Why ProtonMail Is More Secure Than Gmail

protonmail vs gmail security

ProtonMail is an encrypted email service that takes a radically different approach to email security. Find out how ProtonMail security compares to Gmail security.

In 2014, ProtonMail became the world’s first email service to protect data with end-to-end encryption, and today is the world’s most popular secure email service with millions of users worldwide. ProtonMail’s technology is often misunderstood by tech writers (and sometimes incorrectly represented in the press), so this article aims to provide a clear description of how ProtonMail’s technology is different from Gmail, and what makes ProtonMail more secure.

Only you can read your emails

ProtonMail’s encryption means that nobody but you can read the messages in your mailbox. In fact, not even ProtonMail has the ability to read your messages. We believe that your private communications should be exactly that: private. On the other hand, Gmail can and does read every single one of your emails. If you are not comfortable giving Google unlimited access to all of your intimate communications, then ProtonMail’s approach to data privacy provides more security.

Your data belongs to you

When you sign up for Facebook or Google, you give them control over your sensitive personal information. The recent Cambridge Analytica scandal brought to light just how little Facebook users know about who has access to their data and how it is being used. Unless these companies fundamentally change their business models, they will continue to read, analyze, and sell your data in ways you cannot control.

You won’t have this kind of problem at ProtonMail — one more benefit of the end-to-end and zero-access encryption we use. Our encryption ensures that our users have complete ownership of their data. We don’t have the ability to read it or sell it, even if we wanted to.

Improved security in the event of a data breach

ProtonMail uses zero-access encryption, which means it is technically impossible for us to decrypt user messages. Zero-Access Encryption applies to all messages in your mailbox, even messages which did not come from other ProtonMail users.

This provides stronger security compared to Gmail because even if ProtonMail were somehow breached, user messages remain secure because ProtonMail only stores encrypted messages. In other words, if an attacker steals emails from ProtonMail, the attacker would not have the ability to decrypt them, as even ProtonMail cannot decrypt them. The use of Zero-Access Encryption, therefore, adds a strong layer of resiliency against catastrophic data breaches.

No tracking and logging

Google records literally every action done by its users. This includes your IP address, every search that you do, which emails you open, which websites you visit, and much more. ProtonMail takes the opposite approach and by default, does not monitor or record user activity, not even IP addresses.

Encryption for messages in transit

In addition to the security of emails at rest, one also needs to consider the security of emails in transit. Both ProtonMail and Gmail provide extra protection by using TLS encryption whenever possible when communicating with external email providers. However, ProtonMail goes one step further by also supporting end-to-end encryption.

In simple terms, end-to-end encryption means that messages are encrypted on the sender’s device (before it even leaves their computer or mobile phone), and can only be decrypted by the recipient on their device. This means that no third party which transmits or intercepts the email between the sender and recipient (i.e. internet service providers, the NSA, or even ProtonMail as the mail server operator) can decrypt and view the message.

This powerful protection is possible because ProtonMail has PGP email encryption built-in. End-to-end encryption is done automatically without user interaction whenever messages are exchanged between ProtonMail users. For an enterprise using ProtonMail for their email hosting, this means all communications between employees are automatically protected with end-to-end encryption. ProtonMail can also support sending/receiving end-to-end encrypted messages with recipients who are not using ProtonMail. The use of end-to-end encryption makes ProtonMail a better choice for security conscious individuals and organizations.

Smaller attack surface

ProtonMail only provides email and VPN services, so your Proton account is not connected to hundreds of other services. Compared to Google, ProtonMail is a much smaller target, and there is less risk that a vulnerability in another service breaches your email account.

One might argue that Gmail is more secure because it is a gigantic company with more engineers. However, there is ample evidence that demonstrates that security is not correlated to company size. In fact, large companies often are the most vulnerable due to larger attack surfaces, Yahoo and Equifax being two recent examples. There is no such thing as 100% security and history has shown that any system can be breached. ProtonMail’s unique ability to protect user data even in the event of a breach is a valuable benefit.

Strong authentication

ProtonMail uses Secure Remote Password in order to protect user credentials. This makes it difficult to conduct a brute force attack to obtain user credentials, even if the attacker has control over the victim’s network. Both Gmail and ProtonMail support two-factor authentication (2FA), which provides an additional layer of security by requiring that an unique code be entered on each login (the code is usually generated on a separate hardware device). However, ProtonMail goes a step further by only using strong 2FA methods and disallowing weaker methods such as 2FA over SMS.

