and y bad emails

That's fair for you to demand. I run my own personal email server with
SpamAssassin and I definitely got a lot of spam in the first week. Then I told
SA to learn what spam and ham looks like based on what I received and it's
been excellent ever since. I have retrained it about once every 2 years but
it's really not that bad. Personally, I'm happy to manually filter a handful
of spams and then have top-notch filtering plus added privacy.

~~~
corobo
Yup essentially my requirements are simply "I don't want to spend time on my
spam filter"

In a previous life/job I set up, administered, and maintained mail servers. I
don't have an exact count but high tens to low hundreds over multiple clients.

I think that's one skill I'm completely burned out on for personal use.
Capable, but not willing.

------
zabuni
Web based encryption. Pointless. If you trust them enough not to send you bad
Javascript, you trust them not to read your emails. You trust them with your
private keys.

If you trust them with all that why even encrypt the mail client side?

~~~
joefreeman
Yep. And the same argument applies to their apps. We need an open standard
with an app built by a trusted third party.

~~~
ZenoArrow
For email clients, Thunderbird is still being developed (latest release was
from less than a month ago):

[https://www.mozilla.org/en-GB/thunderbird/](https://www.mozilla.org/en-
GB/thunderbird/)

Also, the V1.0 release of Mailpile is meant to be coming soon:

[https://www.mailpile.is/](https://www.mailpile.is/)

[https://github.com/mailpile/Mailpile](https://github.com/mailpile/Mailpile)

For setting up your own email server...

[https://mailinabox.email/](https://mailinabox.email/)

[http://www.iredmail.org/](http://www.iredmail.org/)

------
devmunchies
I'm a paying user, and have to say, I think I may want to give up this extra
security for Google's world class spam filtering.

~~~
gcb0
you might want to check yahoo mail then.

I work for them (oath now). and at some point all employers were forced to
dogfood it. the UI took a while to get used, but now I miss in app tabs witg
several emails (in Gmail I need browser tabs).

...Long story short: after yahoo was acquired we moved to gmail. you cannot
belive how much more spam shows up on my imbox that I had never seens before.

not to mention yahoo took the high road on properly fighting spam for
everyone, even if made them loose some users using misconfigured email lists.

~~~
1024core
I would like to respectfully disagree about spam on Yahoo mail. I have so much
spam there, you won't believe. And what irks me the most is that a lot of it
is _easy_ spam: viagra, etc.

~~~
gcb0
well, you have one anecdotal data point with two different email addresses,
while I was providing a fact on 10,000 users with the same email addresses on
both platforms.

my guess, you probably had the y email much longer than the g one (yahoo mail
is a decade older) and you posted that email in too many geocities
guestboards. do the same with your g address and report back in 10 years :)

------
ninegunpi
While I love ProtonMail as an effort to popularize security for end-users and
trying to come up with smart technologies to achieve that, the whole risk
model behind the writeup barely stands scrutiny. What's worrying, ProtonMail
(who declare security a first-class feature) use "features" instead of systems
to define security of their service.

If you think of it for a second, web crypto (protection against intermediaries
and dishonest server) actually requires trusting the server, so no encryption-
derived claims are sound if the server is dishonest. Any third party
exploiting (or forcing legally) the server can make it dishonest and collect
required keys in few simple steps. And, FWIW, if encryption is controlled by
browser, adversary compromising the client itself can simply disable it.

So, while the effort is very important (and I bet they'd be around the first
people who will suggest techniques for safe in-browser crypto execution), it
isn't that they can be compared security-wise other than: \- ethics \-
security policy \- competence of security teams.

Isn't a level playing field for ProtonMail.

And, my final problem is, 99% of people are still outside Protonmail anyway,
hence the intolerant winner argument, which ruined PGP and will ruin many
optional security systems on top of convenience protocols in the foreseeable
future.

~~~
protonmail
PM team here, we just made an account to comment.

We actually agree with some of the points made above, but we'd like to add the
following commentary...

Encrypting email while making it more usable than PGP is hard. There's no
getting around that. Web crypto is always going to have some shortcomings, but
web mail is on the rise, and at the end of the day, web crypto is better than
no crypto.

That said, we have been working for some years towards moving ProtonMail
encryption entirely to the local environment using our Bridge application,
which will be released soon. There is also extensive R&D being done on end-to-
end authentication and ensuring key validity.

You are correct in that it is not a level playing field. This is why the tech
industry is fast becoming an oligarchy or even a monopoly, owned and
controlled by a few big players. However, we think that not playing is taking
the easy way out, so even though the game is 'rigged' against us, we have a
great team of engineers who have decided to play anyways.

