Harlo Holmes

Director of Newsroom Digital Security

Last updated

Two climbers on the Swiss Alps

ProtonMail is a Switzerland-based email client that offers end-to-end encryption between its users by default. This means that, communication between anyone whose email is managed by ProtonMail can only be viewed by members of that party; no outside parties, including ProtonMail itself, can view the content of any messages sent through the service. ProtonMail uses PGP — Pretty Good Privacy, an encryption standard commonly used for encrypting the content of emails.

PGP is famously tricky to use, but through its design, ProtonMail simplifies things a great deal. If you’re already used to using a client like Mailvelope, Thunderbird with Enigmail, or Apple Mail with GPGTools, you already have a good basis for getting started. If you’ve never used PGP, or need a refresher on the fundamentals, have a look at one of EFF’s excellent explainers.

This guide takes you through how to safely and effectively use ProtonMail’s web app, which you access via your browser at https://mail.protonmail.com. Android and iOS apps are also available for mobile, and those with a Plus account can also use a tool called The ProtonMail Bridge to check your email from Thunderbird, Apple Mail, or your desktop client of choice.

What’s the added value, anyway?

If you’re already curious about ProtonMail, then you are probably keenly aware that email communication can be spied upon. Let’s dig a little further into how and why that might happen.

pm-2.png

Most email providers use a protocol called TLS, or Transport Layer Security to securely deliver email between the sender and recipient’s servers. This makes sure that the minute you press send from your inbox, the email should not be eavesdropped on by anyone on its way between your and your friends’ email providers. Ideally, the only people who can read the content of your email are you, your friends, and the email provider itself. However, this is not a 100% assurance of your privacy for a few reasons. With increasing regularity, legal processes have coerced email providers into handing over targeted users’ emails. And sometimes, encryption is simply undermined by incredibly resourced adversaries. (Spooky!)

For the privacy conscious, another type of encryption is required in order to protect against the consequences of a data request or technical vulnerability. This is where End-to-End Encryption (E2EE), comes into play. With E2EE, a message is turned into complete gibberish before it even leaves your computer and reaches your email provider. This scrambled text can only be unscrambled by your conversational partner. The email provider only holds onto the encrypted gibberish, and in the event of a warrant or subpoena, this gibberish would be all they could hand over, as far as the content of your conversation is concerned. (Metadata is another story, but that’s a whole other post!)

This seems like a perfect way to keep a message confidential, and it almost is! The only hitch? All parties must have the same capability to encrypt and decrypt messages to one another before an E2EE line of communication can be initiated. In other words, you will have differing abilities to have an end-to-end encrypted conversation depending on who you're messaging.

If you're using ProtonMail to email someone who is not on ProtonMail, you should assume the content is not encrypted and can be read by third parties that helped deliver the message. This may be your conversational partner's email provider (e.g., Gmail), as well as internet service providers (e.g., Comcast) if the connection is not secure.

ProtonMail’s privacy matrix

The distinctions might seem hard to grasp at first, but they’re worth understanding if you are to get the most value out of using ProtonMail and other end-to-end encrypted communication systems.

Here’s a handy guide:

If the sender is a... If the recipient is... TLS by default? E2EE by default?
ProtonMail user ProtonMail user yes yes
ProtonMail user Gmail user yes no
Gmail user ProtonMail user yes no
ProtonMail user Self-hosted email user it depends no

Setting up PGP

Before using ProtonMail to communicate with others, you should first take care to maximize your privacy and security before exchanging email. In Settings, visit the “Keys” section, to take advantage of some advanced features.

Set up Private Keys

The default security settings for new ProtonMail users is good, but it could be even stronger if you take the time. You will notice that you have an auto-generated key of 2048 bits. You should replace your primary key with a stronger, 4096-bit key. Next to your email address, under “Actions”, add a new key. When prompted, select the “Highest security (4096-bit)” option.

Once your new key is generated, click the down-arrow next to your email address to expand your keys. Mark the new, stronger key, as your primary key by clicking the down-arrow under “Actions” and selecting “Make Primary”.