Protected by Swiss and European privacy laws

ProtonMail stores user data exclusively in European countries with strong privacy protections such as Switzerland. This means that unlike Gmail, ProtonMail does not fall under the jurisdiction of intrusive US laws (such as the Foreign Intelligence Surveillance Act), and cannot be coerced into working for the NSA. With ProtonMail, you can be certain that your data always remains in Europe, in full compliance with EU privacy regulations. ProtonMail’s approach makes us compliant with Article 25 of the EU General Data Protection Regulation (GDPR) which mandates that services adhere to the principle of privacy by design.

Zero-access encryption means that even if a complaint is brought in a Swiss court that meet the high requirements for data disclosure, only encrypted emails could be handed over. As a Swiss company, ProtonMail cannot be forced to hand over data in cases of US or EU civil litigation. Thus, even if you don’t care about privacy, ProtonMail is still the ideal choice for businesses, journalists, activists, and individuals who are worried about the overreach of US government agencies or courts.

No conflict of interest

In addition to the technological and legal differences, ProtonMail and Gmail also have very different business practices. Whereas Gmail was created to lock users into the world’s largest and most invasive advertising platform, ProtonMail was created with the goal of protecting privacy rights and democracy in the digital age.

Google makes money by providing Gmail and other services for free in order to acquire personal data, which it then sells to advertisers. On the other hand, ProtonMail first priority is always user privacy, because our only customers are our users – not advertisers. Thus, choosing between Gmail and ProtonMail is also a personal choice: Do you want to sacrifice your privacy or instead use a service that respects privacy?


Both Gmail and ProtonMail provide email accounts, but that’s where the similarities end. In terms of technology, legal protection, and position on privacy rights, the two services diverge widely. If you just want an email account, either service will meet your needs. If email security, and in particular privacy is important to you, then you should consider ProtonMail as a Gmail alternative.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Andy Yen

Andy is the Founder and CEO of Proton, the company behind ProtonMail and ProtonVPN. He is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about our mission.


Comments are closed.

110 comments on “Why ProtonMail Is More Secure Than Gmail

  • All great but why do you allow weak passwords.
    Registration form accepts passwords like”tom”.

    If the recipient has a weak password, it can expose all parties involved in the conversations…
    Please force a minimum security for passwords on registration.

    • We don’t believe in controlling user behavior. What we will do is show a password strength indicator in the UI to encourage stronger passwords.

      • Might be nice to let a user know if the person they’re communicating with is using a weak password. What’s the point of protecting my key if my roommate has a habit of leaving his all over town unattended.

        • Unfortunately we can’t do this because we don’t know the strength of your roommates password since we don’t know his password.

        • Make sure you have secure conversations with only those with 2FA enabled. I’m sure ProtonMail can let everyone know this info.

      • Wow!

        This comment should cause an earthquake inside Google. Lots of people I know would like to import their Gmail into ProtonMail.

        The spying by the CIA, FBI and NSA, on their own U.S. civilians, will continue to create demand for privacy. The book “3 felonies a day” shows how the Feds can comb through millions of pages of laws and come up with something to threaten you with a long jail sentence. Gmail has chose wrongly in partnering with the U.S. government.

        The U.S. government will be unhappy about this migration away from Gmail, and into secure communication. If you work for the U.S. government, or Gmail, be sure to report any proposal by your employer to diminish privacy for U.S. citizens. Google and the U.S. government will likely resort to shady tactics to prevent this drive toward privacy. Report these tactics using SecureDrop (which is safe and easy). The Intercept, and many other news outlets use SecureDrop.

        Thank you, ProtonMail.

  • I so want to use ProtonMail and leave Gmail, I really do. But until you allow a way out of ProtonMail (i.e. a way to take our email with us), ProtonMail “owns” our data, and that just isn’t right. In contrast Gmail scans our email alright but lets us free to leave the service. PS: I know you’re working on IMAP access, so this is just a friendliest nudge to get it done and released. This is all the more important for business accounts, who won’t subscribe without a reversibility procedure (and they will also want calendar integration – for accepting invites – and some directory integration)

      • Hey I’m a plus user and I did not receive any invitation (I use both Linux and windows) and I’m also a Tester, so I’d love to test bridge. How can I try it?

