Search Risk – How Google Almost Killed ProtonMail

google search risk

In the past two months, many of you have reached out to us to ask about the mysterious tweets we sent to Google in August. At ProtonMail, transparency is a core value, and we try to be as transparent with our community as possible. As many people have continued to point out to us, we need to be more transparent here to avoid continued confusion and speculation. Thus, we are telling the full story today to clarify what happened.

What Happened?

The short summary is that for nearly a year, Google was hiding ProtonMail from search results for queries such as ‘secure email’ and ‘encrypted email’. This was highly suspicious because ProtonMail has long been the world’s largest encrypted email provider.

When ProtonMail launched in Beta back in May 2014, our community rapidly grew as people from around the world came together and supported us in our mission to protect privacy in the digital age. Our record breaking crowdfunding campaign raised over half a million dollars from contributors and provided us with the resources to make ProtonMail competitive against even the biggest players in the email space.

By the summer of 2015, ProtonMail passed half a million users and was the world’s most well known secure email service. ProtonMail was also ranking well in Google search at this time, on the first or second page of most queries including “encrypted email” and “secure email”. However, by the end of October 2015, the situation had changed dramatically, and ProtonMail was mysteriously no longer showing up for searches of our two main keywords.

Between the beginning of the summer and the fall of 2015, ProtonMail did undergo a lot of changes. We released ProtonMail 2.0, we went fully open source, we launched mobile apps in beta, and we updated our website, changing our TLD from .ch to the more widely known .com. We also doubled in size, growing to nearly 1 million users by the fall. All of these changes should have helped ProtonMail’s search rankings as we became more and more relevant to more people.

In November 2015, we became aware of the problem and consulted a number of well known SEO experts. None of them could explain the issue, especially since ProtonMail has never used any blackhat SEO tactics, nor did we observe any used against us. Mysteriously, the issue was entirely limited to Google, as this anomaly was not seen on any other search engine. Below are the search rankings for ProtonMail for ‘secure email’ and ‘encrypted email’ taken at the beginning of August 2016 across all major search engines. We rank on either page 1 or 2 everywhere except Google where we are not ranked at all.

protonmail seo rankings

All throughout Spring 2016, we worked in earnest to get in touch with Google. We created two tickets on their web spam report form explaining the situation. We even contacted Google’s President EMEA Strategic Relationships, but received no response nor improvement. Around this time, we also heard about the anti-trust action brought forward by the European Commission against Google, accusing Google of abusing its search monopoly to lower the search rankings of Google competitors. This was worrying news, because as an email service that puts user privacy first, we are the leading alternative to Gmail for those looking for better data privacy.

In August, with no other options, we turned to Twitter to press our case. This time though, we finally got a response, thanks in large part to the hundreds of ProtonMail users who drew attention to the issue and made it impossible to ignore. After a few days, Google informed us that they had “fixed something” without providing further details. The results could be immediately seen.

google protonmail search risk
ProtonMail Google Search Ranking for “Encrypted Email”

In the above plots, the x-axis is time and the y-axis is search ranking (lower number is better). The dates where there are no data points are times when we are not ranked at all by Google. After Google made some changes, ProtonMail’s rankings immediately recovered and are now ranked #1 and #3 for ‘secure email’ and ‘encrypted email’ respectively. Without any additional explanation from Google, we may never know why ProtonMail become unranked. In any case, we do appreciate Google finally taking action to resolve the issue, we just wished it happened sooner.

The Danger of Search Risk

This incident however highlights a previously unrecognized danger that we are now calling Search Risk. The danger is that any service such as ProtonMail can easily be suppressed by either search companies, or the governments that control those search companies. This can happen even across national borders. For example, even though Google is an American company, it controls over 90% of European search traffic. In this case, Google directly caused ProtonMail’s growth rate worldwide to be reduced by over 25% for over 10 months.

This meant that ProtonMail’s income from users was also cut by 25%, putting financial pressure on our operations. We went from being able to cover all our monthly expenses to having to draw from our emergency reserve fund. The lost income and financial damage incurred as a result was several hundred thousand Swiss Francs (1 CHF = 1.01 USD), which will never be reimbursed.