~~~
twiss
I've been working on using Service Workers to fix the trust issues of web
crypto: [http://blog.airbornos.com/post/2017/08/03/Transparent-Web-
Ap...](http://blog.airbornos.com/post/2017/08/03/Transparent-Web-Apps-using-
Service-Worker)

Shoot me a message if you're interested in implementing something like that in
ProtonMail.

~~~
ninegunpi
Wow, this is very cool, I need to read more about that.

------
jabbabla
Anyone thinks this would interfere with their security?
[https://www.reddit.com/r/ProtonMail/comments/6ru9pf/ive_had_...](https://www.reddit.com/r/ProtonMail/comments/6ru9pf/ive_had_enough_of_protonmail_heres_why/dl8irqq/)

> The final nail in the coffin for me is this page right here:
> [https://protonmail.com/blog/transparency-
> report/](https://protonmail.com/blog/transparency-report/) Can I draw your
> attention to this sentence: "After reviewing the relevant evidence forwarded
> by US authorities, criminal intent was apparent, so Proton Technologies AG
> decided to comply with the data request"

------
sixothree
I have to mention the Direct Project. This is secure email that is in use
today by a vast number of healthcare professionals.

[https://www.healthit.gov/providers-
professionals/faqs/what-d...](https://www.healthit.gov/providers-
professionals/faqs/what-direct-project)

It uses trust bundles that hold the public key. Identity is vetted so there is
no spam and it helps guarantee you are communicating with the right person.

[https://www.directmdemail.com/info/how-it-works/Direct-
excha...](https://www.directmdemail.com/info/how-it-works/Direct-exchange)

edit: I would also like to add that the direct trust model is starting to get
used for things outside of email.

~~~
rrggrr
What is a "trust bundle"?

~~~
sixothree
To add to the trust bundle a vendor needs to be accredited. The trust bundle
holds the public key for every "email" address.

~~~
Niten
So it's a PKI, except obfuscated by a bunch of health industry acronyms and
"accredited" logos?

~~~
sixothree
It always surprises me how little this tech community knows about the Direct
Project, especially considering how many hundreds of thousands of people have
direct addresses assigned to them.

This thing is in production very wide usage by health industry. And the
applications for it continue to grow. For example FHIR via Direct promises to
empower patients.

But yes, this particular implementation especially is PKI with identity
vetting. There are other trust bundles with different logos and requirements.

But the direct project defines more than just the PKI. It defines edge
protocols such as XDR and IMAP. It also defines methods for message delivery
and processed notifications.

And of course you can create your own trust bundle with whatever requirements
you want.

This particular accredited portion means that these organizations have
particular identity vetting processes for users, have on site visits to
inspect servers, and adhere to a long list of privacy and security practices.

------
edf13
__Zero Knowledge Encryption __

So what happens if, say a hacker breaches the systems and makes an
interception at the SMTP level... before they encrypt? They then can read your
mail before ProtonMail encrypts it...

There is a lot of marketing bumpf on this page without any link to detail.

------
ryanpcmcquen
I like ProtonMail but ended up going with Tutanota for a few reasons:

\- Encrypted emails sent to non-Tutanota users are permanent (they expire at a
maximum of 28 days with ProtonMail).

\- Tutanota has an email export feature.

\- Tutanota is WAY cheaper.

------
bad_user
Encryption is cool, but in terms of security, Google probably hires more
security researches than the entire staff of ProtonMail.

> _Protected by ... European privacy laws_

So is GSuite ([https://gsuite.google.com/](https://gsuite.google.com/))

> _No conflict of interest_

There is no conflict of interest with G Suite either, which is governed by a
different Terms of Use than normal Gmail. If that wouldn't be the case, being
the "business" version, G Suite would be banned in most European companies.

~~~
ocdtrekkie
Bear in mind, European privacy laws only help you with Google (or other US-
based providers) if you're a European citizen (via things like Privacy
Shield). Whereas with ProtonMail being located in Europe, they're likely to be
better protected from US law enforcement requests as a whole. US providers
have no obligation to provide US citizens European-quality privacy
protections.

------
Spooky23
The meaningful differences come with costs too.

