2016 Email Security Roadmap

For 2016, we are looking forward to another year of progress towards building easy-to-use secure email. Today, we are publishing our first security roadmap.

Over the course of 2015, we have taken several big steps towards making ProtonMail the easiest to use secure email service. Some highlights of 2015 include the release of ProtonMail 2.0, which is fully open source, and the beta release of the ProtonMail iOS and Android secure email mobile apps. Thousands of users have been testing these apps for over 4 months now and given very positive feedback. Therefore, we will finally be releasing the apps in the App and Play stores in 2016.

During the second half of 2015, our team focused almost exclusively on ProtonMail 3.0 which will launch at the end of this month, bringing many new features to ProtonMail including support for custom domains. In 2015, we also made numerous security enhancements including adding support for encrypted attachments and adding the ability for non-ProtonMail users to send encrypted replies to encrypted ProtonMail messages. Now, all messages in ProtonMail, including attachments and emails sent by non-ProtonMail users, are stored with zero-access encryption.

For 2016, we will continue on this trend of increased email privacy. As our primary focus is on secure email, it is fitting that our first published roadmap is focused entirely on security. Building a privacy focused email service is difficult as security is a moving target that requires constant innovation. These are the steps we will be taking in 2016 to protect your email privacy.

We have broken down our security roadmap into four broad categories.

Authentication

    • Challenge/Response login password improvement so that every login uses a different one-time hash.
    • Store mailbox password in memory only, not session storage. This means the user will have to re-enter the mailbox password if the page is refreshed, but will avoid the mailbox password ever touching the disk if the browser caches session storage.
    • Two factor authentication

Server

    • Public Key Pinning (HPKP): This pins our certificate such that we can’t be impersonated if a root CA or intermediate CA is compromised.
    • Content Security Policy (CSP): An extra layer of XSS protection which disables all inline scripting and whitelists only our domain for loading Javascript.
    • Migration to Certificate Transparency (CT) for EV Certificates
    • DNS-based Authentication of Named Entities (DANE)

Full PGP Support

    • Support importing PGP public keys of contacts so PGP emails can be sent automatically through ProtonMail
    • Support keychain functionality so users can import their own public/private keys
    • Allow the export of ProtonMail user private keys

Application Security

    • Add ProtonMail SSL certificates to the HSTS browser preload list(s). This needs to wait until we have stabilized our certificates.
    • Client-side public key verification mechanism for recipients. This allows you to automatically check the fingerprints of recipient public keys to ensure that there is no key spoofing.
    • Browser extensions or desktop applications so client side code does not need to be loaded each time ProtonMail is accessed.
    • Splitting the ProtonMail webmail into a separate subdomain isolated from other services
    • Adding a Web Application Firewall (WAF)

With limited resources, there is always a trade-off between improving security and adding features, so as much as we would like to, these security improvements cannot be done overnight. If you would like to support our efforts on this, feel free to either join our open source project or send us a donation! As always, we welcome any feedback on this roadmap either in the comments or by emailing us at security@protonmail.ch.

Over the past year, we have meticulously built up our infrastructure, technology and team in order to support the largest encrypted email service in the world. Looking forward to 2016, we hope to leave Beta and open the gates so that private and secure email can be enjoyed by all. Join us on this exciting journey to change the Internet!

About the Author

Admin

We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

62 comments on “2016 Email Security Roadmap

  • Oh come on guys, no IMAP or some other form of external email client access? Being restricted to the website or some smartphone app is a total dealkiller for some people, for reasons like email notifiers watching multiple inboxes without constantly needing to have all those apps/websites open, email filters, etc

    Reply
      • That’s not true. All the good open source email clients support OpenPGP. Since all the messages in our mailbox are encrypted with our ProtonMail public key, I see no reason we would not be able to get IMAP access and to download our private key (this is in the roadmap, thank you) so that we can decrypt them locally.

        If anything that would be more secure than the current ProtonMail web client. I’d rather trust an open source email client like Mozilla Thunderbird running on my computer than ProtonMail’s web interface, even if the JavaScript files are pinned with a browser addon (which is not a very elegant solution anyway).

        Reply
      • hmm, emails are (en|de)crypted client-side by the mail application, hence it should work pretty well.
        Unless you encrypt as well all the headers, but I have some doubts about that fact…?

        Reply
      • Does encryption really matter for content downloaded to a local computer? Most responsible people would enable full-disk encryption or similar anyway.

        Reply
      • Most popular imap clients have pgp plugins, for example Apple Mail, Thunderbird etc.
        When you will start support full PGP it will be possible.

        Reply
  • The wait will be worthwhile, as the assault on privacy of law abiding citizens by govts is deeply concerning. Govts spying on their citizens will only serve to deepen the distrut and divide between citizen and state. Democracy, or the little that’s left of it, is staring at it’s killer, govts. As citizens, we need to fully understand that everytime we face an assault on our freedoms, be it a Bataclan or similar, we cannot blindly surrender our freedoms on the alter of security. This is a dangerous trajectory. Citizens are surrending their freedoms to the very institutions sworn to uphold them. The slow erosion of privacy in the longterm will have serious consequences. Govts are not elected to control, manipulate, hold or gather information on tax paying, law abiding citizens. One can only wonder how the heads of the NSA and similar organizations would feel about their privacy being invaded, eroded and stolen from them (if it hasn’t already happened). The right to privacy is tantamount to the survival of democracy and it’s long term stability.