The only reason we survived to tell this story is because the majority of ProtonMail’s growth comes from word of mouth, and our community is too loud to be ignored. Many other companies won’t be so fortunate. This episode illustrates that Search Risk is serious, which is why we now agree with the European Commission that given Google’s dominant position in search, more transparency and oversight is critical.

Defending Against Search Risk

This incident illustrates that for ProtonMail to be successful, it is important that we can continue to grow independently of search engines so that it is impossible for any search company to intentionally or unintentionally cripple us. This is easier said than done, but there are easy actions that we can all do to safeguard the future of ProtonMail:

  • Tell your friends and family about ProtonMail. The other benefit of this is that you will also get automatic end-to-end encryption when you email them.
  • Writing articles or blog posts about ProtonMail and help spread the word about online privacy.
  • Upgrading to a paid account or donating so we can rebuild our depleted emergency reserve fund faster.
  • Helping ProtonMail reach more people through social media. You can Tweet or share ProtonMail on Facebook with the share buttons below.

Share on Twitter   Share on Facebook

The more we get the word out about the importance of online privacy, the more we make it impossible to suppress, ban, or otherwise pressure encrypted email services such as ProtonMail. We believe online privacy is critical for an open, democratic, and free future, and regardless of the obstacles ahead of us, we will continue building the tools necessary to protect this future. Thank you for supporting us and making this possible.

Best Regards,
The ProtonMail Team

For questions and comment, you can reach us at media@protonmail.ch.

You can get a free secure email account from ProtonMail here.

ProtonMail is supported by community contributions. We don’t serve ads or abuse your privacy. You can support our mission by upgrading to a paid plan or donating.

Image Credit: Special thanks to Glasgow graphics designer James Belkevitz for providing the top image.

About the Author

Andy Yen

Andy is the Co-Founder of ProtonMail. He is a long time advocate of privacy rights and has spoken around the world about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

70 comments on “Search Risk – How Google Almost Killed ProtonMail

  • Contrary to what the European Commission may believe, I doubt that Google deleted ProtonMail for anti-competitive reasons. I mean, seriously, to Google, you are a gnat compared to the behemoth that is Gmail. Rather, I suspect the influence of the US and other governments trying to curtail the use of secure and encrypted email among us mere citizens.

    Reply
    • Indeed. Gmail has one billion users, Protonmail a million or so. This is most likely the US Gov telling Google how to filter. Moreover, it is dead certain that if the keyword “protonmail” pops up in an email you send or receive on Gmail, a copy of it goes straight to Fort Meade (NSA).

      Reply
      • and there was a time when Google was a Gnat and had only a 100,000 users ….

        ProtonMail is a competitive threat for Google as more and more revelations about their ‘enhancements’ keep coming out -such as the deletion of the privacy controls that were a core promise when google launched.

        Have a look at what M$ did to Apple (GUI anyone?) and the other operating systems, word processing programs, spreadsheet competitors who curiously seemed to suffer the BSOD after certain ‘critical’ updates.

        Of course none of it was intentional….

        Seen the Tooth Fairy recently?

        Reply
  • So, ProtonMail’s still fully alive, safe & secure with no negative impact of any kind then from Google or otherwise like other Search Engines, etc.??

    Reply
    • Yes, Google fixed the problem so our revenue stream is safe again and we are steadily building up our emergency reserve fund again. Thank you for your support!

      Reply
  • Thank you Andy & Protonmail. Looks like, after having firmly established Protonmail, your next project is going to be setting up a new search engine. ProtonSearch.

    Reply
      • I’m one of those word of mouth users you wrote about. I’ve worked in computers all my life and after getting into Cisco, Linux, and done other things about a year ago, I started craving ↓ on myself more than I did before (and my son used to call me paranoid before lol). Thanks to a friend I learned of protonmail and also sobering that happened recently that is forcing me to search for a new vpn. Good thing I don’t pay two to three years in advance to save a few bucks. Anyway, I didn’t see it mentioned in the comments but I have used Startpage.com as well as duck duck go for some time and love it. I have also been researching and collecting data on all the security breaches that have been going on since the begging of the year (yes, some were from many years earlier and we just found out this year) and I’m doing a write up for my company blog over Internet security and privacy. The government and hackers, and then another with all the innumerable different things you can do to start protecting yourself and I intend on using protonmail in it now that I’ve been using it. I hope that’s OK. 😉 It will actually be posted on two or three blogs and in a couple of political fb groups.