“Zero knowledge” of email content means I can’t search my corpus of email
without having all of that mail on a PC with a client that has a search
feature.

What’s a bigger risk to you?

“End to end encryption” We’ve all had the PGP discussion. That adds a lot of
complexity and a lot of cost and risk. Good luck searching it.

“TLS transport” Welcome to 2017, this isn’t meaningful.

It sounds like Proton Mail is a cool service. But that security comes at a
capability cost and comes with other complexity that users may not understand.

~~~
protonmail
We are close to solving the search issue actually. With the ProtonMail Bridge,
full body search can happen locally so the servers can remain "zero
knowledge".

------
cwyers
I would not view being hosted outside of the US as an unalloyed good,
especially for a US citizen. Legally, the NSA has a much freer hand in terms
of surveillance of targets outside of the US. Putting your e-mail traffic
outside of the US is no guarantee of anything, it's a set of tradeoffs. As
others have noted, security isn't absolute, and depends on your threat model.

~~~
kazen44
For a non US citizen however, Not having your mail hosted in the US atleast
makes spying not completely automatic. Because in the US, the NSA has the
legal right to wiretap all foreigh communications.

------
SaltySolomon
So, do they employ spam filters and they can still read messages before they
encrypt them if the come from a third source, right?

~~~
maxk42
Yes and yes.

The utility is not in magically making every email sent to or from you
unreadable to 3rd parties. The utility is purely on the side or privacy
intrusion: be it via court order or hacker. Nobody can compel them to decrypt
any messages that have been sent to or from you and stored on their servers.

Protonmail will NOT: Prevent interception of your messages by 3rd-party MITM
attacks.

Protonmail WILL: Protect your privacy versus legal authorities. Safeguard your
stored communications against hacker breach. Provide a high-quality, ad-free
email experience and multiple email addresses.

~~~
SaltySolomon
My point is being that they could be compelled to hand over all future
messages to your account, because if they are doing spam detection then they
will have it in a readable unencrypted state.

------
TheRealPomax
"ProtonMail uses Zero Knowledge Encryption, which means it is technically
impossible for us to decrypt user messages" is kind of false within the
definition of "impossible". It is exactly as feasible for them to crack
encryption as it is for any other party with an encryption and security
background, so really this is "The only way for ProtonMail to read your email
is by cracking it, which can be prohibitively time consuming" but really it
won't be because the fact that "ProtonMail takes care of the security" means
that if the service ever becomes mainstream popular, the proportion of people
using easier-to-crack-than-should-reasonably-be-the-case password will
skyrocket.

------
mungoid
I have a paid account and only use protonmail for business and personal emails
and use Gmail for anything else. 95% of the emails I get are junk anyway so I
just try to separate that even more.

It seems most people care more about spam filters and search functionality
than security. Which is kind of a downfall of protonmail because it probably
will never have high adoption because if you want good search and spam filters
then it means your emails need to be scanned by the servers.

Most people have multiple email accounts anyway, so why not use protonmail for
the important emails and another service for junk account signups and
everything else?

------
nthompson
I run bandgap.io off of protonmail. I have had no problems with
deliverability, have had great interactions with customer support, and enjoy
using the product. After email hack after hack, I just couldn't see how I
could ethically store my own users support emails unless they were end-to-end
encrypted.

Potential improvements: Searching the inbox isn't great, and I'd like to
reduce my attack surface by moving my transactional email from sendgrid to
protonmail (not yet supported). Also, it might make sense for protonmail to
become an OAuth provider-I'd be willing to support it on bandgap.io

------
mping
zero knowledge encryption means that there's no search functionality right?

~~~
orwin
You can't search content. This is the main reason i had trouble switching to
ProtonMail in 3 years.

~~~
g4k
You can use the (beta) ProtonMail bridge to sync your emails into Thunderbird
and search there.

------
sitepodmatt
A heavy amount of ProtonMail's infrastructure is in New York at NYI [1]
accordingly to blog posts however they say 'ProtonMail stores user data
exclusively in European countries with strong privacy protections such as
Switzerland.' Now I am confused

[1] [https://blog.fastmail.com/2017/05/13/nyi-datacentre-
move/](https://blog.fastmail.com/2017/05/13/nyi-datacentre-move/)

~~~
sitepodmatt
Oops I've got fastmail confused with proton

------
robin_reala
Unfortunately this doesn’t work with IMAP. That’s understandable given the
encryption at their end, but it does tie you into their apps.