Now is the perfect time to export a copy of your private key (which will require your password) and save it to a safe storage space, like a USB stick that you can keep reasonably safe. You can also export your public key in a similar manner, to upload it to key servers elsewhere on the web.

Take note that this is also where you can revoke your key if it is ever compromised, or generate new ones for whatever reason. You shouldn’t need to do this, but it’s good to know that the options exist if you ever need them.

Enable PGP with everyone!

If you recall, you can exchange end-to-end encrypted messages with any other ProtonMail user without ever having to set anything up. However, you will definitely want to enable the same protection with non-ProtonMail users who use PGP through another client.

Navigate to the Security section in your settings, and scroll down to “External PGP Settings.” Be sure to set the “Default PGP Scheme” to Inline PGP.

Adding Public Keys for Contacts

ProtonMail allows you to add people’s PGP public keys to your address book. Navigate to your Contacts tab, and select an entry. Open the contact’s “Advanced Settings” by clicking the gear to the right of their entry.

Under the “Public Keys” section, select “Add Key” to upload your contact’s PGP public key. Once the key is imported, make sure to set the “Cryptographic scheme” to “PGP/Inline” (and not MIME). You can additionally set ProtonMail to automatically sign and/or encrypt all messages to that contact going forward. Click “Save” so the changes take effect.

Contact Advanced Settings panel

Encrypting messages

When you compose a message from the ProtonMail web app, the recipient field will indicate whether or not your conversation will be end-to-end encrypted.

Email address in Compose window indicating that the message is end-to-end encryptedIf you’re emailing someone who also uses ProtonMail, your messages will be end-to-end encrypted automatically. The recipient field shows a blue lock to the left of the address.

Email address in Compose window indicating that the message is PGP encryptedIf you’re emailing someone who uses another service (Gmail, for example) and whose PGP key you have added into your contacts, your messages will also be end-to-end encrypted automatically. The recipient field shows a green lock to the left of the address.

Email address in Compose window indicating that the message is not encryptedHowever, if you're emailing someone who uses another email provider, but you don’t have their PGP key added, end-to-end encryption is not possible. There won’t be any indication next to their address in the recipient field.

This is important; there’s a bit of misinformation floating around that having a ProtonMail account means automatic E2EE email conversations with anyone. This isn’t true, and users should pay attention to these indications before sending off your email. It might take some getting used to, but before long, it will be as simple as using any other email service.

Keeping your account safe

As with any account you care about, you should first take the time to safeguard it against certain threats. Not only do you want to make it harder for hackers to get into your account, but you also want to ensure you can access your account if ever something goes wrong. Visit the Settings tab to enable a few security features before using your account.

Set a strong, unique passphrase

Hackers assume you reuse your login credentials everywhere, so when you reuse passphrases, it only takes a breach of one service for them to figure out how to log in to all the other services you use.  

As with any account, this means you should be using a strong, unique passphrase. (Ideally, you should store this in a reputable password manager).

It’s especially important to have a backup of your password (e.g., backed up to a password manager), because if you lose your password, you will not be able to decrypt any of your old email ever again.

You may also set a reset/notification email address (such as your personal Gmail address) in the event you need to reset your password. Because you don’t want to lose permanent access to your ProtonMail account, this is the best option. However, you should take considerable care to lock down that backup email address as much as possible!

Set up Two-Factor Authentication

ProtonMail currently supports two-factor authentication with one-time-use code apps like Google Authenticator or Authy. Follow the steps on the ProtonMail knowledge base to enable it: https://protonmail.com/support/knowledge-base/two-factor-authentication/ and be sure to save your backup codes somewhere safe.

Monitor access

ProtonMail allows you to audit each connection your account makes with its servers. This allows you to do a few awesome things.

First, you can view all the IP addresses your account has been seen on, which is great for making sure it was you, and only you, who’s been online. Under Authentication Logs, be sure to enable the “Advanced” view.

Also, you can manage which sessions are currently active on your account, and revoke any session that is no longer needed, or suspicious, under Session Management.

Take control of your privacy

Sometimes, hackers, or even advertisers, use sneaky tricks in email to pierce through your privacy. One common technique: tracking cookies can be embedded in images in your emails.

