▪ Based in: Switzerland ▪ Storage: 5 GB to 20 GB
▪ Price: $4.00/mo ▪ Free tier: Up to 500 MB
If you want to protect your email from prying eyes, but don’t need the kind of protection that keeps spies and whistleblowers alive, ProtonMail could be the secure email service for you. It utilizes PGP encryption standards, is based in Switzerland, and has a solid reputation in the privacy community..
Guest author Sven Taylor is the editor of Restore Privacy, a blog dedicated to inform about best online privacy practices, secure your electronic devices, unblock restricted content and defeat censorship.
While ProtonMail remains a leader in the secure email space, it has also attracted some controversy lately, which we’ll examine in detail below. Additionally, we’ll post our hands-on test results and take a deep dive for this ProtonMail review.
Because ProtonMail positions its service as one of the most secure email options available, above and beyond other secure email providers, we’re really going to put it under the microscope. At the end of the day, only you can decide which is the best secure email service for your unique needs and threat model. This review has been updated to reflect the latest changed in ProtonMail as of April 2020. Now let’s get started.
- End-to-end (E2E), or zero-access encryption for Email, Calendar, and Contact information
- Officially under Switzerland jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web client, encryption algorithms, and iOS code are all open source
- Strips IP address from emails
- Can be used with email clients through the ProtonMail Bridge feature
- Can import contacts and emails through the bridge
- ProtonMail does not encrypt email subject lines
- Utilizes phone number verification
ProtonMail features overview
ProtonMail utilizes strong end-to-end and zero-access encryption standards to protect all email, contacts, and calendar data. That means all your data is encrypted when stored on ProtonMail servers (but not email subject lines). Aside from this multi-tiered encryption system, ProtonMail has several interesting features, including:
- The ability to send “self-destructing messages,” which are automatically deleted at the time the sender specifies.
- Address Verification, a way to ensure that a Public Key received from another user hasn’t been tampered with since you first verified it.
- Full PGP support.
- Premium accounts with a range of additional benefits, including a brandable Business account.
- The ability to send encrypted emails to non-ProtonMail users.
- Android and iOS mobile apps.
- ProtonMail Bridge, which allows ProtonMail to integrate with other email clients that support the IMAP and SMTP protocols. This also allows you to import emails into your ProtonMail account from other services.
Overall, this is a good lineup of features.
Note: The beta version of ProtonMail 4.0 remains in the works. The ProtonMail 2019 roadmap states that their goals for 4.0 include:
- Encrypted Search
- Conversation View
- Multi-user support on mobile devices
- Encrypted Calendar
ProtonMail company history, investors, and funding sources
The ProtonMail family of products is run by Proton Technologies AG, a company based in Geneva, Switzerland. The founders met while scientists at CERN and came up with the idea for ProtonMail in the CERN cafeteria, as the story goes.
Funding for ProtonMail has come from various sources over the years. Aside from regular paying users, Protonmail has also benefited from the following funding sources:
- In 2014, ProtonMail launched an Indiegogo crowdfunding campaign which brought in over half a million dollars.
- In 2015, ProtonMail accepted a $2 million investment from a US-based firm called Charles River Ventures (CRV).
- In 2019, ProtonMail accepted €2 million from the EU to “develop a suite of encrypted services.”
ProtonMail does not encrypt email subject lines
One concern I have is that ProtonMail does not encrypt the subject lines of messages. From the ProtonMail website:
All ProtonMail data at rest and in transit is encrypted. However, subject lines in ProtonMail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments are end to end encrypted.
ProtonMail complies with the OpenPGP encryption standard. In that standard, address-related metadata is part of the message header and must remain unencrypted to allow a message to reach its destination.
The ProtonMail approach makes them compliant with the PGP specification, but leaves this potentially revealing data unencrypted. We will return to this important subject more below.
ProtonMail servers and data security
All ProtonMail servers are physically located in Switzerland in secure facilities. This means user data is protected by Swiss law, which generally provides for better privacy than USA or EU law.
However, ProtonMail makes it clear that if you violate Swiss laws, and they receive a Swiss court order, they will have to turn over whatever information they have on you to the Swiss authorities. This is where the lack of encryption for the Subject line of messages can become a problem.
While the bodies of your messages and any attachments should remain safely encrypted, addressing information and the Subject lines of your messages are stored in the clear and would be provided to the authorities. This information is enough to give anyone possessing it a good idea of who you communicate with and the subjects you discuss with them.
Some people also question how free from USA and EU influence Proton Technologies really is. They have two international support centers, one in San Francisco, California (USA), and one in Skopje, Macedonia (Macedonia is a candidate for EU membership).
All that said, the ProtonMail threat model document specifically states that, “we cannot guarantee your safety against a powerful adversary.” The spy agencies serving the USA and EU definitely qualify as “powerful adversaries.” So if you decide to take on one of the Five Eyes, violate Swiss laws, or something equally crazy, using ProtonMail is unlikely to save you.