        Reply
    • Have you tried Qwant? European, dedicated to preserving your privacy. Not as slick as Google, but improving all the time.

      Reply
  • As a new user that join during the dark age, I’m glad I found ProtonMail via Wikipedia searching for alternate mail after Yahoo sold itself.

    Reply
  • We are one of those “other companies” mentioned above.
    We operate in a completely different industry (we are a Chinese Language School in China), however pretty much the same thing has happened to our website. We were number in the top three for main key words like “Learn Chinese in China” for years and from November 2015 google started down ranking us and has continued to doing so for 10 month by now until we are now invisible. We hadn’t made any significant changes to our site or business nor did our user behaviour change during that time. It was not one drop after a change in the search algorithm or after something technical that might have happened, but is a continuous decline for almost a year now that is impossible to stop.
    We also spoke to many SEO experts and after a lot of analyses etc. were told the website is fine, as are the link profile, no black hat techniques had been employed and everything is great. Just every week we continue falling further.
    There is no way to talk to google about this and I do not know how we could get them to “fix” whatever is going wrong in the search right now for a company like us that unfortunately lacks such a vocal online user base.

    When an error by one company has the power to so severely affect the business of other companies, without any need for transparency, explanations or third party checking, then indeed the European Anti Trust commission needs to do something about this.

    Reply
    • Not defending Google, but I see two things that will lower your sites ranking.

      1) I’m sitting on a 100Mbps fiber connection, but the initial response of your website responds is very slow. Loads OK when it starts to load, but says “Waiting for http://www.livethelanguage.cn” for a long time. This tested in Edge, Firefox and Chrome on Win10.

      2) The server is running HTTP, not HTTPS. Google is actively ranking down sites not using HTTPS.

      Hope you’re getting your rankings up again.

      Reply
      • These seo factors you mentioned couldn’t explain, why Protonmail was completely out of G results.
        Usually it’s because of penalty due to duplicate content or other serious issues.
        Maybe in this case it’s really because of evil G 🙂

        Reply
      • Hi Fran,

        Just wanted to clear up any misconceptions. – as SEO can be a tricky space.

        There is no ‘ranking down’ of websites with the HTTPS announcement.

        Purely that pages (not websites) will experience a small boost once it’s properly migrated to HTTPS. To be honest I’ve seen this go wrong more times than it goes right (due to issues migrating between HTTP & HTTPS).

        More details here: https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html

        Hope that helps!

        Reply
    • At least from Europe your website loads very very slowly. There are many solutions to this, and most are comparably inexpensive. (CDN?) Not saying that this is or was the problem but if you were looking so hard for reasons why Google might decrease your rank, this could certainly be one of them. Your website should load fast everywhere if possible (and having it completely over HTTPS also helps with ranking).

      Reply
  • This issue is one of the reasons I created the site covertactions.com. I thought we needed a site that lists the encrypted apps available world wide. We do press releases almost monthly and we spend on SEO to get written up in blogs all over the net. This way we don’t need to appear in Google which we don’t yet anyway. The site lets you search on Type of product, cost, country, open source or not, and wildcard. We just launched 7 months ago and have over 720 encrypted products listed with many more to go and since new apps are released almost everyday it will just get larger. We also use ProtonMail as a our domain mail provider.

    Reply
  • In all fairness, if a business model relies on Google organic for growth, then, the business model is wrong. Any organisation that places faith in an entity where there is no control has an unnatural imbalance within its marketing strategy. Of course, any organisation wants ‘free’ organic traffic. That said, there are many other ways to reach the audience.

    Reply
  • I’m sorry your competitor did not give you free advertising.
    Please be sure to write more blogs where you’re the clickbait victim.I hear that’s good for SEO.

    Reply
  • From a quick glance at your dropped links and checking out earlier versions of your site it looks like the drop in ranking near October 2015 was because of a combination of url changes during redesigns/tld migration and missing key redirects from old pages that had links going to them. This along with missing canonicals makes many of the old links going to your site not count anymore because they go to 404s which drops your ranking. Sounds like whatever SEOs you consulted just looked at your backlinks.

