Skip to main content

Proton Mail Detailed

ProtonMail is an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland by scientists who met at the CERN research facility. ProtonMail uses client-side encryption to protect email content and user data before they are sent to ProtonMail servers, unlike other common email providers such as Gmail and Outlook.com

ProtonMail secure encrypted email service review

Our Verdict

ProtonMail is an alternative web-based mailbox for sending secure communications using PGP, but it comes with a long list of caveats that might put people off signing up.

Pricing

ProtonMail has a free account with a ‘limited features’ that includes 150 messages per day, 500MB of storage and limited support.

The first paid level is the Plus account costing $4.00 a month that allows you to send up to 1,000 emails a day, keep up to 5GB of emails in storage, have five email aliases and use your own domain name if required.

There is also a business user tier where each employee billed at $6.25 per month to use the service.

Features

If you’ve used Google Mail, Outlook.com or anything similar then you’ll not find much about ProtonMail jarring, as it follows a very similar model.

There is a recognisable Inbox, you can create folders for specific emails conversations to live, and there are filters to action on incoming emails, and so on.

And, for most users, it might initially seem like there is little difference between this email and any other web-based solution. 

One more useful feature of the system is the ability to make emails self-destruct a specific time after they’ve been sent. 

We mention this ability because this is the exact feature that the infamous Cambridge Analytica used on ProtonMail to obfuscate its notorious activity in respect of harvested Facebook data and selling it on.

However, it only takes one of the parties in these exchanges not to be a ProtonMail user or forward an email, and the game is up, should investigations occur.

Given the example of Cambridge Analytics, that you are using ProtonMail will suggest that you’ve something to hide even if you’ve done nothing wrong, and having the system set up to send time-limited emails might only serve to enhance that impression to any law enforcement, should they investigate you.

That might seem wildly unfair, but this is the world we live in.

There are mobile apps for iOS and Android that provide almost identical functionality to the web version. There is no desktop installable app.

However you choose to use it, you can attach files up to 25MB in size or include links to larger files stored elsewhere on Cloud storage.

Where it is different is that when you are composing an email, you have the option to encrypt the email with a password that is required by the recipient at the other end to access the message.

You can provide them with a ‘hint’ as to what that password might be or send the password by another means.  But by whatever means you aim to get them that piece of information, for this to work they must know it.

And, they must remember that specific password if they ever want to read that email again.

On the paid version of the service, you can associate passwords with contacts allowing them to be automatically reused with each mail they are sent from that point onwards.

This situation, as might be expected, is easier if both parties are using ProtonMail or if you use a Public encryption key, but that assumes a level of coordination that isn’t practical or achievable for some.

You may be wondering what happens if you forget your password to ProtonMail and are forced to reset it?

That’s not a great situation. Because as ProtonMail doesn’t keep a copy of your password (according to them). And, while it can make your account active again, and you can see the emails in your folders, you won’t be able to see the contents without that password.

Everything from before the password change will be denied to you, forever.

And, the encryption of all mail also has another major downside we noticed.

As Gmail users, we often need to refer to an old email, and we usually find that by putting a word we know will be in the contents into the search box.

(ProtonMail explained why they do not do content analysis; "the system" they said, is "built in such a way that we could not read the content of the email. This gives our users privacy and puts in them in control of their email and data". In other words, they do not compromise on security)

This approach might work with Gmail and most email systems, but not with ProtonMail. It doesn’t keep indexes of the encrypted emails to scan for those words, so searching by contents isn’t possible.

For anyone that uses email extensively that’s a major drawback and being only able to find an email by the contact name or with a word in the title is very limiting indeed.

Security

The entire purpose of ProtonMail is to be secure, although that does make some restrictions on how you and those you communicate with use it.

Sending fully encrypted emails to those not using ProtonMail requires them to have the password as we previously mentioned, and if you intend to send regular emails, it is probably easier to get them a free account to use for the purpose.

Encrypted emails never travel or rest in an unencrypted form, and if you activate two-factor authentication, it should be reasonably safe from anyone guessing your password.

Much kudos is given on the ProtonMail website of the physical server locations in Switzerland, and how that somehow emboldens them with the ability to resist the legal demands of other countries to provide access to email held on its system.

Parallels are meant to be made, we assume, with the Swiss banking system, infamous for keeping the bank accounts of the worst regimes and their leaders from international authorities

However, the Swiss also have information exchange agreements with the likes of the USA, and in that respect, they’re duty bound to hand over data in certain circumstances.

It is also asserted that not even ProtonMail can read the emails of its customers, but is any of this believable?

ProtonMail claim not to hold the encryption keys that would enable them to unlock the emails, allowing them to hand over the encrypted emails, but not the means to access them.

Several hackers have claimed to have hacked ProtonMail, although up till now they have been unwilling to prove it.

