ProtonMail adds Facebook PGP integration

At ProtonMail, privacy is one of our core values. This means more than just building an email service which respects privacy. It means building an entire ecosystem around the idea of privacy being the default online. From the onset, it is clear that this is not something we can do alone. Last summer, over ten thousand of you joined us by donating to our record breaking crowdfunding campaign to get ProtonMail to where we are today.

Together, people around the world have made it clear that online privacy matters, and tech companies are taking notice. Recently, Facebook took a big step forward by supporting PGP in email communications. Today, we’re happy to announce that with ProtonMail version 2.1, we are the first email service to add seamless support for PGP encrypted Facebook emails.

This means that PGP email messages from Facebook will be automatically decrypted by ProtonMail when you open them in both the webmail and mobile apps. Previously, to use Facebook PGP, it was necessary to install PGP, generate keys, and use complicated plugins. Now, securing communications from Facebook is as simple as using your ProtonMail account. No setup and configuration needs to be done on the ProtonMail side, all that is required is importing your ProtonMail public key into Facebook. We hope to work with the Facebook security engineering team in the future to further automate this process.

The PGP support in ProtonMail 2.1 in fact extends beyond Facebook. Any PGP message sent to a ProtonMail account from any email sender, regardless of whether it is PGP/MIME or inline PGP can now be automatically decrypted. This is one of the great benefits of following open standards and this integration is possible because both ProtonMail and Facebook follow the OpenPGP standard. As this was one of the most highly requested features, we’re glad to be able to finally launch this. In the coming months, we will be extending this feature to also allow automatically sending PGP messages outside of ProtonMail.

If we truly want to have a more private and secure internet, working together will be crucial and we applaud Facebook for sticking with open standards. As OpenPGP is universal, in the future, we will also be able to integrate with countless other services. We are glad that giants like Facebook are supporting these efforts and if more companies join in, the movement to improve privacy online will be unstoppable.

Happy encrypting!
The ProtonMail Team

To get a ProtonMail account, visit this page.

You can find Facebook’s official announcement about this here.

Why should I enable PGP encrypted emails from Facebook?

Facebook notifications can actually contain a lot of sensitive private information. For example, they can contain Facebook password reset links, or details such as who has messaged you on Facebook. While it is certainly true that Facebook has this information, when a notification email is sent, anybody who intercepts your email communications can also gain access to this information (for example, your ISP, your workplace network, or a government agency). Turning on PGP encryption for notification emails from Facebook helps to reduce this risk. ProtonMail is the only email service in the world that provides automatic support for Facebook PGP emails.

About the Author

Andy Yen

Andy is the Founder and CEO of Proton, the company behind ProtonMail and ProtonVPN. He is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about our mission.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

81 comments on “ProtonMail adds Facebook PGP integration

  • Bloody well done, ProtonMail! I’m really liking how my email service is progressing – I instantly enabled this feature. On Facebook’s side, they are obviously still going to be passing on my data wholesale to the NSA, advertisers, and anyone else who can pay. But it is nice to see that my notification emails at least can’t be intercepted. Thank you!

  • An immediate reaction to this was “why would protonmail even want to have anything to do with facebook”?

    Regardless the thing that it is still secure way of communication, having the word Facebook attached to anything gives negative vibes right away. That’s the reality, I believe. And no, I don’t have a Facebook account.

    • As we mentioned in the post, there are still some privacy benefits from encrypting messages from Facebook. Because it increases user privacy, we are willing to do it.

      • To shake hands with FB is a deal that could come back to haunt you. Yes it may be a highly requested feature but ask yourselves, is it the right thing to do? FB’s commitment to open standards only proves one thing and that is that they along with the NSA, Prism and whoever else bankrolls their puppet strings see you as an up and coming threat and want to lure you in so they can eventually get their meat hooks into Protonmail. The mere notion of importing a Protonmail public key into FB is evidence of the initial steps. It may seem harmless but FB’s future propositions may not be optional and any fine print they present you will likely be irreversibly in their favor. Please tread carefully Protonmail team. You are changing the world. Be smart, seek out wise counsel, look to history for how the powers that be run their playbooks and don’t let them pull the carpet out from under you. Sincerely wishing you the very best of success.

      • In reality many people are bonded to fb. I was surprised to hear you could even send a message from inside of FB to an actual e-mail address. Better than some net communication companies, not to say any names. I will search later but it would be nice to set up an instant message service between…for example…. an ipad on the FB app with another ipad, on Proton mail App no FB.