    Reply
    • For me what makes this case interesting is:

      Where sites are affected by algorithmic penalties, Google often does not notify those sites. It is possible a mistaken algorithmic penalty has affected ProtonMail.

      Unlike a manual penalty which is a human decision taken on your site, algorithmic penalties are hard to define. It’s not as clear cut in a legal sense whether it’s strictly a penalty. All you can say is that an algorithmic change has affected you.

      Now where is becomes most interesting is that Google said they “fixed something”. Does that implies they were at fault? With that are they now liable for losses?

      The other interesting point is that there is a level of AI involved AKA RankBrain in search ranking. That also raises a new question as presumably Google don’t exactly know how the AI is affecting rankings at the granular level of every single site on the web. So who is liable? Can you prove intentional harm? Do you need to?

      OFF TOPIC: On the separate issue of open sourcing the Google algorithm so it can be audited. It’s an excellent idea, but I think we are so far off a search algorithm that if made public could not be gamed, so it’s quite impractical. Perhaps with more AI this would be possible who knows.

      Reply
      • Why would Google be liable for anything ? Google is not forcing anyone to rely/subscribe to their services.
        Google and Protonmail have no agreement or contract whatsoever.
        Despite what the EU commission and other companies or individuals say, Google has a right to operate its own business as they see fit and that includes the right to apply whatever filters or ranking methods they want.
        And if people are not happy with that, there are always companies like Protonmail that offer alternative solutions.

        Reply
        • “Despite what the EU commission and other companies or individuals say, Google has a right to operate its own business as they see fit” In fact no, that’s wrong.

          When you control the majority of the market, you are not allowed to use this competitive advantage to gain another market or to eliminate a competitor. That’s not only true for Google, and not only in Europe, but also in Telecommunications, Energy, Railway and those laws also exists in the US and everywhere else, it’s the notion of “antitrust”.

          Reply
        • I fail to see where this is a relevant comment when in this context Google is a search engine and protonmail a secure email provider, yet you speak of Google’s right to filter and rank his they want and follow up with “if people don’t like it there are other services such as protonmail they can use” (paraphrase ). No. As far as I know protonmail is not a search engine.

          Reply
  • The lack of Google analytic’s and changing of the TLD is what mostly caused this I suspect. I fully agree on not adding the spying scripts but it is very intertwined with there robots and could of corrected the situation. As I see it you submitted the site under one TLD and then submitted another with no directions for there bots. This all had to be updated manually by a tech.

    Your robots.txt could be updated.
    https://support.google.com/webmasters/answer/6062608?hl=en

    Reply
  • To the Google Team-

    Was it worth it to lose your credibility? This will forever stand as an example of your deceitful conduct against internet users. Other tech firms should take note. You’ll be caught. It’s not worth it.

    One more thing. If you’re on the inside of Google, and you know of these schemes, LEAK it. SecureDrop, ProtonMail and Wikileaks are all safe and easy.

    If you are employed in tech, personally encourage all Google employees to leak these wrongful actions.

    Thanks,
    L.

    Reply
  • Amazing service.. protecting privacy … yes… agree.
    Em… what about malicious activity?
    This service can be used for spam too, right?!
    Well… any service has the “flip-coin” effect … a best security environment can be used malicious intent too.
    — and i’m not referring only to an email service.

    Reply
    • I guarantee you that compared to larger email providers, ProtonMail sends a negligible amount of spam at best.

      And even it that weren’t true, that’s no reason to hide ProtonMail from search results. I don’t see your point here.

      Reply
  • Helping ProtonMail reach more people through social media. You can Tweet or share ProtonMail on Facebook with the share buttons below.

    This is (i guess unintentionally) hilarious. You complain about one monopoly snubbing your reach, and rely on people utilizing two further monopolies in their respective domains to prevent it from repeating.

    What’s stopping Facebook and Twitter from shadowbanning you next? They already do such things en masse to users with the wrong political opinions, so the infrastructure is there. And they serve the same government as Google, by the way.

    These are dark times we are living in.

    Reply
  • “Upgrading to a paid account or donating so we can rebuild our depleted emergency reserve fund faster.:

    How about providing amazon affiliate link (US, UK and Canada). Protonmail can get 3% of all sales commission. I usually order from Amazon several times a year. With one million users I’m sure there are people using amazon to buy something.

