ProtonMail is a free, encrypted email service that protects your messages from hackers, government surveillance, and data breaches. Not even ProtonMail can access your emails.
To download a copy of this post as a PDF, click here.
“Unencrypted journalist-source communication is unforgivably reckless.”
— Edward Snowden, NSA whistleblower
“I’m afraid for the safety of those I talk to—especially my sources. If journalists and their sources are realizing that they can be listened to without their knowledge, freedom of the press would be emptied of its contents.”
— Guillaume Gbato, Ivorian journalist
“Since emails might be intercepted, reporters could use end-to-end encryption made possible by technologies like ProtonMail.”
Get a ProtonMail account in 2 steps:
Step 1: Go to protonmail.com/signup and select an account type.
Step 2: Create a username, password, and optional recovery email address (in case you forget your password).
Why use ProtonMail?
As a journalist, the safety of your sources might depend on your security practices.
ProtonMail can help mitigate these threats.
When you use unencrypted email like Gmail or Yahoo, attackers or government surveillance agencies can intercept and monitor your messages.
ProtonMail uses end-to-end encryption to ensure that only you and the recipient can read your messages.
Because ProtonMail is based in Switzerland, the limited user data we do have is protected by strong privacy laws.
When messages are encrypted
ProtonMail-to-ProtonMail messages are automatically protected with end-to-end encryption. That’s why we recommend that your contacts also get a free secure email account from ProtonMail.
Messages to non-ProtonMail accounts can also be end-to-end encrypted using either the encrypt-to-outside feature or taking advantage of ProtonMail’s native PGP support.
Click the lock in the composer to set a password. You’ll need to use a separate secure channel to let your recipient know what the password is.
Regardless of whom you email, all ProtonMail inboxes are protected with zero-access encryption. This prevents us from being able to decrypt your inbox or from sharing your messages with third parties, even if served with a government subpoena. It also protects the contents of your inbox in the event a hacker were to breach ProtonMail, as has happened with other email providers in the past.
Metadata (the email addresses of the sender and recipient, the timestamp, and the subject line) are also encrypted, but they do not utilize end-to-end encryption because without having access to the metadata (such as the recipient), we would not be able to deliver the messages to the correct inbox. This data could be subject to disclosure in the event of a court order, although Switzerland’s strong privacy laws make data requests highly unlikely to succeed unless a serious crime has been committed and Swiss law was broken.
Set messages to delete automatically
You can send self-destructing emails to other ProtonMail accounts (or non-ProtonMail users) by using our message expiration feature. This prevents encrypted data and metadata from being retained longer than necessary.
Click the hourglass to set an expiration time. For ProtonMail-to-ProtonMail emails, the message will be erased for both users.
Protect your sources’ sensitive information
We’re the only email provider that offers encrypted and digitally signed contacts. (This feature is available for paid accounts.) This allows you to protect sensitive contact details with zero-access encryption.
Any information you put below the purple lock will be zero-access encrypted. Only you can see it.
Full PGP support
Even if your contacts prefer to use their own PGP client, you can still send them PGP-encrypted emails from your ProtonMail account by importing their public keys. You can also receive PGP email from them by exporting your public key and sharing it with them. Learn how to use PGP in ProtonMail here.
Address Verification mitigates the threat of man-in-the-middle attacks by allowing you to trust your contacts’ public keys, saving them in your digitally signed contacts. Learn how to use Address Verification here.
Two-factor authentication helps prevent phishing attacks by requiring a second authentication test in addition to your password.
Authentication logs let you see when and from which devices your account has accessed. If you think an attacker may have gained access to your account, you can remotely log out of active sessions.
Limitations of ProtonMail
There is no such thing as 100% security, and any service that claims to do so is not being honest. ProtonMail does have certain limitations. For example, ProtonMail cannot provide protection if your device is compromised. A compromised device may be subject to keylogging, which would put all written communications at risk before they can be encrypted. We recommend that anyone concerned about keeping their device secure follow our security guide. No technology can offer absolute security, but ProtonMail does add an extra layer of protection to your messages. For a more thorough examination of the strengths and limitations of ProtonMail, see our Threat Model.
We take our commitment to protecting journalists seriously. If you have any questions or concerns about using ProtonMail as a journalist, our support team will be happy to assist you.
To download a copy of this post as a PDF, click here.
The ProtonMail Team
You can get a free secure email account from ProtonMail here.
We also provide a free VPN service to protect your privacy.