ProtonMail technical specifications
ProtonMail uses a variety of encryption algorithms to protect your messages. All messages are end-to-end encrypted and also remain encrypted in your mailbox until actively being read. The algorithms they use are open source versions of AES and RSA along with OpenPGPjs algorithms:
- TLS 1.0
- DHE RSA
- SHA 3
QuoVadis Trustlink Schweiz AG signs SSL certificates for ProtonMail. Security features of the certificates include:
ProtonMail hands-on testing
If you’ve used email services like Microsoft Outlook or Gmail, you will find ProtonMail to be easy to work with. For this review, we’ll be looking at ProtonMail Plus plan, the first tier of paid ProtonMail service. At this time (April, 2020), you need to have a paid ProtonMail account and access the beta version of the product to use some of the newest features, such as their new encrypted Calendar.
Creating a ProtonMail account
Creating an account with ProtonMail is pretty self-explanatory. You can get an account in a matter of minutes:
- Go to the ProtonMail website.
- Create a username and password. (Recovery email is optional.)
- Go through the verification steps
Next you will need to go through a verification process, but you do have different verification options you can select:
I’ve seen complaints about ProtonMail forcing people to go through phone (SMS) verification when signing up through VPNs or over the Tor network. Although I don’t like how ProtonMail is utilizing SMS verification, it is important to protect the service from spammers and bots.
Signing in to ProtonMail
Signing in to ProtonMail is easy and straightforward. Simply go to the homepage and enter your login credentials. To get access to all the features we will discuss in this review, you need to have at least the ProtonMail Plus plan, and select the BETA link circled in red (below) when logging in.
When using ProtonMail, you have the option to create a recovery email inbox, which can be used if you lose your password. Once you sign into ProtonMail, you can stay with the free plan indefinitely, or you can upgrade to one of the paid plans. As is common with most secure email services, the paid plans offer more storage and additional features over the free plan.
As we go through this ProtonMail review, I’ll let you know which features are available only in a paid plan.
The look and feel of ProtonMail
ProtonMail has a pretty standard interface, with a 3-pane “Row View” layout (we saw that when talking about encrypted subject lines earlier) , as well as the “Column View” option here:
Before we go further, look carefully at the top-left of the preceding image. The three icons that appear there if you have a paid account and are using the beta version of ProtonMail you to switch between different sections of ProtonMail. From the top, they are: ProtonMail, ProtonContacts, and ProtonCalendar.
We’ll talk about ProtonContacts and ProtonCalendar once we finish with ProtonMail. With Column View, you get all the usual folders in the left-most pane, with the ability to add any custom ones you wish. In the center is the message list, with the body of the selected message displayed in the right-most pane. Once you start using it, you’ll notice that like other privacy-oriented mail services, ProtonMail blocks remote content like images by default, giving you the option to load them right at the top of the window.
You can customize the layout of your ProtonMail inbox by clicking the Settings icon, then selecting Appearance in the left-hand column of the Settings window. For example, I used the Layouts section of Settings to switch back and forth between the Row View of the inbox and the Column View.
Exactly what you can do here will of course depend on which ProtonMail plan you subscribe to. We’ll look at differences between the plans later in the review.
Composing messages with ProtonMail
You compose ProtonMail messages in a pop-up composition window with a good set of HTML formatting options, including inline images. Once you get used to the layout, the composition window makes including things like Attachments, an Expiration time, a Read Receipt Request, and Encryption fast and easy. You can adjust the size of the composition window in Settings.
There are a few keyboard shortcuts that help with composing messages. But you won’t find more advanced editing features such as macros and automatic suggestions.
Sending messages to non-ProtonMail users
Like some other secure email services, such as Tutanota and Mailfence, ProtonMail gives you the option to send encrypted messages to people who don’t use ProtonMail. The recipient will need to know the shared password you are using, so that will need to be arranged outside the system. These encrypted messages automatically expire in 28 days (but you can set a shorter date if you wish).
The recipient will see something like the following in their Inbox. If they enter the correct password and click the View Secure Message button, they will be able to see the message you sent them.
This system seems to work very well, as long as you can share the password outside the ProtonMail system to get the process started.
Searching for messages in ProtonMail
ProtonMail has a very limited ability to search your messages. Because messages are encrypted (except while you are actually viewing them), the client can’t search message bodies. This, of course, can be frustrating and really limit your ability to find the message you are looking for.
Updated search functionality – Version 4 of ProtonMail has improved search capabilities compared to previous versions. Message body searching is still not available, but searches are much faster, and you can use complex search terms such as:
(cat -dog) | (cat mouse), which would match text that includes ‘cat’ and not ‘dog’, or ‘cat’ and ‘mouse’
The ProtonMail client works smoothly although there can be a delay when opening a message, given that the message must be decrypted before you can read it. Since the client is browser-based, instead of a stand-alone app, you might find that it slows down as the number of messages in your folders increase, but I wasn’t able to test this.
Comparison to Tutanota search – In comparison, Tutanota (another fully-encrypted email provider) has been offering full-text search capabilities since 2017. To do this, Tutanota creates an encrypted search index which can then be searched locally on the users’ device.
The ProtonContacts secure contact manager is integrated into ProtonMail, giving users a secure way to protect their contacts while functioning smoothly with ProtonMail.