      • Excellent! I tested ProtonMail Bridge this week on macOS with Apple Mail, it works well enough for my purpose of reversibility, count me now as a happy paying subscriber. And the custom domains work like a charm. I’m out of Gmail now. Keep up the good work, you’re heroes!

    • But once you “take your emails with you” how secure will your emails be when there are stored in plain-text on your computer?

      • It’s your computer and you do what you want with it. You can encrypt a folder, a partition and even your entire hard drive.

    • The free accounts are limited in features because otherwise we would not be able to exist as a company. We are a community and user supported company which means paid plans are required to keep ProtonMail operating. Thank you for understanding!

      • I would like to move over. However, I need storage so a paid account is important. I would like to pay with bitcoin but the fees are making this impractical. Can I pay with Bitcoin Cash?

        • We only accept Bitcoin at the moment. You can also pay with cash if it’s more convenient for you (no checks).

          Payments can be sent to:

          Proton Technologies AG (Fongit)
          Street: Chemin du Pré-Fleuri, 3
          CH-1228 Plan-les-Ouates, Genève, Switzerland

          Please be sure to use a tracking system so your payment doesn’t get lost. Also, please include your username and the plan you want to subscribe to in the envelope.

  • “ProtonMail goes a step further by only using strong 2FA methods, and disallowing weaker methods such as 2FA over SMS.”

    True but Protonmail has no support for Yubikey and no support for FIDO U2F so, while you disallow weaker methods, you also don’t support the strongest and most secure forms of 2FA.

  • Just a quick question I was thinking about.

    All these features, of course, are applicable to the ProtonMail web client. Does using the Android app compromise on any of the technical security features of ProtonMail?

    P.S. Besides the obvious fact that anyone who can unlock my phone can access my emails.

    • There security features are available across all our platforms, even Android. For extra security, you can also enable PIN lock on Android to protect your emails in case somebody unlocks your phone.

  • Protonmail is in my sense a Fake solution.

    You do not propose any standard, you do not propose anything that could be widely used, in several open source projects and deployed in every compagny worldwide.

    Your solution rely on an home made javascript base crypto that works for you and only you, and does not interoperate with any other email provider.
    This is business, and Protonmail is just there to make money

    It is absolutely not not a future proof solution that could fix a fundamental problem : email in the current state is insecure.

    If you want something really innovatibe, have a look to the side of DIME and DMTP.

    • This is not true actually. ProtonMail uses the OpenPGP standard, and in fact, we play a key role in defining the popularizing that standard as we are the maintainers of OpenPGPjs, the world’s most popular open source PGP library for web.

  • Since using protonmail, I have rid myself of ‘screaming’ adverts wanting to sell me anything from nudes to pills to goodness-only-knows-what-crap. I’m not interested – I’m only interested in receiving emails from the people I want to receive emails from. I used to be a Google+ user, for a short while – my goodness – couldn’t hear myself think for overbearing white-noise. All gone. Wouldn’t touch Yahoo with a barge pole now, still have a hotmail/outlook address(es) – use them as catchalls, sending mail on (forwarding) to protonmail (works a treat); I use google email as an email address in situation where I don’t want to divulge my ‘real’ email address (the protonmail one), and as soon as I get spam from one such place into gmail, that gets filtered, and the spammer gets a vacation notice (doh), and because of the large storage at gmail, I store things that have no ‘world-shattering’ privacy sensitivity and are of absolutely no interest to any snoops. But for my daily, no-nonsense, large-screen typing area, protonmail is ‘it’. But beware of sending on (forwarding) mail from gmail to protonmail. Whereas hotmail/outlook sends AFTER ditching spam, gmail sends BEFORE ditching spam. Take it as you like it – gmail forwarding sends spam to protonmail – hotmail/outlook forwarding does not. My emails feel quite safe at Fort ‘Protonmail’ Knox. THANK YOU PROTONMAIL!

  • I signed on as a beta user with Protonmail in 2014 and, after a few test run email accounts with PM, I settled on one, paid my annual fee, I could not be happier. The number ONE security feature I love on PM is NO use of 2FA via-SMS. Thank You! I’ve been hacked by an ex-spouse (very high level, savvy Google-manager-for-his-institution-) via SMS after he jail broke my phone at a family function. Emails I read during one evening were suddenly erased the next day. Took me awhile…..With Gmail on my device, I was constantly being prompted to “re-enter your google password” for this or that feature. Why, exactly?

