End-to-end email encryption by ProtonMail

My review of ProtonMail email service

Posted by Sami Tikka on September 28, 2015

Lots of people who care about the implications of increasing amount of customer profiling and surveillance have been inventing better ways to fight back against the trend. It’s not enough to protect access to your email by criminals. Email providers are scanning your emails to build a better profile of you for targeted advertising and intelligence agencies are feeding straight from internet backbone to build massive databases of internet users.

ProtonMail is a new Swiss email service with special focus on email security. I got invited to the service and decided to make a quick review of the techniques they are using to protect users’ online privacy.

Encrypted email done right

ProtonMail’s most prominent feature is it’s heavy use of encryption, so that even the service operators don’t have access to customers’ email. Emails are encrypted on the server, and only user’s passphrase can be used to unlock them.

So, what happens when user logs in? According to ProtonMail, “First password is used to authenticate the user and retrieve the correct account. After that, encrypted data is sent to the user. The second password is a decryption password which is never sent to ProtonMail. It is used to decrypt data on user’s device so ProtonMail does not have access to the decrypted data, or the decryption password.”

End-to-end encryption explained

Messages between two ProtonMail users are end-to-end encrypted via PGP by encrypting the message with recipient’s public key. The message is then decrypted client-side with his/her private key. Private key is stored in the server, but it’s encrypted with users passphrase, so it’s not possible for anyone else to read the message.

ProtonMail also offers a way to send encrypted messages to non-ProtonMail users. They are encrypted using symmetrical key, which then has to be communicated to the recipient some way. Recipient can then open them in the browser with the key.

If you don’t want to send encrypted message, emails can be sent “normally”. Then only the message transit is then protected by TLS connection.

Other security features

  • Anonymity: “No email or phone number required to create your account. No IP logs which can be tied to your username. We respect your right to privacy.”
  • Swiss law provides additional protection, it is not affected by EU or US legislation: “some of the strongest privacy protection in the world for both individuals and entities”
  • Self Destructing Messages: “You can set an optional expiration time on ProtonMail’s encrypted emails, so they will be automatically deleted from the recipient’s inbox once they have expired. This works for both emails sent to other ProtonMail users, and encrypted emails sent to outside email addresses.”

All security features are detailed here: https://protonmail.ch/security-details

What is encrypted?

ProtonMail encrypts email content and attachments. Headers and rest of the metadata like subject is not encrypted. According to ProtonMail, this is because they want to maintain compatibility with OpenPGP standard, and allow for clear text searches of subject lines and recipients. https://support.protonmail.ch/knowledge-base/does-protonmail-encrypt-email-subjects/

Technologies used

  • Backend (or atleast parts of it) is written with PHP, revealed by message headers.
  • Browser client seems to be using AngularJS.
  • Encrypting/decrypting is done in the browser with OpenPGP.js.
  • They have built an internal API, that is used to fetch the encrypted messages.
  • Messages are sent with Postfix, SpamAssassin is used to catch spam.

TLS scan

I ran quick TLS scans for the website and email servers. These guys know what they’re doing: main site protonmail.ch gets A+ from SSL Server Test. There’s still room for improvement, TLS configuration is missing Public Key Pinning (HPKP) and OCSP stapling. This puts the service on level 4 on TLS Maturity Model.

Email server scan reveals only one weak cipher.

Future

ProtonMail was funded during summer of 2015 with Indiegogo crowdfunding campaign. They well exceeded their original fund raising goal. Their original plan details support for custom email domains and mobile applications, so expect those to arrive in the near future. So far they are providing only web UI, IMAP/POP access is not viable because of the techniques used for encryption.

There’s 500MB of storage space for messages, but hopefully that’ll increase also when they scale up their infrastructure. Ability to import email from existing providers is also a highly requested feature.

Verdict

So far, I’m happy with the experience. Basic emailing works nicely. The lack of IMAP/POP access is not a problem; browser UI is very usable, though a bit spartan. There’s definitely room for more visually pleasing experience. The UI is functional and very usable, which has been one of their primary plans for the service. The security offering is definitely an improvement over the standard Gmail/Hotmail/Yahoo and this kind of email service is definitely recommended for businesses and individuals looking for increased privacy.