        IMHO, it seems like a great victory for privacy but even moreso for choice. Just to be fnally told that I will be able to communicate with my gf who uses the messenger app without having to ask her to set up another communication channel, NTM all other FB users I know, would be major. I know I am not the only one in the situation either. Of course its a small great victory but in the digital world, little tiny differences can make quite an impact for many.

        I cant ask you to verify the security of the facebook end of a PM-FB conversation as the FB servers are not yours to vouch for but could you please verify that youre not opening any potential backdoors that could allow access to Protonmail? I do not expect Protonmail to be anything more than among the top of the top email providers with regards to privacy. Its not Protonmail’s job to hand out faraday blankets with subscriptions or to design the internals of whatever device every user is on. “innocent until proven guilty” goes in many directions and from what I gather, this will be great.

      • I share J’s misgivings. But I’d also like to add that a truly serious effort at email privacy (if you are really wedded to the browser) would involve an opensource downloadable add-on to use and manage keys locally.

    • I totally agree; but this does not compromise PM security or require any ties with Facebook, so I am okay with it. Not that I would use FB though…

    • I agree, I also find this disturbing for the same reason, I also found it disturbing that another “security” company namely Tresorit host their systems on Microsoft’s Azure data centers, I did trust the Tresorit Cloud Storage, but I do not trust anything that Microsoft has it’s fingers on for the same reason I do not trust FaceBook, the only thing that keeps me from trusting ProtonMail completely is the connection with FaceBook, and no, I do not have a FaceBook account, I know better ;-) , Paranoid ? , heck yeah :-)

    • Exactly this, I seriously start to doubt about the true face of Protonmail if they make whatever deal with Facebook/InQtel/FBI and it’s just wrong. It mak have bige benefite for your own promotions but towards your users who need absolute privacy you just can’t do this why you guys don’t understand this.

  • This is excellent stuff!

    Two questions related to the key handling in Protonmail.

    First off all, have you, or are you considering to upload the public keys to some keyserver, so that other services can make use of it? I tried to import the key to Enigmail, but it looks like the UserID is empty?

    Second, can I somehow add the public key to my non-protonmail contacts in the address book?

  • Could make an integration with to make possible to import peoples public key based on their social media accounts? Is that possible?

  • Enabled it and it works fine on the web, but messages cannot be decrypted in the iOS app. Not a big deal as we are still in Beta.

    • This is also an issue with the Android app. Testing shows that, if you encrypt to the recipient (UseID) only, and not to the sender, the mobile app can decrypt the message. It’s the multiple key encryption that is the problem.

      The web client does not appear to exhibit the same issue.

  • Done! Awesome! One more step to make ProtonMail my default email account… just need iOS :)
    Great update guys!!! now hackers can see nothing when they request password request emails!

  • I don’t care too much about Facebook integration, but I’m glad that messages received encrypted with PGP can now be decrypted.

    However I’d like to be able to download the private key, and more importantly to be able to use an email client running on my own computer (which I can trust a lot more than ProtonMail’s web interface) to get my mail with IMAP.

    One way I see to do this is to allow the user to upload a public key, and to have the ProtonMail servers encrypt with that key all mail received, unless it is already encrypted mail, then to give these messages to the user through IMAP (or POP3), and his mail client can decrypt them with the private key, which is then safe from ProtonMail. Of course this requires trusting ProtonMail still.

    Another way I see is to just provide regular IMAP access without encrypting anything that isn’t already encrypted. It makes sense: if messages are received unencrypted, we need to trust ProtonMail anyway, and if they’re not we won’t need to; so there isn’t really a point in ProtonMail encrypting the email.

    Overall I think I’m more interested in ProtonMail as a regular email provider, but with a focus on privacy and open standards. I can already get much better than ProtonMail’s “zero access” by using GnuPG (which I’d trust more than the OpenPGP.js shipped by ProtonMail any day) in my own mail client, so the “zero access” is only relevant when using the web interface for convenience (and IMO requiring people you send mail to to follow a link and type a password and write their reply, all this with JavaScript, is neither very open standards-like nor very convenient).

  • I got an issue. My primary mail is and the Public Key uses
    i need the Public Key with the .com version.

  • So, Facebook doesn’t have their dirty hands in ProtonMail’s whole security features/processes or overall operations… Right? Like, they cannot get into my account at all??

    • Not at all, they send us encrypted data that ProtonMail can now automatically decrypt. Our systems are still completely walled off from theirs, they have zero access to any user data (ProtonMail has zero access to user messages as well).

