ProtonMail

Protonmail
Securing Privacy Rights for Everyone
Web address	protonmail.ch
Slogan	Encrypted email, made simple
Commercial?	Yes
Type of site	Webmail
Registration	Required
Available in	English
Users	250,000 (August 2014)[1]
Written in	PHP and Javascript
Created by	Andy Yen, Jason Stockman, Wei Sun
Alexa rank	40,558 (February 2015)[2]
Current status	Active

ProtonMail is a free web-based encrypted email service founded in 2013 at the CERN research facility by Jason Stockman, Andy Yen, and Wei Sun.^[3][4] ProtonMail is designed as a zero knowledge system, using client-side encryption to protect emails and user data before they are sent to ProtonMail servers, in contrast to other common webmail services such as Gmail and Hotmail. ProtonMail servers are located in Switzerland, outside of US and EU jurisdiction.^[5] The service received initial funding through a crowdfunding campaign, and will be sustained long-term by multi-tiered pricing, although the default account setup is free.

ProtonMail has approximately 250,000 users as of August, 2014.^[6]

Features

ProtonMail accounts use two user passwords. The first of these -- the Login Password ^[7] -- authenticates the user into the ProtonMail system. The second -- the Mailbox Password ^[7] -- is used to decrypt the user's electronic mailbox. This decryption takes place client-side in a web browser. The second password is known only to the user; as ProtonMail's servers hold the user's data in encrypted form, password recovery is not possible nor can ProtonMail decrypt user messages under a court order.^[8]

Similar to Snapchat, ProtonMail also includes a message expiration feature: messages can optionally self-destruct from the ProtonMail system after a period of time.

Design

Distribution of ProtonMail servers in Switzerland.

Security

ProtonMail uses a combination of public-key cryptography and symmetric encryption protocols to offer end-to-end encryption. When a user creates a ProtonMail account, their browser generates a pair of public and private RSA keys. The public key is used to encrypt the user's emails and other user data. The private key, which is capable of decrypting the user's data, is symmetrically encrypted with the user's mailbox password in the user's web browser using AES-256. The public key and the encrypted private key are then both stored on ProtonMail servers. Thus, ProtonMail only stores decryption keys in their encrypted form, so ProtonMail developers are unable to retrieve user messages.^[9]

Messages sent from one ProtonMail account to another ProtonMail account are encrypted with the public mailbox key of the recipient. When the recipient logs in, their Mailbox Password decrypts their private key, revealing their Inbox. Messages sent from ProtonMail to non-ProtonMail email addresses may be sent with or without encryption, depending on the sender's choice. Without encryption, the emails will be sent in clear text. With encryption, the message is encrypted with AES under a shared password, distributed in advance between the two parties. The non-ProtonMail recipient receives a link which takes them to the ProtonMail website. Once the pre-shared password is supplied, the email is decrypted in the web browser.^[9] Emails from non-ProtonMail address to ProtonMail are sent in clear text.

Attacks

A video demonstrating a cross-site scripting attack was shown in July 2014.^[10] The ProtonMail developers reviewed the video and confirmed that the issue only affected an early development version of ProtonMail that was released in May 2014, and the attack did not affect the current version.^[11]

Server architecture

Architecture of a ProtonMail datacenter.

ProtonMail administrators maintain and own their own server hardware and network to avoid trusting a third party. In response to overwhelmed servers, in mid-2014 ProtonMail founders began expanding server architecture.^[12] The service is currently powered by two redundant datacenters in central and western Switzerland. Each datacenter uses load balancing across web, mail, and SQL servers, redundant power supply, hard drives with full disk encryption, and exclusive use of Linux and other open-source software.^[13] ProtonMail also joined the RIPE NCC in an effort to have more direct control over the surrounding Internet infrastructure.^[14]

Transport Layer Security (TLS) is used to secure and encrypt all Internet traffic between users and ProtonMail servers. A whitepaper and source-code are coming soon, according to the developers.^[9][15] Protonmail.ch holds an "A" rating from Qualys SSL Labs.^[16]

Interface

ProtonMail uses a web-based interface, similar to Gmail. Users also have the ability to set expiration dates for emails and encryption passwords for outgoing emails to non-ProtonMail users.^[8]

History

ProtonMail was created in response to the 2013 disclosure of global surveillance and interception of email by the NSA, and is inspired by Gmail, Lavabit, and Snapchat.

Funding

On June 17, 2014, ProtonMail started a crowdfunding campaign on Indiegogo with the goal of raising $100,000 USD. On June 30, 2014, the PayPal account of ProtonMail was frozen, preventing the withdrawal of $251,721 worth of donations in the account. A representative of PayPal stated that the company froze the account over the doubts of the legality of the encryption, statements that were unfounded.^[17][18] The restrictions were lifted the following day.^[19] The campaign ended on July 31, 2014 with a total of $550,377 raised from 10,576 donors.^[20]

On March 18, 2015, ProtonMail received $2 million USD from Charles River Ventures and the Fondation Genevoise pour l’Innovation Technologique. The ProtonMail developers plan on using the funding to expand their infrastructure, grow their team, and open new offices.^[21]

See also

• Comparison of webmail providers
• Comparison of mail servers

External links

• Official website
• Official blog

References