An illustration of ProtonMail's code being examined.

The new ProtonMail has passed its independent security audit

July 5th, 2021 in Security

At ProtonMail, we believe everyone should be in control of their personal data. A critical component of controlling your data is having the ability to make informed decisions about who you entrust with your data and how it is secured. Most companies rely on security through obscurity and do not share their code, making it …

An illustration of ProtonMail's public keys.

Proton is secure against batch GCD attacks

October 23rd, 2020 in Security

This summer, we conducted a security audit to determine whether Proton is susceptible to an attack against public key cryptography, known as a batch GCD attack. As a result of our analysis, we can confirm that none of our users is vulnerable to this attack. The attack exploits faulty sources of randomness when it comes …

Illustration of cloud storage

Centralized vs peer-to-peer (P2P) file storage

October 8th, 2020 in Security

In 2017, hackers stole the private financial records of some 156 million people from servers belonging to Equifax, while the 2018 Facebook-Cambridge Analytica scandal revealed how personal data belonging to up to 87 million Facebook users was harvested without their consent. A litany of high-profile data breaches has led to a growth of interest in …

An illustration of an encrypted flash drive.

How to secure data on your external hard drives and USB peripherals

September 8th, 2020 in Security

USB peripherals (commonly known as “flash drives”), memory cards, and external hard drives all make backing up and sharing your data simple. And they are becoming more critical as modern-day schooling, work, and life are increasingly awash in data. But what happens if you lose or misplace one of these devices? In many cases, the …

Temporary TLS certificate update for September 2020

September 4th, 2020 in Security

UPDATE Sept. 15, 2020: SwissSign has dealt with the DDoS attack and has taken measures to prevent similar outages in the future. Therefore, we are using them again as our certificate authority. We have updated the fingerprints at the bottom of this article. Proton has recently begun using Let’s Encrypt instead of SwissSign as the …

ProtonDrive

The Proton Drive security model

August 31st, 2020 in Encryption, Security

This article documents Proton Drive’s security model by showing how it uses end-to-end encryption to protect your sensitive data. While somewhat technical, this document is meant to be accessible to a general audience and attempts to explain how Proton Drive works in plain language. Proton Drive is in the final stages of development before our …

An illustration of a TLS certificate.

What is a TLS/SSL certificate, and how does it work?

June 11th, 2020 in Security

Whenever you send or receive information on the Internet, it passes through a network of multiple computers to reach the destination. Historically, any of these computers could read your data, because it was not encrypted. Much of this data is quite sensitive — and valuable to hackers. It can include private communications that are not end-to-end …

illustration of ProtonMail Android client security

ProtonMail Android client security

April 23rd, 2020 in Security

The following article presents a high-level overview of ProtonMail’s Android security model and explains how the app protects users’ sensitive data. You can view our Android app’s open source code on GitHub. We also explain the importance of open source to Proton in our Android open source announcement.  For more information on what threats ProtonMail …

Illustration of the Bridge security model

The ProtonMail Bridge security model

April 15th, 2020 in Security

ProtonMail Bridge is a desktop application that runs in the background on your computer and encrypts and decrypts your mail as it enters and leaves your device. It allows for full integration of your ProtonMail account with email clients like Microsoft Outlook, Mozilla Thunderbird, and Apple Mail. This document discusses how Bridge handles sensitive information, …

Illustration of someone working from home.

Working from home: A security guide from ProtonMail’s IT security experts

March 30th, 2020 in Security

Working from home is one of the many massive societal changes that COVID-19 has forced upon the world. Millions of people are now handling sensitive work data outside their office for the first time. It can be hard enough to keep data secure in the office, where there are IT security officers to monitor the …

Illustration of vulnerability disclosure

ProtonMail’s responsible vulnerability disclosure policy

March 5th, 2020 in Security

Our mission at ProtonMail is to make online safety accessible to everyone. Millions of people depend on our products to secure their communications and keep their information private. In order to make this high level of security accessible to all Internet users, we must work to integrate ProtonMail seamlessly with third-party products, from web browsers …

An illustration of cryptojacking.

How to keep your devices safe from cryptojacking

February 19th, 2020 in Security

Cryptojacking made headlines back in 2017 when hackers hit a series of high profile websites (including several operated by the UK and Australian governments). Whenever somebody visited an infected site, the hackers were able to hijack the visitor’s computer and use its processing power to mine cryptocurrency. Unfortunately, while the media covered the attacks at …

Get your secure email account
Create Account

Proton Technologies AG

Route de la Galaise 32
1228 Plan-les-Ouates, Geneva, Switzerland

Abuse: abuse@protonmail.com
For legal/police inquiries
click here

For support inquires please visit:
protonmail.com/support