    This year alone I have spent over $100 and about to spend some more.

    Reply
  • “We believe online privacy is critical for an open, democratic, and free future”

    If so, why such a marketing tone and constant pressure to pay in each of your blog posts? Yes, we can appreciate that the financial situation of Protonmail may be difficult, based on fact that several other such providers have had to give up. But asking for donations as an apparent end goal for all of your communications is harder a pill to swallow because – as I understand – Protonmail is for profit. Hence if abused of, this approach might more look like aggressive advertising – a paradox considering the very appreciated effort of Protonmail to avoid any external ad pollution.

    Some (possibly many) of your users, including myself, are considering an upgrade of their account, even though their philosophy would precisely be in favour of a free web. But they may be turned away if the language and face of Protonmail are changing to little more than those of a business entity. What’s to prevent Protonmail from turning into a capitalist aberration if commercial success and profit become its centres of gravity? Make it a people for people’s endeavour first (as seems to be your stated reason for creating it), and many will be dragged to it without the need for constant solicitation.

    Reply
    • ProtonMail does not turn a profit and has never turned a profit. 100% of funds from users is put towards development, with some additional support coming from Swiss non-profit foundations and public funds.

      Reply
    • This is somewhat of a parodixical situation to me, for instance, I pay for a vpn because I want full transparency, absolutely no logging, plenty of options and safeguards that work and the ability to use them on several machines and mobiles. I could get a free vpn but I’d be sacrificing a lot I’m unwilling to. And no I’m not using it this moment for any of you smart arses who want to throw my ip out there. In smart enough to know that using it ALL the time is a red flag to my ISP.

      Reply
  • Hi,

    I search from google.com (Indonesia) with keywords “encrypted email” & “secure email”, ProtonMail is number one from the top 10 list.

    Congrats.

    Reply
  • There are two analytical flaws in this article which overdramatise it (although I agree with the overall theme that Google’s algorithms can inhibit other firms (including competitors)…it’s a matter of debate, and conspiracy theories, as to whether that intentional or inadvertent)

    First, you refer to changing from the .ch TLD to .com. Given how Google is known to work by looking at links between pages, it inconceivable that wasn’t a factor in a drop.

    Second, you state “Google directly caused ProtonMail’s growth rate worldwide to be reduced by over 25% for over 10 months.” then “This meant that ProtonMail’s income from users was also cut by 25%, putting financial pressure on our operations.” This is entirely misleading cause and effect. Google may have stunted your growth rate (i.e. future users and income). It didn’t reduce the income from your existing user base i.e. those who had already registered with you and therefore didn’t need to google you to find you. It clearly causes issues as your reasonable expectations and budgeting must have been very difficult – but you didn’t actually ‘lose’ money.

    Third, I’ve read elsewhere (New York Times I think) that you didn’t follow Google’s official suggestion for flagging such issues as SEO ‘experts’ suggested a response was unlikely. That was pretty daft if true. Logging through the ‘right’ channel creates an audit trail and evidence that their own processes weren’t following. By apparently acting like you were too important to follow that process doesn’t feel consistent with the image of your company that you’re trying to project.

    Reply
    • A lot of ProtonMail’s revenue comes from new customers who sign up, the drop in new customer sign up is what caused the bulk of the 25% drop. Regarding Google’s forum for reporting these issues, it is not an official channel, and there are many reasons why posting there is not a good idea. The reasons for NOT going there are explained at the bottom of this article: http://searchengineland.com/hey-google-can-you-hear-me-262164

      Reply
  • Which websites has this post been shared on? I’m curious why there are so many google fanboys under the post. They don’t even read before commenting.

    Reply
  • Even though I can only afford a free version of the fantastically great ProtonMail, I am constantly encouraging everyone I email to look at your service. I have gotten at least five people to signup. T’ain’t much in the scope of the world wide web but I hope the rings will spread in the water.
    Keep hanging in with your wonderful service to freedom!

    Reply
  • Hullo. I have a query: as I was typing my email, I noticed that the page was moving without my doing anything. I have noticed this happening when I was editing a Wikipedia entry………it appeared someone else was watching the page. I am wondering if Google has cracked the encryption…..

    Best wishes
    Sarah Benson

    Reply