~~~
drdaeman
It certainly does, but require client software that's capable to decrypt the
data.

I think almost every desktop mail client support S/MIME. Many support
PGP/MIME, using plugin/extension or natively. Unfortunately, the situation is
much worse on mobile.

Anyway, if the client software is capable - which is rarely true but sometimes
is the case - any classic mail server can store everything encrypted.

If you self-host - just make your MDA pipe the unencrypted emails to GnuPG or
OpenSSL (and encrypted emails are already okay) and that's it. You'll be as
good as ProtonMail (note: [https://protonmail.com/support/knowledge-base/does-
protonmai...](https://protonmail.com/support/knowledge-base/does-protonmail-
encrypt-email-subjects/)). IIRC, there also was some hosted email service that
works this way, although I forgot where I saw it and how it was called.

~~~
robin_reala
Right, I was going by their knowledge base article titled ‘IMAP, SMTP, and
POP3 setup’ where they say:

 _At this time Protonmail does not support IMAP /SMTP or POP3 due to the
technology ProtonMail utilizes within web browsers to encrypt and decrypt your
messages. We apologize for the inconvenience and are working on creative
solutions to allow IMAP/SMTP use._

[https://protonmail.com/support/knowledge-base/imap-smtp-
and-...](https://protonmail.com/support/knowledge-base/imap-smtp-and-
pop3-setup/)

~~~
protonmail
[https://protonmail.com/bridge](https://protonmail.com/bridge)

~~~
drdaeman
Oh, that's awesome idea!

If it uses IMAP4 variant under the hood and not completely
different/proprietary API - are there any plans of possibly releasing this as
a standalone tool someday?

I don't use Protonmail, because I already have self-hosted own-premises mail
system for a long while, but I don't have encryption at rest. Given that you
use OpenPGP, this bridge app looks very interesting. If it only could talk to
a local gpg-agent as an option (rather than an PM account), it would be
probably just perfect.

------
partycoder
Just a reminder that for it to work both the recipient and sender need to use
Protonmail... across the full e-mail thread.

~~~
tonyztan
All your emails are stored encrypted with your public key when on ProtonMail's
servers. And they do support end-to-end encryption with other email providers
(with a user-specified passphrase).

~~~
brightsize
FWIW, ProtonMail also allows you to export your public key from their service.
People who you give the key to can use it to send PGP encrypted mail to your
ProtonMail mailbox. Unfortunately this isn't bidirectional, there's no built-
in way to send PGP-encrypted emails from your ProtonMail account to non-
ProtonMail users.

------
binaryanomaly
Even as a convinced protonmail user I think this post is too much advertising
focused and not addressing the facts correctly. It would be better for the
reputation of protonmail if they would resist launching such campaigns and
stick to the real advantages that differentiate it from the competition.

------
Flimm
What are the security guarantees when emailing someone who does not use
ProtonMail? If there is an encrypted mode, can this mode be turned off? This
is critically important, and yet most of these email providers who talk up
their security fail to bring it up. This article is the same.

~~~
tonyztan
From the article:

"ProtonMail can also support sending/receiving end-to-end encrypted messages
with recipients who are not using ProtonMail."

~~~
Flimm
The article doesn't make it clear what this support looks like. If it's
optional and complicated, people are not going to use it. And if it's
different than what ProtonMail uses internally, all the promises about
security might not apply.

------
plg
If the bulk of your correspondence is with people who have gmail accounts then
guess what, you're pooched no matter what flavour of tin foil hat you wear.

The biggest obstacle in becoming secure with email is all of the other people
you correspond with over email.

------
coworkerblues
Is it actually legal to not log anything ? They specifically claim they don't
log IPs, so if someone wants an email data, all they can give him is just
encrypted email dumps ? how can that be a possibility ?

------
woolvalley
One thing that frustrates me about protonmail and most other mail providers is
it's limits on email aliases, even if your using your own domain. With gmail
you get an unlimited number of aliases.

------
amelius
Very nice. One question though: how can we check if what they say is true? Is
their client open-source?

Also, would it be possible that if I open an email on an Android device, that
Google still could read the email?

~~~
orwin
For the first question:
[https://github.com/ProtonMail/WebClient](https://github.com/ProtonMail/WebClient)
For the second, it is unlikely, spying on third party app is not in the ToS of
android, and if google (or any big tech company, really) is caught doing
something not in the ToS, it will cause a PR shitstorm.

