Why should you trust ProtonMail?

Illustration of why ProtonMail is trustworthy

This is a challenging question to answer, but it is also a fair one, so we wanted to share our views about this in a blog post. In general, we strive to make our service require as little trust as possible. We encrypt data in a way that does not allow us to decrypt it, we collect as little information as possible during user registration, and we accept Bitcoin and cash payments. We take these steps because it protects our users’ data and reduces the chance of any data being exposed. That being said, there is always going to be a certain level of trust required, even though we are an encrypted email service.

We should also state the fact that there is no such thing as 100% security or 100% trust because security is the sum of many parts. For example, are you sure an attacker has not placed a backdoor in your operating system and browser and is not secretly saving your keystrokes? Can you trust the integrity of your phone or computer hardware? Comprehensive security requires more than just trusting ProtonMail, as there are also a wide range of threats we can’t protect you against (like a compromise on your device). With all this in mind, here are our thoughts on why ProtonMail is worthy of your trust.

Why is ProtonMail trustworthy

The question of trust relies heavily on people. This is true even when it comes to software, since at the end of the day, code is written by people. From this perspective, we can analyze trust from a couple angles.

Transparency

As a company, we are committed to the highest levels of transparency so you know exactly who you are trusting. Our key employees and their backgrounds are public knowledge. Where we are based, the address of our headquarters, our company statutes, and even our directors are all a matter of public record and available for inspection at the Swiss commercial register. ProtonMail’s initial financing through crowdfunding is also publicly documented, along with the identities of many of our initial 10,000 financial backers. But we go even further than that. We also meticulously document and publish information on all the law enforcement requests that we receive.

Transparency also extends to our communications. We have a published threat model for our services that explains what we can and can’t protect against, and also a very clear privacy policy. Furthermore, important updates are regularly posted on our blog and disseminated to the Proton community. We also engage in daily conversations with the Proton community on Reddit, Twitter, and other platforms.

Additionally, we have also made open source significant pieces of our code base, and we have committed to open sourcing all of our client-side software. In other words, you know who runs the company, where we run it from, how we run it, what data we have, how we interact with law enforcement, and much more. We have maintained this level of transparency even as Proton has grown.

Business model

Proton has only one business: privacy. Proton also derives almost all of its income from a single source, and that is our user community. Thus, even if you take the most cynical view, from a purely self-interested financial standpoint, the Proton team has no incentive to betray user privacy and trust. Doing so would instantly destroy the company and community that we have dedicated our lives to building. In this sense, our interests and our community’s interests are fully aligned, and all of our incentives (financial or otherwise) drive us toward protecting user privacy.

Competence

An essential aspect of evaluating the trustworthiness of a service is to ask whether the people building the software are competent enough to do their jobs properly. This is important because most software compromises and vulnerabilities are caused by mistakes. While there is no conclusive way to prove competence, there are a number of factors that can be considered.

Since 2016, ProtonMail has maintained OpenPGPjs, which is used by hundreds of projects and millions of users. It is one of the world’s most widely used open source encryption libraries. We also maintain GopenPGP, which is an easy-to-use golang PGP library. The fact that hundreds of people have checked our work and actively use it in their own work is one indication that we know what we are doing.

We also have a long history of successfully implementing sophisticated cryptosystems. We have deployed strong authentication in ProtonMail and prevented man-in-the-middle attacks with advanced features such as Address Verification, based off of our knowledge of the field we work in. This technical expertise has allowed us to keep ProtonMail reliable and secure over many years.

This, in turn, has led to Proton being trusted by many users with sensitive security needs, including investigative journalists, government officials, businesses large and small, and tens of millions of people globally. 

Vetted by trusted third parties

While transparency and competence form a strong foundation for trust, you don’t have to take our word for it. We routinely subject our work to external security audits and peer review, and we routinely publish audit results.

Furthermore, as the recipient of innovation grants from the Swiss government and the European Union, Proton Technologies has been thoroughly checked and vetted by the European Commission. (These grants do not give any control to the grant agencies, nor obligate us in any way. Learn more here.) Proton has also partnered with Mozilla (the makers of the Firefox browser) who has thoroughly checked ProtonVPN. The fact that trusted third parties have assessed both ProtonMail and ProtonVPN provides a further guarantee that we live up to our word.

Legal guarantees

Proton is based in Switzerland, a country with strong privacy protections, and outside of the 14 eyes surveillance network. Under Swiss law, we are only permitted to reveal user data if served with a binding legal order from the Swiss government. This means we are prohibited from sharing your data with anybody else, even if a foreign government asks us for it. Sharing data without a legal order is a criminal offense under Article 271 of the Swiss Criminal Code.

