Response to analysis of ProtonMail’s cryptographic architecture

January 20th, 2019 in Security

Recently, a self-published paper that was not peer reviewed claimed weaknesses in ProtonMail’s cryptographic architecture. The document is rather dense, and the casual reader is unlikely to be able to understand much beyond the alarming conclusion that there are allegedly “serious shortcomings in ProtonMail’s cryptographic architecture.” Below, we analyze these sensational claims one by one, …

protonmail-email-security-best-practices

Email security best practices your team should be following right now

December 13th, 2018 in Security

The single biggest threat to your business’s online security is malicious emails. As owners and managers, it’s up to you to require email security best practices among your employees and institute a security-minded culture within your organization.   Contrary to popular myth, the most effective hacking techniques require almost no technical skill. A hacker only …

protonmail-internet-privacy-guide

A complete guide to Internet privacy

December 6th, 2018 in Privacy, Security

Not everyone needs the same level of Internet privacy. This guide will help you determine your threat model and take steps to achieve online privacy that meets your needs. Total Internet privacy is impossible, and any service that claims to offer it is lying. But anyone can increase their Internet privacy by adjusting their online …

Privacy vs. security: Why the widespread use of encryption is essential to national security

November 2nd, 2018 in Privacy, Security

Law enforcement officials continue to lobby against encryption, saying it makes catching criminals and preventing terrorism more difficult. But they’re getting the ‘privacy vs. security’ debate fundamentally wrong. Here’s why. Four years ago, the Pew Research Center, a US think tank, asked hundreds of cybersecurity experts to weigh in on a simple question: “By 2025, …

ProtonMail’s world-class reliability is now backed by a 99.95% service level agreement (SLA)

October 18th, 2018 in Security

From the very beginning, we have put a strong engineering emphasis on system reliability and availability. Today we are announcing a service level agreement (SLA) that puts our promise to business users in writing: 99.95% uptime or better. Since we first opened to the public in 2014, ProtonMail has grown at an accelerating pace and …

The benefits of using encrypted email for HIPAA compliance

September 27th, 2018 in Security

HIPAA compliance for email means protecting your patients, securing your data against hacks, and preserving their records for years. An encrypted email solution makes it easy to comply with privacy laws without sacrificing convenience. Organizations operating in the healthcare industry are continuously under pressure to use resources as efficiently as possible. They must provide innovation …

Now you can quickly report phishing scams to ProtonMail

September 11th, 2018 in Security

We have launched a new Report Phishing feature in order to improve the security of the entire ProtonMail community. Now with the click of a button, you can send phishing scams straight to our team and help make the ProtonMail community safer. Phishing scams are among the most effective kinds of online attacks. Cyber criminals …

Introducing Address Verification and Full PGP Support

July 25th, 2018 in Articles & News, Security

Address Verification allows you to be sure you are securely communicating with the right person, while PGP support adds encrypted email interoperability. Starting with the latest release of ProtonMail on web (v3.14), iOS and Android (v1.9), and the latest versions of the ProtonMail IMAP/SMTP Bridge, ProtonMail now supports Address Verification, along with full PGP interoperability …

A brief update regarding ongoing DDoS incidents

July 18th, 2018 in Security

As few weeks back, we sent a notice to the ProtonMail community regarding the DDoS attacks that we have been facing. Today we would like to provide a brief update of the situation. Starting on June 27th, ProtonMail started to be hit by sustained DDoS attacks. The attack campaign continues to this day, but there …

zero access encryption

What is zero-access encryption and why it is important for security

May 23rd, 2018 in Security

Some of your most sensitive data sit on the cloud, on the servers of Internet service providers. Zero-access encryption gives you control over your data online. Most of us would not give our private, personal information to strangers and then trust them not to leak it. But that’s essentially what we do every time we …

No, PGP is not broken, not even with the Efail vulnerabilities

May 15th, 2018 in Encryption, Security

Recently, news broke about potential vulnerabilities in PGP, dubbed Efail. However, despite reports to the contrary, PGP is not actually broken, as we will explain in this post. The vulnerability report, which came with its own website, efail.de, has attracted a lot of headlines such as the one below, along with recommendations to disable the …

protonmail-onion-ssl-certificate-IM

Our Tor encrypted email site has a new SSL certificate

March 27th, 2018 in Security

As part of our commitment to security, we maintain a Tor onion site for ProtonMail which can provide extra privacy and accessibility in countries where ProtonMail is blocked. ProtonMail is one of the only email providers that offers email access over Tor. We launched the ProtonMail onion site last year as an extra way to …

Get your secure email account
Create Account

Proton Technologies AG

Chemin du Pré-Fleuri, 3
CH-1228 Plan-les-Ouates, Genève, Switzerland

For support inquiries, please visit
protonmail.com/support

For security related discussions
security@protonmail.com