    Guess how many time Protonmail has asked me to re-enter my PW — in three years? Zero times. Between the weak WPA2 ISP protocol Time Warner offers (as the only game in town, btw) and Gmail’s oh-so-porous email product, I think PM is a godsend. I will gladly pay for peace of mind. No “missing” emails in three years.

    And I appreciate PM not interfering in my password usability. Just today I had to reset a Google PW (I still must use Gmail for one client, but I never give Google my cell # now). Google kept telling me my PW was “too similar” to my old PW — when I had changed 7 out of the 15 characters! Hello, Google? Thanks for the guidelines but in the end, I’ll be the judge of the viability of my own passwords.

    Keep doing what you do, Proton-CERN-Harvard people, you have a fan in the Midwest. Yes, it’s good to have flexibility to exit the PM ecosystem, but (honestly), who takes all their email “with” them?

  • I’m still unsure about how far exactly the protection goes. If I send a mail from ProtonMail to a Gmail address, at what point does the content get revealed, given that the addressee finally fetches the mail from the Google servers where it resides.

    • More important is that Google, Protonmail, and anyone else in Mail-Transport-Agent’s chain see who you talk to.
      SMTP (email’s base protocol) leaks metadata by an unfortunate design from 1982, when it was appropriate.

      No, brave CERN scientists decided to keep SMTP at the start. You see, they are confused, it is Standard Model from 1980’s or even earlier that is good. But email protocol from 1980’s has been bad since 2000’s.

  • I have been using ProtonMail ever since I first heard of it and signed up to it via invitation when it came out in Beta Mode, I liked it back then and still like it even more now. It is an awesome e-mail service, I deleted all my other e-mail addresses and kept this one only because it has the best security, privacy and etc… . And now it has a new awesome VPN service too, Keep up the great work ProtonMail Team.


  • I posted a couple of comments 2 days ago in response to this post that have not to have appeared. My comments were is response to “ProtonMail goes a step further by only using strong 2FA methods, and disallowing weaker methods such as 2FA over SMS.”

    Yes, this is good but Protonmail does not support either Yubikeys or U2F (which Yubikeys support) which provide much more secure forms of 2FA then Protonmail currently supports (U2F is supported by Google–maybe the only area where Google security surpases that provided by ProtocnMail). In your suggestions section I count at least 7 threads requesting Yubikey and/or U2F support with more than 1250 votes. I don’t see any posts by Protonmail staff responding to these requests. Are you considering FIDO U2F support and if not why not? I can understand that some users might not have wanted to use U2F when Chrome was the only browser suporting U2F but U2F is supported by Opera and will be supported by Firefox in the upcoming release in November.

  • I’m interested in ProtonMail, mainly so that my emails are not being scanned and commoditized by a company. If I send email mainly to other mainstream email services, will that defeat this purpose mostly?

    Is there also a Calendar service built into ProtonMail as well? I find myself using google calendar a lot out of habit and an all-in-one solution would be good.

  • I am really interested in protonmail, but I have several questions.

    1. Im a little confused about the password the recipient has to type in order to read my mail. How do they know the password? Will the password be the same with all my recipients or do I have to create a new one every single time? Also, just to be clear, the recipient password is different from my login password, right? P.S. I read the Support section and it doesn’t indicate how the recipient knows the password.

    2. What do you mean expiring in 28 days? Do you mean that the email the recipient receives will be deleted? What is the reason behind that? Will I have copies of the messages I’ve sent/received in my email box from the recipient who’s email message has been deleted? Does this apply if Im sending an email to another protonmail user as well? Also, what about in my end? Will my email that I received/send will be deleted as well after 28 days?

    3. So if I send a protonmail to a gmail user and they open it up and read it, the Spies(don’t know what to call them) won’t be able to read the email, right? And this applies when the recipient replies to my email and sends it to me, right?

    4. For whatever reason I choose not to want protonmail anymore, I can delete it, right?

    Sorry if I’m not using the right terminology, I don’t know too much about tech.

    Thank you

    • Hi,

      1. You need to communicate the password through a different medium e.g. Whatsapp/ Signal/ Wire/ phone etc. This password can be different each time because it must be set each time you send an encrypted email to a non-ProtonMail user. However, you can decide on one password with your recipient and use that one each time. Indeed, this password MUST be different than your password. Never give your password away.

