An illustration of ProtonMail's public keys.

Proton is secure against batch GCD attacks

October 23rd, 2020 in Security

This summer, we conducted a security audit to determine whether Proton is susceptible to an attack against public key cryptography, known as a batch GCD attack. As a result of our analysis, we can confirm that none of our users is vulnerable to this attack. The attack exploits faulty sources of randomness when it comes …

Illustration of cloud storage

Centralized vs peer-to-peer (P2P) file storage

October 8th, 2020 in Security

In 2017, hackers stole the private financial records of some 156 million people from servers belonging to Equifax, while the 2018 Facebook-Cambridge Analytica scandal revealed how personal data belonging to up to 87 million Facebook users was harvested without their consent. A litany of high-profile data breaches has led to a growth of interest in …

An illustration of an encrypted flash drive.

How to secure data on your external hard drives and USB peripherals

September 8th, 2020 in Security

USB peripherals (commonly known as “flash drives”), memory cards, and external hard drives all make backing up and sharing your data simple. And they are becoming more critical as modern-day schooling, work, and life are increasingly awash in data. But what happens if you lose or misplace one of these devices? In many cases, the …

Temporary TLS certificate update for September 2020

September 4th, 2020 in Security

UPDATE Sept. 15, 2020: SwissSign has dealt with the DDoS attack and has taken measures to prevent similar outages in the future. Therefore, we are using them again as our certificate authority. We have updated the fingerprints at the bottom of this article. Proton has recently begun using Let’s Encrypt instead of SwissSign as the …

ProtonDrive

The ProtonDrive security model

August 31st, 2020 in Encryption, Security

This article documents ProtonDrive’s security model by showing how it uses end-to-end encryption to protect your sensitive data. While somewhat technical, this document is meant to be accessible to a general audience and attempts to explain how ProtonDrive works in plain language. ProtonDrive is in the final stages of development before our beta launch later …

An illustration of a TLS certificate.

What is a TLS/SSL certificate, and how does it work?

June 11th, 2020 in Security

Whenever you send or receive information on the Internet, it passes through a network of multiple computers to reach the destination. Historically, any of these computers could read your data, because it was not encrypted. Much of this data is quite sensitive — and valuable to hackers. It can include private communications that are not end-to-end …

illustration of ProtonMail Android client security

ProtonMail Android client security

April 23rd, 2020 in Security

The following article presents a high-level overview of ProtonMail’s Android security model and explains how the app protects users’ sensitive data. You can view our Android app’s open source code on GitHub. We also explain the importance of open source to Proton in our Android open source announcement.  For more information on what threats ProtonMail …

Illustration of the Bridge security model

The ProtonMail Bridge security model

April 15th, 2020 in Security

ProtonMail Bridge is a desktop application that runs in the background on your computer and encrypts and decrypts your mail as it enters and leaves your device. It allows for full integration of your ProtonMail account with email clients like Microsoft Outlook, Mozilla Thunderbird, and Apple Mail. This document discusses how Bridge handles sensitive information, …

Illustration of someone working from home.

Working from home: A security guide from ProtonMail’s IT security experts

March 30th, 2020 in Security

Working from home is one of the many massive societal changes that COVID-19 has forced upon the world. Millions of people are now handling sensitive work data outside their office for the first time. It can be hard enough to keep data secure in the office, where there are IT security officers to monitor the …

Illustration of vulnerability disclosure

ProtonMail’s responsible vulnerability disclosure policy

March 5th, 2020 in Security

Our mission at ProtonMail is to make online safety accessible to everyone. Millions of people depend on our products to secure their communications and keep their information private. In order to make this high level of security accessible to all Internet users, we must work to integrate ProtonMail seamlessly with third-party products, from web browsers …

An illustration of cryptojacking.

How to keep your devices safe from cryptojacking

February 19th, 2020 in Security

Cryptojacking made headlines back in 2017 when hackers hit a series of high profile websites (including several operated by the UK and Australian governments). Whenever somebody visited an infected site, the hackers were able to hijack the visitor’s computer and use its processing power to mine cryptocurrency. Unfortunately, while the media covered the attacks at …

illustration of biometric authentication

The pros and cons of biometric authentication

January 27th, 2020 in Security

Biometric authentication is a growing part of the tech landscape — it’s in our schools, offices, airports, government buildings, and more recently, in our smartphones. Apple’s introduction of Touch ID in 2013 has paved the way for fingerprint-, face-, and iris-recognition technology to leave the almost exclusive domain of law enforcement and emerge into the …

Get your secure email account
Create Account

Proton Technologies AG

Route de la Galaise 32
1228 Plan-les-Ouates, Geneva, Switzerland

For support inquiries, please visit
protonmail.com/support