I have a Proton Mail account since 2014, but i never really used it. I might
give it a try again today.

~~~
amelius
Ok. But for the first question: is the protocol free? Because if it is
proprietary and limited to this one service, I fear that at most a few people
will be interested in digging through the source code.

------
dfrankow
Can you search protonmail email quickly? Search is pretty useful.

------
StavrosK
Does anyone know how they reconcile "zero-knowledge" and allowing people to
log in? Do they encrypt your private key with a KDF of your password or
something?

~~~
tonyztan
They use SRP for authentication, and yes, your private key is encrypted with a
key derived from your passphrase.

[https://protonmail.com/blog/encrypted_email_authentication/](https://protonmail.com/blog/encrypted_email_authentication/)

~~~
StavrosK
I see, thanks. So they use SRP with the password to authenticate, and then
KDF(password) to decrypt your email (as they say). I would hope (and they
probably do) use the latter to decrypt an encryption key for your email,
rather than using your KDFed password directly, as that would mean they'd need
to reencrypt all your mail if you changed your password.

------
trey-jones
I've used ProtonMail for some small number of communications, and I really
like it for limited use. I can't speak to using it for everyday email
purposes.

------
rbcgerard
For any ProtonMail users - what do you do for calendar?

~~~
dredmorbius
Use an independent calendar app or system (e.g., paper).

------
homakov
> In fact, not even ProtonMail has the ability to read your messages

Protonmail is a website which can read contents of your email, did I miss
something?

------
literalmind
"Only you can read your emails" \-- surely, the party receiving the email can
read it too, and guess what, they are using gmail.

------
josefresco
So this is ProtonMail vs Free Gmail correct? Not G Suite?

Why would you compare a free service with a paid one?

~~~
KGIII
Proton has a free tier, if that helps make it more clear. Though I'm not sure
that free vs. paid is such a distinguishing characteristic that makes it
impossible to compare.

If I give you some blueberries and you buy some from the store, you're still
able to compare and contrast the two and the paid blueberries may actually be
inferior to the free berries.

------
the_common_man
Does 'millions of users' mean active users? Like those who login everyday?

------
cookiemonster89
Yes, but it's missing a calendar. Definitely more secure though

------
darkhorn
May be ProtonMail is owned by CIA. Who knows.

------
chisleu
They don't take crypto currency :(

~~~
protonmail
We do, ProtonMail takes Bitcoin now.

------
tankered
Protonmail is not email, and should stop misrepresenting itself as email.

My favorite 'feature' of protonmail is that you can't access your messages via
imap or pop, and their suggestion regarding exporting messages is: "At this
time, you are able to save individual emails by using the "Print" function
found inside each email in your account."

Protonmail had a very weird role in campaigning against the new sigint-law in
switzerland, they used it for marketing for their service... now they say it's
not that bad because protonmail advises the government on it.

I am very dubious of protonmail's claims. They don't release their server-side
code, so nobody can audit it. There is no way to make sure a PGP encrypted
message sent to a friend is _actually_ encrypted with their public key only,
you have to trust them.

You are also just one XSS away from losing your private key...

The reason not to open source the backend code is... terrifying:
[https://protonmail.com/blog/protonmail-open-
source/#comment-...](https://protonmail.com/blog/protonmail-open-
source/#comment-8919)

What about the other things that are important, like does protonmail do full
disk encryption? do they log ip addresses? They require you to sign up with a
phone number if you use tor, but "promise" not store that. How can we trust
them?

Their ToS states: "you agree to not use this Service for any unlawful or
prohibited activities". But hey, if Mr. Robot uses it, it must be good!

They also have a very shifty claim of e2e encryption and a weird de-facto
disabling the use of pgp. They do use openpgp.js, but for encrypting your
mailbox, not for actually using pgp to mail other people.

They do actually support incoming pgp just fine, but I like to think of e-mail
is bidirectional. To be fair, that is something they've had on their roadmap,
but for almost three years now. Giving up the ability to send pgp-encrypted
e-email is not a great trade-off (and let's not even get started on their
notion that you're somehow better off with gmail as long as you use pgp).