ProtonMail creates ProtonContacts encryption keys for you. It uses those keys in their zero access encryption system to encrypt clear text contact data, ensuring that once they do encrypt your data this way, even ProtonMail can’t read it. ProtonContacts also uses digital signature verification to ensure that no one else can secretly tamper with your contact information. ProtonContacts is also implemented in the mobile apps.
Note that email addresses in contacts are not encrypted using zero access encryption. Why? Because ProtonMail needs to be able to read the email address to make sure your message gets sent to the right place.
Building an encrypted calendar sounds pretty easy at first. Just encrypt all the data until the user opens the calendar, then decrypt the data for them. But just as an email service has to interact with other email services, a calendar service needs to be able to interact with other calendar services. Even worse, a full-powered calendar system needs to be able to share events with other calendar systems. The ProtonMail team battled with this complexity for over a year, and on December 20, 2019, they announced the arrival of ProtonCalendar, their solution to this complex set of problems.
ProtonCalendar is still in early beta. ProtonCalendar is also scheduled to be added to the iOS and Android apps at a future date. The final version will include:
- calendar sharing
- event invitations to anyone (whether they use ProtonMail or not)
- the ability to sync the calendar with events found in your ProtonMail inbox
The ProtonMail mobile apps
ProtonMail has apps for both iOS and Android. I’ve been working with the Android app and it looks good and functions smoothly. At the time of this ProtonMail review, the Android app had almost 24,000 reviews with a solid rating of 4.5 out of 5 stars.
At the time of this review, ProtonMail’s Android app is not open source and is not available on F-Droid. On October 30, 2019, the company announced that their iOS app is now open source. This app gets a score of 4.3 out of 5, with over 1,200 reviews.
Is ProtonMail really secure?
There is a lot of debate out there about how secure ProtonMail really is. Aside from the concerns about connections to the USA and EU that we discussed earlier, there have been some criticisms of the service on other grounds as well.
- Leaving the Subject field in the clear (for PGP compatibility) means more data exposed to anyone spying on the message traffic.
- A paper published at the end of 2018 criticized ProtonMail’s cryptographic architecture on a number of grounds. However, these same criticisms could be applied to any browser-based email client (not just ProtonMail). Here is the response from ProtonMail.
On the subject of using PGP, there are also some benefits in terms of security. OpenPGP is an open standard, which has been extensively audited for security, and is battle tested, and well proven to be secure. ProtonMail also the maintainer of OpenPGPjs, which is the most widely used open source encryption library and has therefore been thoroughly audited.
Lastly, we also have to keep in mind that ProtonMail is arguably the biggest name in the private email space. This makes it a good target for criticism, as we have also seen with NordVPN, the largest VPN provider.
ProtonMail business features
ProtonMail also offers a service for businesses that provides “end-to-end encryption to secure your business communications.”
This service includes migration tools and dedicated support to transition your business from its current hosting to the ProtonMail infrastructure. It incorporates a user hierarchy allowing your Email Administrators to manage user accounts appropriately.
Given the current limitations with search and calendar, I’m not sure ProtonMail would be a great fit for businesses that need all these features. There are other good options that are more fully-featured, such as Mailfence or Mailbox.org.
ProtonMail cost and pricing plans
Since they don’t display ads in their clients, or sell access to your messages to advertisers, ProtonMail charges for their services. As you can see below, ProtonMail has four pricing plans, including a free tier with 500 MB of storage.
The Free plan, with 500 MB of storage, 150 messages per day, and 3 folders / labels could be enough for you. If not, one of the paid plans will likely meet your needs. Note that the Free, Plus, and Professional plans all offer ProtonVPN as an option, while the Visionary plan has the VPN built in.
While there are several secure email services on the market, Tutanota is the first alternative I would suggest. Rather than using PGP and S/MIME, Tutanota has rolled out their own encryption standard incorporating AES and RSA, which encrypts the subject line, supports forward secrecy, and can be updated/strengthened over time. Tutanota has also rolled out a fully-encrypted Calendar feature and is much better than ProtonMail about open-sourcing their clients.
My verdict: Tutanota is the best alternative to ProtonMail in the high-security category. (It is based in Germany.)
There are other alternatives to ProtonMail that offer a lesser degree of encryption and security, but with more features:
- Mailfence is a Belgium-based email that has many features, integrated PGP support, and it works well for groups/teams.
- Mailbox.org is another good option based in Germany with many features and options for teams.
Both Mailfence and Mailbox.org support custom domains.
ProtonMail is a polished and popular end-to-end encrypted email service that will meet the needs of many regular users.
As the most popular secure email service on the market, with a free basic account, it is a great option for regular encrypted communications with friends, business partners, and others who want protection from routine snooping and hacking. For those who want maximum security, with full encryption of subject lines and strong data security, Tutanota might be a better fit.
Is ProtonMail the best secure email service for you? I can’t tell you that since everyone’s needs are different. There are many factors to consider when selecting a secure email provider and the choice all comes down to your own preferences.
If you’re open to alternatives, you can see my guide highlighting the best secure email services.