  • So, how is the he private key handled by protonmail? Do you have access to it or are the messages decrypted on the side of the end user like other messages with the private key only available to the user and stored encrypted on your servers?

  • Importing the public key to Facebook is OK, but after importing to GPG Keychain, no email appear
    in the key properties, so it´s not possible sending encrypted emails in Mail. (Mac OS X Yosemite)

    Private key export would be nice too.

    Any tip?

    Have a nice day!

  • I am a new protonmail user. To this point I love the service and to be honest would be willing to pay for it. That was until I read this post. Before I get flamed let me ask you a question. If you were Jewish and found out that the country you lived in just made a deal with the Nazis to exchange encrypted messaging, would you be concerned? That is extreme but as far as privacy goes that’s spot on.

  • Getting involved with Facebook or any other company is BAD business in my best judgement since if you really want to be the primary leader in “private” communications you simply cannot SHARE services with anyone. Doing so opens you up to a lot of problems in the future as I strongly advise to gracefully cancel your agreement with Facebook while you can. I can see the inevitable writing on the wall so please stick with your original principles (best policy) or you may end up losing many current and/or potential customers.

    • It is important to understand what this integration means. There is NO data being shared with Facebook. We just give users the ability to import their ProtonMail public key into Facebook. There is ZERO security risk from this because it is a public key, and not the private key.

  • Why get involved with facebook as i see problems in ur future if you do this….. don’t share anything or be ready to accept compromises later…. not a good idea!!

    • It’s important to emphasize, there is ZERO ProtonMail data being shared with Facebook and Facebook has no ability to get ANY data from ProtonMail. This is simply a step towards universal PGP compatibility which is good for privacy.

    • I don’t understand why so many of my fellow security/privacy activists are up in arms about this…..I see GnuPG mentioned quite a few times, okay, you use Kleopatra to Generate the Public & Private Keys & or Certificates if using PgP for S/MIME (encryption + verification of signing identity so one can make sure it is in fact the sender). You HAVE TO EZPORT your Public Certificate and or Public Key in order to utilize the capability of PGP or SMiME or Both…..SSL/TLS is again NOT POSSIBLE UNLSSS THE WEBSERVER FOR TORPROJECT.ORG

      Made their public CErtuficate or Key AVAILABLE TO ALLL; then we can utilize the handshake protocol to ensure secure traffic transport & verify it actually is the server you think it is…..

      Just like writing a small console app, compiling it, choosing a hash algorithm & posting it for ALL they upon download of exes can use powwrshell or a bash to calculate the HAsh of a given algorithm & bit size by taking the file they downloaded parameters and comparing it to the sha256 or whatever the alto is Checksum(hash)

      This confirms for the user he is indeed receiving a valid copy of SW with no added malevolent surprises

      PGP is Open Source as well, you can literally go to proton Mail teams github where they keep updating PGPjs as they incorporate features, or improve upon existing code. Providing the NSA or the NRO with ProtonMails PKey or a User Mailbox PKey is as harmless as telling everyone the port for SMTP on your NAT firewall on your router AND the corresponding computer attempting to use it is 25. Its public knowledge, we all know it, or anyone could find that out on Wikipedia.

      ProtonMail from the beginning has made it clear that yes they are a End2end privacy oriented email service; but their broader focus was for infosec/privacy ppl/techies or it pros to EXPLAIN to the masses of WHY privacy LIKE this should be incorporated in all forms of digital packet based traffic…imagine you want to flop naked and chill home alone au naturale….. without Locking the door; and making sure the blinds are shut, anyone who wanted to come inside or look in the window could see your literal privates……WE LIVE IN A MASS SURVEILLANCE STATE AND THAT IS THE EQUIVALENT OF 2 People STARING THROUGH EACH WINDOW AND MORE REMOVING YOUR ENTIRE DOOR AND STARING AT YOUR JUNK…..our freedoms are being made obsolete…..In USA “We Hold these truths to be self evident, that all men are born with certain unalienable rights…” Guess what one of them is (PRIVACY, it is a right bestowed upon us By Law & the Binding Supreme Legal Doxtrijes of our Land)…….BUT. now when you walk naked in your room and not worry that your TV set is recording you along with your phone or anything that uses electricity and frequency forget the goddamn windows…..STRANGERS ARE COLLECTING COLLATING AND VIEWING EVERY SINGLE PIECE OF INFORMATION ABOUT YOU; anything you do, anywhere you go, anything you say, anyone you say it to, the things you wouldn’t dare ask anyone so you ask the Internet or a fetish or strange (fill in blank) your into and would be mortified if anyone KNEW so you do it in private…./

