We are one step closer to fully open sourcing all our apps. ProtonMail Bridge joins iOS and the web app as open source software, and it has also passed an independent security audit.
Trust and transparency are core values of ProtonMail. We want you to know who is on our team and how we protect your privacy. Similarly, we want you to be able to see the code that makes up our apps and keeps your data safe. That’s why we have prioritized making all our apps open source.
You can view the code for ProtonMail Bridge for macOS, Windows, and Linux on our GitHub page.
Why open source matters
Our effort to open source all Proton apps began in 2015 with our ProtonMail web app, followed by our iOS app. Earlier this year, we open sourced all of the ProtonVPN apps. And most recently, we published the code for our Android app, which means all Proton apps that are out of beta are open source.
ProtonMail Bridge is a desktop application that allows you to fully integrate your ProtonMail account with any IMAP and SMTP email client, including Outlook, Thunderbird, or Apple Mail. Open sourcing the code lets anyone verify how the encryption process takes place through Bridge as the emails are transferred between your ProtonMail account and your desktop email app.
Security experts can now examine the Bridge code and submit any findings via our bug bounty program. By leveraging the entire IT security community, we are making it more likely that potential vulnerabilities are quickly discovered and fixed.
A better Internet is possible with open source
Open sourcing all our apps is the culmination of our development approach.
We have long been an active member and supporter of the open source community. We contributed to the development of the open source VPN protocol WireGuard, and we maintain two of the largest cryptographic libraries on the Internet, OpenPGPjs and GopenPGP.
Because Proton is rooted in scientific rigor, transparency, and peer review, we believe in the open source ethos of showing your work. Users can verify our code and see how it works at any time. This leads to more secure and reliable digital products that integrate feedback from all our users and impact our whole community.
In the same spirit of transparency, we have contracted the information security firm SEC Consult to conduct an independent security audit, and we are publishing their full report here.
You can also read our article describing the Bridge security model. Raw code is only useful if you know how to read it. Providing this technical documentation helps more people understand the security features of Bridge.
Thank you for your support
All of this is possible because of our community. You allow us to continue prioritizing open source projects and furthering the Proton mission to build a safer Internet.
Make sure to check our blog and follow us on social media for more product updates.
You can get a free secure email account from ProtonMail here.
We also provide a free VPN service to protect your privacy.
Feel free to share your feedback and questions with us via our official social media channels on Twitter and Reddit. Note that while blog comments also remain open, questions and feedback will not be responded to individually. Where relevant, we will incorporate the most frequently asked questions or comments into a blog update.