      2. This expiration time does not apply when sending email to ProtonMail users without selecting expiration. As well as when sending email without end-to-end encryption to non-ProtonMail users.

      3. If you send an email from ProtonMail to Gmail without selecting encryption and setting a password, then that email will remain encrypted on the ProtonMail servers, but on the Gmail servers there will be an unencrypted copy that could be leaked in the unfortunate event of a data breach. If you wish to keep all your emails encrypted with outside ProtonMail users, you must click on the encryption icon each time you communicate. Additionally, you can ask your recipient to create a ProtonMail account which will ensure that your communication is at all times end-to –end encrypted.

      4. Yes, you can delete your account at any time from Settings -> Account -> bottom page Delete Account


  • This is really good. But how can I migrate from gmail to proton mail. I have used it for years on so many websites. How can I change it without losing my contacts easily.

    • Very, very soon we are launching encrypted address book and the contacts import/export tool in ProtonMail. You will be able to move all your contacts from any email provider like Gmail -> ProtonMail

    • Yes, you can personalize plans according to your needs by navigating to Settings -> Dashboard in your ProtonMail account. If you do not own a ProtonMail account yet, it’s very quick and easy to create a free account by following this link: https://protonmail.com/signup

  • Google makes angular library.
    On github, let’s search for angular in ProtonMail/WebClient. Here is the link: https://github.com/ProtonMail/WebClient/search?utf8=%E2%9C%93&q=angular&type=
    642 results returned.
    Translating for non-programmers: protonmail site smells like google.

    1) Have you done an independent audit of angular versions that proton uses?
    2) Do sections with encryption keys or passwords touch angular’s execution context?
    3) Is angular loaded from 3rd party CDN?

    “Us versus them” is a cute rhetoric, i.e. emotionally engaging. But its divisive, especially when countries are thrown into devision.
    By the way, talking about countries. There was this referendum in Sweet-zer-land :) , you blogged about. You haven’t blogged about the outcome, which shows the rest of the world that fear mongering works on electorate even in Better_Countries_(TM).

    • Many, many web apps all over the world use Angular. Are you implying that Angular is somehow compromised and sending information, possibly confidential information, to Google and in an undetectable manner?

  • Hi, does the proton mail work independently with proton vpn ? that means I don’t have to launch your vpn in order to be allowed to use proton mail (so using my own ip address).

    • Yes, ProtonMail work independently from ProtonVPN. However, please keep in mind this will not offer you any protection on your IP address.

  • Why does ProtonMail not allow you to sign up using pre-paid VISA cards that can be purchased at supermarkets?
    I’ve been trying to upgrade to a paid account for over 1 year, but Proton declines all online credit cards I have purchased. Fix this and you’ve got yourself another paying customer.

  • My ProtonMail account had been hacked and the password had been changed by the hacker.

    This email was linked to my Coinbase, BitPay and other personal accounts that made it possible for the hacker to access them.

    I immediately emailed ProtonMail from the recovery email address that I provided them with when opening my account. I thought it would simplify the process for them when they match it to my original recovery email I provided when opening the account. I also provided them with my original password. More than a day later they responded with the following:

    Goran (ProtonMail)


    Thanks for the message.
    Account xxxxxxxxx has utuxxxxxxxxxxxve.com set as recovery address.

    If you do not have access to that account please answer the following questions:
    Do you remember the exact time and date when your account was created? 
    When was the last time you have accessed your account? 
    What is your display name? 
    Do you remember to which addresses you have sent your last messages?

    My answers weren’t precise enough and did not suit them. I explained that I was emailing them from the original recovery address they had on file before my account was hacked, but they found that to be irrelevant. Since the hacker changed the original recovery email to a different one ProtonMail didn’t bother checking for the original.

    My last option was to ask for them to just shut the account down altogether nobody would have access to it. They refused to do that as well. Here’s the response I received:

    Goran (ProtonMail)

    Unfortunately, the answers you have provided are not sufficient for us to start an account recovery process.
    You are welcome to open a new account.

    ProtonMail refused to provide any customer support and did not secure my personal information like promised. Their careless attempt to resolve this matter and further continuation of violating my privacy leaves this issue unresolved. Their narrow minded solution would be for me to open another account with them and expect a different result.

    Be weary when dealing with these guys.

    • Alice, I am very sorry for this terrible situation!

