At Proton, transparency is one of our core principles. Simply put, people cannot make informed decisions without knowing how their data is secured, which is why we have made all our apps open source. This “security through transparency” approach means our apps consistently face rigorous scrutiny, and it also means that any potential vulnerabilities are …

At ProtonMail, we believe everyone should be in control of their personal data. A critical component of controlling your data is having the ability to make informed decisions about who you entrust with your data and how it is secured. Most companies rely on security through obscurity and do not share their code, making it …

This summer, we conducted a security audit to determine whether Proton is susceptible to an attack against public key cryptography, known as a batch GCD attack. As a result of our analysis, we can confirm that none of our users is vulnerable to this attack. The attack exploits faulty sources of randomness when it comes …

In 2017, hackers stole the private financial records of some 156 million people from servers belonging to Equifax, while the 2018 Facebook-Cambridge Analytica scandal revealed how personal data belonging to up to 87 million Facebook users was harvested without their consent. A litany of high-profile data breaches has led to a growth of interest in …

USB peripherals (commonly known as “flash drives”), memory cards, and external hard drives all make backing up and sharing your data simple. And they are becoming more critical as modern-day schooling, work, and life are increasingly awash in data. But what happens if you lose or misplace one of these devices? In many cases, the …

UPDATE Sept. 15, 2020: SwissSign has dealt with the DDoS attack and has taken measures to prevent similar outages in the future. Therefore, we are using them again as our certificate authority. We have updated the fingerprints at the bottom of this article. Proton has recently begun using Let’s Encrypt instead of SwissSign as the …

This article documents Proton Drive’s security model by showing how it uses end-to-end encryption to protect your sensitive data. While somewhat technical, this document is meant to be accessible to a general audience and attempts to explain how Proton Drive works in plain language. Proton Drive is in the final stages of development before our …

Whenever you send or receive information on the Internet, it passes through a network of multiple computers to reach the destination. Historically, any of these computers could read your data, because it was not encrypted. Much of this data is quite sensitive — and valuable to hackers. It can include private communications that are not end-to-end …

The following article presents a high-level overview of ProtonMail’s Android security model and explains how the app protects users’ sensitive data. You can view our Android app’s open source code on GitHub. We also explain the importance of open source to Proton in our Android open source announcement.  For more information on what threats ProtonMail …

ProtonMail Bridge is a desktop application that runs in the background on your computer and encrypts and decrypts your mail as it enters and leaves your device. It allows for full integration of your ProtonMail account with email clients like Microsoft Outlook, Mozilla Thunderbird, and Apple Mail. This document discusses how Bridge handles sensitive information, …

Working from home is one of the many massive societal changes that COVID-19 has forced upon the world. Millions of people are now handling sensitive work data outside their office for the first time. It can be hard enough to keep data secure in the office, where there are IT security officers to monitor the …

Our mission at ProtonMail is to make online safety accessible to everyone. Millions of people depend on our products to secure their communications and keep their information private. In order to make this high level of security accessible to all Internet users, we must work to integrate ProtonMail seamlessly with third-party products, from web browsers …