So, trust the server, trust the HTTPS connection, trust the browser to not
have any backdoors or security flaws in all extensions, and trust other apps
that can access the browser's files and syscalls. Trust us, we are in
switzerland. Why do people think that switzerland makes them somehow better
position to deal with legal issues? Anyone from switzerland will tell you that
they are not immune from evil laws and different parts of switzerland are
significantly more draconian than others. Tell me how switzerland is some
safe-haven that you should use as a criteria to determine your opsec. This
selling point is pure snake-oil.

~~~
KGIII
Refresh the thread. They are working on something they call Bridge. They have
an employee here, in the thread, posting links and answering questions.

------
datawarrior
I gave up on ProtonMail. The lack of a calendar means you often need to go
back to using Google Calendar or Outlook.com Calendar, kind of negating the
privacy benefits if you're a heavy calendar user.

Secondly, its been years and you still can't store more than a single email
address for a contact. This is so incredibly ridiculous that I have an
extremely hard time understanding how they get away with charging what they
do.

Lastly, the mobile app drives me nuts. I just can't get used to using it. You
delete a message and a notification pop down drops from the top covering the
next email so that you can't select it until the pop down notification goes
away. This is deal breaking for me as if I have to go through 20 emails I have
to sit and wait over and over and over again for this notification to go away.
Yes, a message was deleted, I'm the one that deleted it, I don't need a
notification telling me I did so. Infuriating to use.

~~~
jszymborski
I'm optimistic about ProtonMail in the long run, but won't use it until it
gets out of my browser and onto a native app on my desktop.

If UI problems bother you, and you need a calendar, you can use mailbox.org
which (1) can encrypt incoming emails w/ your GPG key, (2) offers SMTP so you
can use Thunderbird, (3) comes with a calendar you can use on thunderbird/your
phone via network.

They're also based in Germany, which is nice.

~~~
bogomipz
>"They're also based in Germany, which is nice."

They're based in Switzerland which is no longer a safe haven, although
ProtonMail seems to still trade on the idea that it is.

See:

[https://www.theguardian.com/world/2016/sep/25/switzerland-
vo...](https://www.theguardian.com/world/2016/sep/25/switzerland-votes-in-
favour-of-greater-surveillance)

~~~
jszymborski
I meant mailbox.org is based in Germany :)

~~~
bogomipz
Ah sorry, I didn't read closely enough, mailbox.org looks good. Cheers.

------
vacri
> _ProtonMail takes the opposite approach and by default, does not monitor or
> record user activity, not even IP addresses._

Hrm, where's the pricing? Oh, it's based on "Messages per day" and "Folders /
Labels"...

This doesn't detract from the meat of the article, but when user activity is
involved in the pricing, you clearly can't claim 'no activity monitoring'.

------
onychomys
It's so cute that they think that the NSA can't read PGP-encrypted messages.

~~~
flashdance
There is no evidence that PGP is compromised. In fact, the snowden leaks
revealed that the NSA has "serious problems" following people through TOR, and
is unable to decrypt some OTR and PGP encrypted messages.

[https://www.theverge.com/2014/12/28/7458159/encryption-
stand...](https://www.theverge.com/2014/12/28/7458159/encryption-standards-
the-nsa-cant-crack-pgp-tor-otr-snowden)

------
matt4077
Oh, wow. This makes me want to switch our work email away from Protonmail...

* If you are not comfortable giving Google unlimited access to all of your intimate communications*

Who would? But this is a sleight-of-hand where we somehow got from "google
targets advertisement based on email content" all the way to "everyone working
at google reads your email, and they all make fun of what you did last night".

By those standards, Google also reads everything on protonmail. At least if
you use Chrome.

Besides, there are other factors than just encryption standards that impact
security. The largest of all is the organisation you're trusting.

Google is obviously far ahead in terms of expertise and resources. They also
have far more to lose, are probably better set up to protect against rogue
insiders, and are impossible to compromise with money. OTOH, they're subject
to FISA courts and whatnot.

------
c0nst
ProtonMail seems very nice, however, I'm concerned about if it is truly
private.

ProtonMail has being known to shutdown accounts related to right wing, anti-
semantic groups. Granted that those are extreme group. However, it will become
a very slippery slop. [http://govtslaves.com/2017-08-29-eff-warns-that-
banning-extr...](http://govtslaves.com/2017-08-29-eff-warns-that-banning-
extremist-websites-based-on-their-content-is-a-dangerous-slippery-slope.html)

"I do not agree with what you have to say, but I'll defend to the death your
right to say it."

Evelyn Beatrice Hall