      Even if you had emailed us from your recovery email, we do not store recovery emails after they are changed in a user’s account. If a user cannot demonstrate beyond a reasonable doubt that the account belongs to him/her, we cannot allow recovery of the account as otherwise it would put all our users in danger of getting their accounts taken over by people who pretend it’s their account. Hence, we have a procedure in place with security questions that we rigorously apply on any account recovery process.

      Unfortunately, we do not have a way to confirm if an account was hacked. This is the reason why we insist that our users are very careful with their passwords and enable 2FA on all accounts, even outside of ProtonMail.

    • We are referring to tech journalists. It happens that sometimes, even if good intentioned, tech journalists not specialized in cybersecurity misunderstood the differences between traditional ESPs and ProtonMail. This breeds inaccurate reviews or statements about our technology.

    • Yes, you can. However this only works if you have a custom domain registered for your ProtonMail account. This means that your custom domain must authorise Mailchimp, or any other bulk email sender, to send emails in the name of your domain and not ProtonMail.

  • I am a free user at the moment. I am keen in network security there for I switched from yahoo to protonmail.
    I go through every settings and feature of proton mail. So far only missing thing is outbound pgp. But they r developing at the moment.

    I have to say, u need use protonmail once u have enough understanding in email and its security.
    If u r statt protonmail as ur 1st mail service, u may ignore its valuble features.

    I love using protonmail. Free account meets my needs but I will I will go for paid user. To support great engineers behind the protonmail.

  • Why won’t some sites let me use protonmail to register an account ? I sometimes get told ‘use of this email service is banned…’

    • Could you please tell us which are these websites? Sometimes they ban a whole domain because of a handful of fraudulent accounts. We are doing our best to fix this.

  • Good day,

    If I’m not mistaken, Swiss law requires you as an Internet service provider to keep track of your customers. Would you mind explain to me briefly how you can provide your service (especially email) with anonymous clients?

    Thank you in advance!

  • Well, Proton Mail is a “nice” solution. The advertising couldn’t be much better. In fact the service is “somewhat” more secure than normal paid mail services. The reason is not that the makers did their jon totally wrong, the reason is on one side the technology stack and on the other side the neccessities of law and infrastructure.

    Having cryptography in the browser and using a browser for secure stuff is always contradictionary stuff. It is important to understand, that a browser is one of the biggest attack surfaces casual users offer to bad guys. On one site you have to deal with the omnipresent stalking (aka tracking) and insane advertising, which includes big security risks. On the other side most users use some browser plugins to exactly fight against this threats, which is also risky, because browser plugins could access the whole dom and therefore access content which shouldn be accessible to those plugins – and now imagine some evil functionality inside such a plugin…

    Last but not least implementation of cryptographic algorithms in JavaScript may offer a lot of attack surface too. They are vulnerable to timing and side channelt attacks – but also to evil scripting which may lead into comprimisation of credentials / keys etc.pp.

    Also the chance that someone in the middle – if you have to deal with a governmental player – may attack you in a way which is hard to detect.And then the infrastructure, law enforcement, thir party services like DDoS-Protection etc. pp. may lead to reduced security.

    So before you think you have MORE security or safety or privacy you have to define your individual threat model. You have to identify the chance that you are important enough for powerful players to attack you. And you should be aware that usage of such a service may be seen as an indicator that you may have somethin to hide – which may raise interest…

    On the other hand it is hard to find better solutions. From a security point of view a fully encrypted local running web server ona device which is well maintained and administered, configured following best practices and never left unattended, may come close to optimum. Some randomly used dead letter boxes may be better. And real-world dead letter boxes may be best – but not digital ;-) But your own mail server will usually work bad if behind a dynamic IP address so this isn’t a option for most of us.

    At the end of the day you mus consider if you need the added security proton mail offers or not. One nice feature e.g. is the ability to send self-destructing mails to others or to send mails requiring passphrases to read. This is something you usually won’t have elsewhere and this may be considered a really valuable addon.

    It’s up to you… But you should know what’s possible and what isn’t… ;-)

  • Hello,
    Thank you for your article on pm-vs-gm. I want to know if your protonmail address can be used to when creating verification contact when signing on to your online accounts (bank, investment, medical, shopping etc..)?
    Thank you, again.