      Guess what? Privacy is no longer applicable to electromagnetic or harmonic resonanating frequencies waveforms or spectrums; anything with a battery or a plug knows everything you do. Tell me you have nothing to hide and then admit to me you were sexually pleasing yourself with audio visual assistance or a partner and you were in front of your computer, iPhone, TV, “smart device” or you have a networked security camera or audio video monitoring device

      Someone now knows the exact expressions & sounds you make while engaging in sexual activity

      Do you read on cyber security? Are you an it professional, or are you a programmer, cryptographic researcher, political activist or privacy advocate, did you type president NSA, Accident , Death Anywhere like I just did? You are now flagged on a list. I literally caught German Gov’s NSA counterpart on a ridiculous port on one of my Linux Kernel Routers monitoring “telecom”

      Because I make posts like this.

      Facebook is used by the clueless masses that partake in the internet including older generations who use nothing else but Facebook to see pictures of grandkids

      ProtonMail Team, regardless of their history as an organization I commend and congratulate you on hopefully making more “mainstream” users aware of the pivotal stance you are taking along with many other groups such as Tor, Mozilla, All Open Source Libraries & , the Linux Community, the EFF, <Goto that site!!) and I give Kudos to Microsoft & Apple who both perhaps (well one for sure) made poor choices under the thrall of the early years of patriotism enflamed by my city of residence, birth, & Symbol crumpled down as I watched from a window because somehow some idiots wanted to hurt us for our system of beliefs. funny thing…..they hated us for our freedoms so goes the line….they are no longer available to us. If your life is logged like a errrordump and judgements are made about you because you think America went a little too far batshit crazy after 9/11 and became a Military Surveillance Conteolled Populus where we now have a nutcase as commander in chief with the capability to Admit to Treason on Camera and still be in office, where if I potentially tweeted something in return to him he didn't like the secret service or FBI would potentially show up at my door and say I'm advising anti surveillance & giving topology & hardware examples so therefor I could be construed as directing a criminal how to escape notice…..It is more critical than ever before in the history of this country we, the people, who according to our founding charter Hold Ultimate Authority over those whom we choose to be our guardians have the obligation to Instill Change in the corruption of our Government & if after all other means of petitioning has failed They refuse to conform to the will of the people, we (I'm paraphrasing constitution) shall have no recourse but to disavow the current government & refuse to recognize it holds any legal status or authority & until such time as a separate group of representatives who are found to be upholding the will of the people, any powers of governance shall be returned to the states, or I.e to be held in the care of the people.

      It amazes me how far from our founding principles we have strayed to the point where the United States is an unjust tyranny engaging in the very practices that causes the revolution.

      Anyway man Facebook + encryption technology should be understood by the many not the few, & if only to partake in the not even civil disobedience of pursuing ultimate privacy to engage enough people to provide the platform for a national knowledge base of the systematic stripping of our God given rights as free human beings "life, LIBERTY, and the pursuit of happiness". One cannot be liberated "free from oppression" when everything that can be monitored is being….are you truly free if you know anytime you are online your being watched?

      Facebook did not crack PGP the standard of encryption is not realistically able to be broken as it is too cryptographically sound even given Government resources; same with Certain Logarithmic scaling which forms the elliptic curve the logical plot on that point makes it mathematically secure despite compute power you can even use the less well known ECC that is used to encrypt bitcoin as your alto as some are claiming the NSA suggested ecc (the 2xx, 384, & 512bit ciphers) bc they could in fact compromise them…..regardless less commonly used public Key algorithms or combination of serpent & different pairings with larger bit keys make them safe for now;

      Check out MIT's anonymity protocol it's more secure than Tor and 10x faster I forget the name ATM

      Also keepass….the most secure password manager available; open source ; cross platform; designed amazingly well with many community coded addons (i coded one myself which took advantage of low level win API Kernel interaction to enhance functional service.

      Check out how secure, amazing, and the different algorithms there + techniques used to produce extremely High entropy PW; not only through algo but through adding random noise bits with keystrokes & mousing over a digital image for the purpose. Also allows custom sequences, using variables like a pasiedo programming; inxoeporatws TANs & OTP & uses obsfucation techniques to defeat keyloggers

      I made the Master PW combined with my giant bit Key file so complex my core i7 4ghz w/ 16gb ram & 8gb gpu takes a full minute to unlock it by succeeding running through all the iterations I set (uncommon algorithm) super secure but slower

  • I understand that no data will be shared with Facebook. But it gives me the shivers to even see a image where Facebook and Protonmail shake hands. I also think that Protonmail should be very careful to not forget why so many of us found refuge with them. I hope Protonmail will not become what Barack Obama has become in politics. It would be such a shame.