Until a hacker produces evidence of successfully attacking ProtonMail, then it seems reasonably safe to assume it is a secure system, for now.

Performance

The performance of ProtonMail is generally good, and we were especially impressed with how rapidly it accepts attachments.

What we easily can’t test is if the speed of the system reduces once you’ve got thousands of emails on it, although as you can only see a limited number of emails at any time, it should still be quick.

Where it slows down is when you use it in preview panel mode, as each email needs to be decrypted as you highlight it to fill the panel with the contents.

Being able to move back and forwards between a view with the panel and another with just the list is important if you have many emails to navigate through, and then click on the ones you need to read.

Final verdict

Despite some useful features, there are issues with ProtonMail, and we’re not just talking about bugs or other technical points.

While researching this review, we found a significant number of free and paying customers with harsh things to say about the customer services side of this business.

One especially worrying trend is customers who for no obvious reason have their accounts frozen. A scenario from which you have no appeal even it accused you of fraud or some other illegality.

(ed: ProtonMail has emailed us to confirm that they will never take down or block an account unless the users clearly abuse their terms and conditions. This is, in their own words, the last measure)

Once this happens, you can never access those emails again, and from what we understand ProtonMail deletes them all.

And for good measure, some paying customers have also accused them of billing irregularities.

Any sizable business collects complaints. However, ProtonMail does seem to gather a very high proportion of them compared to accolades, and when multiple users make the same or similar complaints, it can’t be easily dismissed.

Because of these concerns, and other performance issues, we find it difficult to recommend using this tool for a commercial purpose.

We should also mention that if you install PGP on your computer, and on that of the person you wish to communicate securely, then you can use almost any email system and achieve similar results. And, that costs nothing.

Scanning the positive comments made about this business, it is easy to find individuals who want something that isn’t controlled by Google, Microsoft or Yahoo. ProtonMail certainly fits that criteria, but at what cost?

But what you gain in theoretical protection from prying eyes you give up in terms of wider security, development, design and software integration.

Comments

Popular posts from this blog

How to hack wifi in Windows 7/8/8.1/10 without any software | using with cmd

How to Hack Wifi password using cmd Hello Friends, In this article we will share some tricks that can help you to hack wifi password using cmd. Youcan experiment these trick with your neighbors or friends. It’s not necessarily that this trick will work with every wifi because of upgraded hardware. But you can still try this crack with wifi having old modems or routers. 1: WEP: Wired Equivalent Privacy (WEP) is one of the widely used security key in wifi devices. It is also the oldest and most popular key and was added in 1999. WEP uses 128 bit and 256-bit encryption. With the help of this tutorial, you can easily get into 128-bit encryption and Hack WiFi password using CMD. 2: WAP and WAP2: Wi-Fi Protected Access is an another version of WiFi encryption and was first used in 2003. It uses the 256-bit encryption model and is tough to hack. WAP2 is an updated version of WAP and was introduced in 2006. Since then it has replaced WAP and is now been used mostly in offices and colle...

A Beginner’s Guide to Getting Started with Bitcoin

A man looks for Bitcoin Oasis If you have heard about blockchain or cryptocurrency, then the term that initially comes to mind is Bitcoin . Launched 12 years ago, it was the late 2017 bull run that created a media frenzy that propelled Bitcoin into the mainstream and our modern day lexicon. Often labeled as the “original” cryptocurrency, Bitcoin has been the catalyst (directly and/or indirectly) behind many new innovations in the blockchain and digital asset space, most notably Ethereum and Monero . Shortly after the late 2017 bull run lost its steam, interest in these new technologies started to fade ― but here we are in 2021 with Bitcoin having risen like a phoenix from the ashes. As you would assume, an appetite for the blockchain and digital asset space has returned and now it is more important than ever that we understand what exactly is behind this unique asset, Bitcoin. This article is meant to be a guide for individuals who are new to cryptocurren...

Copilot - Microsoft is gearing up to introduce its AI companion

 Microsoft is gearing up to introduce its AI companion, Copilot, this upcoming fall season. The highly-anticipated rollout is scheduled for September 26, with Copilot poised to seamlessly integrate with various Microsoft services, including Windows 11 and Microsoft 365. Additionally, enterprise customers can look forward to the availability of a new AI assistant, Microsoft 365 Chat, starting in November. Copilot, described by Yusuf Mehdi, Corporate Vice President and Consumer Chief Marketing Officer at Microsoft, as an "everyday AI companion," aims to make your daily workflow smoother and more efficient. Its primary goal is to embed an AI-powered "copilot" within Microsoft's most popular products, ensuring widespread accessibility. What distinguishes Copilot from other AI assistants is its focus on integration. Rather than operating in isolation within specific applications, Copilot promises a seamless user experience across multiple Microsoft products. This com...