  • After years of “feeling” Proton provided end to end security — suddenly anyone who goes to the Proton login page sees my screenname by typing any single letter. Several of us use this laptop and I can see all their SCREENAMES!
    What is up with that.
    Seriously flawed. AND THERE IS A VPN on this laptop. We tried changing the COUNTRY and the screennames STILL pop up like once on, always and forever exposed.
    Can you please address this. From the recent security upgrade? So if you are now Google/Google+ which is hardly what anyone coming here wants. N.S/A. SO this means my friends and my Screenames are now LINKED and I don’t want to be linked with them or anyone. THERE IS ZERO SECURITY/PRIVACY SUDDENLY. Please explain. Have been a fan.

    • Hi Colo, if the screennames appear that means they are locally saved on the laptop you are sharing. We do not show anyone’s username. The login input field does not function like a keyword library. You can delete this data from your browser depending on which you use, by deleting the cookies and cache. This is not ProtonMail’s fault. Have a nice day!

  • Are my contents or communication still encrypted and secured, if I’m receiving all the mails from other email providers such as gmail, yahoo, outlook, hotmail etc.???

  • I was considering ProtonMail for me and my children but you do not have any folders. I saw a screenshot of your email and you do not have folders.

  • Hi I’m a user and I feel like my security needs questions are not being clearly answered by Proton mails questions. I am doing social science research in a police state somewhere in the ME. I want to use proton mail primarily to make it difficult for the secret police to intercept my communication with research subjects, both in country and out of country. However, I incur the risk that, by using proton mail, I am more likely to be reported to the secret police. I think this is reasonably safe because proton mail does not have a profile in country. However, to know if this is worth the risk, I need to know:

    Will the national security services be able to read emails that I send to other people in country?

    Will the national security services be able to read emails that I send to other countries?


    • Hi!This depends on how the messages are sent. Messages to ProtonMail recipients are always end-to-end encrypted. Also, we have full PGP support, which means end-to-end encrypted messages can be sent to non ProtonMail recipients if you have their public key, or you can add a password to encrypt the message. If this is not the case, the messages are encrypted on our servers, but once they leave they are no longer end-to-end encrypted.

  • I’ve recently created a ProtonMail free account and am willing to upgrade to a paid version, but is it necessary (or better) to install & use the ProtonMail Bridge to import emails from GMail?

  • Will I be notified if a non Proton Email client has received my encrypted email that I have sent them?

    • You can select the “request a read receipt” option for a message to non-protonmail address with Encrypt password set, however, the recipient will not have an option to send the read receipt.

  • (1) Will you please consider an alternative to pay pal and blockchain for making a donation – thanks.

    (2) I have been using a duckduck tor system to access my proton mail for many years without problem….it no longer works and I get your IE message to move to firefox etc….all which seem to rely on google which I don’t want to be using… — please advise soI cn check my e-mails (signed….not too techy so don’t know what to do)

  • use protonmail. I forgot backup email that I used when I logged into the service years ago. I had also decided to change my passwords one day and as recommended did not write them down. .. fine until you one day want to log in and realise you have neither your password or backup email! Despite telling them information about who I am and what my emails contain, asking to speak to people on the phone, I was constantly told I had not given the right information to get back into my email. This is bad!

    • Sorry for this inconvenience. I know it’s very frustrating. This is one of the features of end-to-end encryption. We don’t collect very much (if any) information about users and cannot read your messages. But because of this high level of security you have to be more careful not to lose your password or recovery email address. If you remember your password at any point, you can contact our support team and they should be able to restore your mailbox. https://protonmail.com/support-form

    • If you send an email, the recipient will be able to see the email address you sent it from.

  • Almost perfect:

    Please allow 2FA by means of usb security key like Yubico.

    Not everyone is comfortable carrying a cellular phone for 2FA.

    • Yubico is an excellent method of 2FA. We will add support for it once we release ProtonMail 4.0, which is in the final stages of development.

  • Im so glad I swapped to protonmail and I sincerely hope big tech is broken up and Americans recognize the importance of privacy and security. In Protons opinion, which US political party is doing more to protect privacy and security and not hinder freedom of speech? There is so much co fusing information out there and I want to vote for a party that supports businesses like Proton. Im also deeply disturbed by Apple and Nike’s etc use of Uighurs slave labor and the failure of uSA citizens to speak out for Hong kong.

    • As a Swiss company, we maintain political neutrality. We support any effort that expands access to privacy and security for all.