Last Friday, a weaponized version of a NSA exploit was used to infect over three hundred thousand computers in over 150 countries with the WannaCry ransomware. In addition to government ministries and transportation infrastructure, the British National Health Service (NHS) was crippled, disrupting treatment and care for thousands of patients, and putting countless lives at …

A typical way of getting hacked is falling for a phishing attack. In fact, most of the large data breaches in recent years have been due to phishing.   The number of phishing attacks is increasing because they are both easy to execute and highly effective. Even if the eventual goal of an attacker is an …

As the world’s largest encrypted email provider, people have frequently asked us what is the best VPN service. In this article, we discuss what to be aware of when choosing a VPN service, and our recommended VPN security requirements. What is a VPN? A Virtual Private Network (VPN) is a tool to secure your internet …

Confirming what was long suspected by the security community, Yahoo today confirmed a massive breach of over 500 million email accounts, including both credentials and security questions. This is a major security incident that also has consequences for certain ProtonMail users so we are putting out this important security advisory. At the time of writing, …

ProtonMail is not vulnerable to the recently announced Linux TCP Vulnerability Earlier this week, a rather serious Linux TCP Vulnerability was disclosed (CVE-2016-5696) by security researchers in the US. As a result, ProtonMail’s security team did an analysis of this bug to see if it compromises the integrity of ProtonMail’s encrypted email service. Our analysis …

To ensure the security of ProtonMail’s secure email service, we are looking for more back-end security auditors. At ProtonMail, our internal security team has always worked closely with our user community to ensure the security of our secure email service. ProtonMail’s strong security is partially due to the dozens of security contributors who have audited …

On January 20th, 2016, ProtonMail will be updating the SSL certificate for protonmail.com. With this update, we will also be changing our Certificate Authority to QuoVadis Trustlink Schweiz AG. Along with the change in SSL certificate, we will also be moving the ProtonMail secure email service to a dedicated subdomain, mail.protonmail.com. We have also released …

For 2016, we are looking forward to another year of progress towards building easy-to-use secure email. Today, we are publishing our first security roadmap. Over the course of 2015, we have taken several big steps towards making ProtonMail the easiest to use secure email service. Some highlights of 2015 include the release of ProtonMail 2.0, …

Last month, secure email came under DDoS attack, this is how we added DDoS protection to ProtonMail.   Dec 16, 2015 Update: After we publicly posted the data at the end of this post, the attackers swiftly retaliated with a 59 Gbps attack. We were able to successfully mitigate with help from Radware. We knew …

At ProtonMail, our goal is to build the world’s most secure email service. In order to do this, community participation in securing ProtonMail is essential, and that is the spirit behind our bug bounty program. By getting security issues reported and fixed, we can better protect the millions around the world that use ProtonMail for …

This a guest blog post by Mazin Ahmed, an external security expert who has helped test and audit ProtonMail. We hope it will educate our readers about web security. HTTP Strict Transport Security (HSTS) is a web security policy that is made to protect secure HTTPS websites against downgrade attacks that is used to perform …

Last week, we underwent the process of fortifying our SSL certificates. As part of our effort to provide the highest level of security and privacy to our users, we have upgraded every single certificate that we use. The new SSL certificates have several marked improvements over the previous ones. All certificates now use the highest …