Because we also have offices in the EU and serve EU users, we are obligated to comply with the EU’s General Data Protection Regulation (GDPR). Under the GDPR, breaching user privacy can lead to fines of up to €20 million. This legal accountability also ensures that we respect user privacy and adhere strictly to our advertised privacy policy.

Track record

ProtonMail has been under the glare of public scrutiny from the very beginning, and our story is a matter of public record. ProtonMail’s creation by scientists who met at CERN (the European Organization for Nuclear Research) is well documented, including on the CERN website. The scientific background of our leadership team can be easily verified by looking at our academic careers and scientific publications.

We don’t simply talk about privacy; we have taken action time and time again. Some examples of this include:

Through the course of this work, many people have had the chance to meet us, get to know us, and confirm what we stand for.

Our commitment

As a company, we care deeply about our users and making the world a better place. For us, privacy and security are deeply held core beliefs that come before profits, and this drives our engagement with our community.

We are also grateful for your support. Proton’s mission is to make privacy accessible to all of the world’s citizens, and your continued support makes this mission possible. Together, we are a community of tens of millions who all share the same vision of a better Internet.

We know that trust is not given, but it must be earned, and we are committed to doing what is right to be worthy of your trust.

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

About the Author

Andy Yen

Andy is the Founder and CEO of ProtonMail. Originally from Taiwan, he is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and received his PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

12 comments on “Why should you trust ProtonMail?

  • Hi,
    Good article, just one thing I would mention here in order for you to be able to say that you are really secure in case of phishing attack security, support for U2F like yubikey that is sth essential to have in order to say “my service is really secure against phishing attacks”
    Regards

    Reply
    • U2F support is planned but we don’t have a release date yet as it requires us to make some changes to the domains that we use. Thank you for your patience!

      Reply
  • I have been using Proton email and vpn on all my devices for months.
    I have yet to experience any intrusions to my account or privacy.
    Furthermore, i experience little to no spam or useless, unwanted emails
    On another note if you are using another more popularly used email; I would suggest performing your own research on the lack of security trust in other more notably known email providers. Perform research of your own on your former and current email provider. (Keyword search provider name+databreach, security breach, user data compromised). You might be very surprised by whom you are already trusting.
    Regards,
    Jeff Statts

    Reply
  • I am not attacking protonmail but why does protonmail require to use google capitcha when signing up. Either you’re 100% anti google or you’re not, there are other capitcha out there.

    Reply
    • Hi Mike, unfortunately this is a necessary evil. We use captcha to prevent spammers from obtaining a large number of accounts and causing ProtonMail to get blocked by other email providers.

      Reply
  • I have two questions:

    1. Why contact name and contact email address (in web client) are not encrypted? Are they available for investigators in case of court order?
    2. Why ProtonMail is not open source yet? Is there somethink you try to hide? I believe closed source applications are not more secure than open sources one. There are milion exploits for closed source software.

    Reply
    • Thank you for your questions!

      1. Contact name and email addresses are encrypted but not end-to-end encrypted because sender and recipient details are needed to route the emails. Message contents between ProtonMail accounts are end-to-end encrypted by default. Metadata would be available to investigators if we were compelled to turn it over by a valid order from a Swiss court.

      2. We agree with your opinion about closed source software. The ProtonMail web app is already open source, and the apps will be open source soon.

      Reply
  • In Switzerland, you’re just dependent on the government. Data protection and privacy are being further and further curtailed and developed into a surveillance state.
    Why don’t you move to another country or expand to a decentralized infrastructure?

    Reply
    • Unless you operate your data center in international waters, you’ll always be subject to some jurisdiction. Switzerland’s privacy laws provide many benefits, along with a number of other benefits of being based here, such as infrastructure and a talented workforce. Additionally, we retain as little user data as possible, such that we cannot turn over message contents and no personal information is needed to create an account.

      Reply
  • LOVE PRTON MAIL. Though I have no idea how private it is, because I’m not computer savvy, but I trust MANY reviews out there. Thank you for this excellent product. WaY OFF topic, but is there any way you can create some sort of secure secret folder (hidden with a password or something 2fa; I wish it could be invisible. but IF ANYONE got on our computers they wouldn’t be able to see, said folder, with proton mail addresses, tucked safely within. I know I’m grasping at straws here, but I just thought it would be an AMAZING feature.. Definitely, the best email service I have ever used and ever will for the foreseeable future! thanks again/

    Reply
  • How do I find suppport for a problem that is not listed in your automatic answer format? When I print the font is too large. hOW CAN i REDUCE THE SIZE OF THE FONT print to a sizeJoe 12 but maintain the font size of the email display?

    Reply
    • Hi Joe, unfortunately there’s no way to edit the font size within the ProtonMail app before printing. An alternative would be to copy and paste the contents of your email into another application such as Word, editing the font size, and printing from there.

      Reply