    • User privacy is always the most important thing to us, and we only work with other companies if it in fact improves user privacy. In the case of our support for Facebook PGP, it does improve user privacy so that’s why we decided to add support for it. Incidentally, at the same time, we added support for all other PGP services as well.

  • As a huge donor to this email, makes me sick that you want anything to do with Facebook, which makes all the apps that access Facebook have access to your proton mail? I was about to donate another 10k and now I will wonder. Apps can now data mine through face book via protonmail, as per customer service.

  • Yes Frank, the encouragement of this technology doesn’t benefit anyone, why protonmail are you encouraging this when it is making email more vulnerable when everyone has your public key? Any hacker could get your protonmail from that and send a virus, I think everyone that donated your campaign doesn’t even want you talking to Facebook for anything!

    • Hi James, you are misunderstanding how this works. Sharing the public key does not make email more vulnerable. The public key is called the public key because it is meant to be shared and public. On the other hand, the private key is what must be kept secret and neither Facebook nor ProtonMail have access to your private key.

    • That is tablet mode, so if you go to a smaller resolution screen or device, it will switch to that automatically. You can also get it on desktop by making the browser window less wide.

  • also people should be aware no country offers privacy canada is going through all emails and bill c 51 going throw purchases mastercard and debit and payments and socialized medicine and medical records a sweeping arbitary law because people put all kinds of faith in government laws and the can bend them and read track everything, also they microchip will be in your homes houses car tires rfid chips in all devices Ipods and smartphones and appliances like refrigerators and coffee makers appliances and halls public transit with pay passes RFID enabled cards and trains planes and cars automobiles and sidewalks doors and walls cameras in your nostrils cameras rfid chips in hydro poles and sidewalk cement street with biometrics, soon or later windows 10 can steal all your passwords in protonmail and open up everything all this myth on privacy is coming to an end

  • also, the internet of things will bring in devices rfid enabled to track movements with biometric scanning everything will be all tagged in clothing enabled buildings and cameras and all transportation goods services and highways and walls and doors and buildings and smart tv sets and wearable technology, so windows uses cortana a digital assistant that records all your passwords and encryption all email systems will be recorded and will know everything of your private pgp encryption keys to unlock everything, the European and Switzerland has privacy laws that work with five eyes and monitor you ,you cannot run and hide, the web globally work in an alliance to spy on you and break the laws

  • Facebook encrypted messages open in my Protonmail account, but not on the application for some reason. Is this being amended? Thanks

  • Brilliant progress!

    At first I, like many other seems to have misunderstood, thought this was some kind of integration of Facebook into ProtonMail, which would not have made any sense.

    However, this is great stuff. I personally have never touched Facebook, but I see it as a first step. Hopefully you can get more and more places to jump on this idea!

  • Facebook was part of the PRISM program. Are you sure you want to go ahead with this “Engineering Alliance” thing with it. Please let us know what kind of engineering you will be doing together so that we could decide whether to continue with Protonmail services.

    And please, beware of the “Giants”.

    • All we have done is added support for the PGP format that Facebook uses for their PGP messages. Facebook has zero access to any ProtonMail data. This just provides the option for you to add your ProtonMail public key to Facebook. As this is just the public key, there is no security or privacy risk. For more details, check out the knowledge base article we linked to above.

  • all internet of things will require devices connected with palm readers biometrics radio frequency identification technology and microsoft windows 10 key logger and tracking recording your pass word id and track you every where you go and monitoring and tagging you no privacy

  • I wish to import a contacts public key. He appended it as a text file named with a long hex string, with file extension .asc
    The import feature does not support this type.
    How am I to import this public key?
    Thank you

      • Nice. I hope you realize that we are very close to the end of the first half of 2016 already :-)

        I can’t wait for this feature, as it’s the only thing holding me back from using ProtonMail for everything (important)

  • Is this still working? I don’t have Key Export or Download Public Key button or anything above “Authentication Logs”. Unless it’s been moved somewhere else besides Settings -> Security

  • This article states that ProtonMail can now decrypt PGP messages from any other email provider by default. However, I just sent a PGP email from my gmail account to my ProtonMail account and I am unable to read it in ProtonMail.