Sometimes these trackers are even embedded in images as small as one pixel, providing no value to you whatsoever.

Make sure ProtonMail only loads images and other remote content if, and only if, you request it. Under Account->Email Content, make sure “Load remote content” and “Load embedded images” are both set to “Manual.”

Caveats?

ProtonMail seems like the perfect solution for those who want to get started with end-to-end encryption over email without going down the rabbit hole when mastering PGP’s nuances. The ProtonMail team is diligent, attentive and responsive to surfaced vulnerabilities from the larger infosec community— an admirable quality everyone should look for when choosing a product. That said, let’s look at the caveats (and also let’s take the opportunity to readily acknowledge that every single product has its fair share of them!).

The backdoor spectre

ProtonMail is primarily accessed from its web interface. This means that every cryptographic calculation is handled in your browser, using code delivered from ProtonMail’s servers directly to you, each time you log in. In addition to trusting ProtonMail’s code, the security of your browser, and other factors, this also requires a strong amount of trust in ProtonMail as a company.

Security researchers have long pondered the possibility [PDF] that a company offering a web-based client doing in-browser crypto could be silently, but legally, compelled to deliver a backdoored version of their code to users specifically targeted by a FISA court order, or something similar. It’s happened to users of other services before; one might call it “getting Lavabitten.” 

As a trainer, it’s wise to bring this scenario up due to the menagerie of threats high risk ProtonMail users like journalists might one day face. So, if that’s something you’re particularly worried about, learn to use PGP with a desktop client like GPGTools, Thunderbird with the Enigmail plugin, or GPG4Win.

Default key size doesn’t offer the highest security

After you take off the tin-foil hat, there are other small ways that could make great improvements to ProtonMail’s overall security perks. As mentioned before, new users’ default keys are 2048-bit, in order to support less capable browsers and mobile devices which might choke on a larger key. While this can be easily mitigated by setting up a new key, or importing one generated elsewhere, it would be great if this were more transparent to new users.

Some workflows might encourage risky user behavior

Encrypt for non-ProtonMail users password dialogWhat happens if you want to send an end-to-end encrypted email to someone who doesn’t have a PGP key at all? Designing a proper workflow for encrypting messages to users who have no public key is a well-recognized challenge in security engineering. What ProtonMail (and a growing number of competing E2EE email services) does to address this is allow you to encrypt an email to your contact using a password that you are responsible for somehow sharing securely.

The email that lands in your contact’s inbox is, rather than the original content of the email, a branded notification saying something to the effect of “Click this link to view your message!!!” Your contact is then instructed to click through to a ProtonMail portal where they can view the original decrypted message after typing in your shared secret.

Screenshot of a one-way encrypted ProtonMail message to non-ProtonMail users.

In the digital security training space, trainers work very hard to teach people to identify this as phishing behavior. It’s disheartening to see this UX pattern leveraged across so many services because that undermines the advice most likely to keep at-risk users safe.

But hey, what are you gonna do? This is still a hugely convenient feature— imagine being able to send personal details like passport numbers to a travel agent who was willing to go a tiny step further to protect your information, but not far enough to use PGP? It’s a classic example of the security and usability trade-offs companies must make. And remember, context is everything— always be wary of unsolicited emails enticing you to click through; and when in doubt, ring someone up on the phone and have them confirm that they meant to send it!

No support for hardware-token based 2FA

Finally, while ProtonMail admirably offers two-factor authentication, they don’t yet support its most secure method— using a hardware-based token like a Yubikey.  As we recently saw in Amnesty International’s world-rocking report, sophisticated spearphishing campaigns have been successfully waged against users who even use SMS, or an app (the “software token”) as their second factor. Frightening stuff! ProtonMail (and other awesome services) should make it their priority to support hardware token-based 2FA in 2019.

Critiques aside, ProtonMail is an excellent choice for bootstrapping PGP-curious users onto more secure communications, and improvements they’ve already implemented to their product further demonstrate its promise.

Photo by Thomas Jundt. CC BY-NC 2.0.