    Reply
    • I couldn’t agree more.

      Governments, that’s pretty much every government, are eroding privacy, liberty and freedom’s in the pursuit of protecting us from evil.

      I am of-course referring to the “threat” of terrorism, and the scapegoat it has become in-order to pass laws, either overtly (UK Snoopers Charter) or covertly (US Cybersecurity Information Sharing Act), all under the misguided narrative of keeping us safe from those who would do us harm.

      Ultimately, surely, the aim of any would-be terrorist is to dismantle the very foundation of democracy, freedom, liberty, freedom of worship, freedom of religion, generally being free to choose who you are and what you believe.

      Therefore the respective governments around the world are making their “mission”, just that little bit easier. Moreover, they are spitting the faces of what our forefathers died to protect (American Independence, Glorious Revolution, WW1, WW2).

      It is, however, important to remember, as you point out, in a democracy, people choose their “leaders”, therefore if we want change, everyone, not just you or I or those whom use this service, have to recognise the irony of the laws/bills being passed and demand change by choosing to acknowledge and investigate the corruption and destitution being caused by those who we elected, and then choose, collectively, to say no-more.

      Regards,
      Mr. Nobody

      Reply
  • It’s very nice to have the possibility to use own key pair (i prefer a 4096 bit key, for example), the future PM client to prevent targeted Javascript and the fingerprints verification.
    It could be good also to have the possibility to do NOT store private key online, maybe importing it in the client (like using an existing Gmail account with Thunderbird + Enigmail with the own private key stored locally).
    The “innovation” could be that unencrypted mails too could be encrypted locally (with the private key stored offline) and then stored on your server. If i’m not making a mistake it is the current solution, but with private key stored on your server.

    At the current state, PM is a sort of compromise between transparency and usability for the common user (that could not be PGP-savvy) and actual security (private key stored online is not recommended).

    P.s.: sorry for my horrifying english.

    Reply
  • It’s very nice to have the possibility to use own key pair (i prefer a 4096 bit key, for example), the future PM client to prevent targeted Javascript and the fingerprints verification.
    It could be good also to have the possibility to do NOT store private key online, maybe importing it in the client (like using an existing Gmail account with Thunderbird + Enigmail with the own private key stored locally).
    The “innovation” could be that unencrypted mails too could be encrypted locally (with the private key stored offline) and then stored on your server. If i’m not making a mistake it is the current solution, but with private key stored on your server.

    At the current state, PM is a sort of compromise between transparency/usability for the common user (that could not be PGP-savvy) and actual security (private key stored online is not recommended).

    Reply
  • I was hoping you’d include DIME darkmail.info into ‘security roadmap into four broad categories’, at the very least why it hasn’t.

    Also are you sure because about the IMAP coment because salusafe the cryptoheaven app looks as though it works that way too.

    Reply
  • Your roadmap says “Add ProtonMail SSL certificates to the HSTS browser preload list(s). This needs to wait until we have stabilized our certificates.”

    This is incorrect, and I think you’re confusing two separate things.

    “HSTS Preloading” simply means that major browsers are pre-programmed to know in advance that your site uses HSTS before connecting to it, so the browser only ever connects over HTTPS. This defeats the “SSL stripping” attack. It has nothing to do with specific certificates or keys, it’s just a commitment to always use HTTPS. You don’t need to stabilize your certificates or keys first. ProtonMail can already start this today by applying here:
    https://hstspreload.appspot.com/

    “Public Key Pinning” means that major browsers are pre-programmed to know in advance the hashes for your site’s SSL public keys before connecting to your site, so the browser only ever connects using those keys, rejecting all others. This is different from regular HPKP because the public key hashes are hard-coded into the browser from day one, even in a fresh install where the browser has never actually visited the site before. This defeats attacks involving mis-issued certificates or compromised Certificate Authorities, and it resolves the weakness of HPKP in which the very first visit to the site could still be compromised. Getting your site onto major browsers’ Public Key Pinning lists is not simple, it’s a special thing reserved for large, high-security sites (ProtonMail would be a perfect fit); you’d need to co-ordinate directly with browser developers to make sure they have the right keys pinned. Public key pinning is where you definitely need to stabilize your SSL public keys first (not the certificates) because it’s harder to get major browsers to accept different ones later. To have ProtonMail added to Chrome’s pinset, contact Google Chrome security engineer Adam Langley (https://www.imperialviolet.org); Firefox uses the same pinset from Chrome, so it will transfer over from there. For more info about Public Key Pinning and getting SSL keys added to major browsers’ built-in lists, see these pages:
    https://www.imperialviolet.org/2011/05/04/pinning.html (Google security engineer Adam Langley’s blog)
    https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning

    ProtonMail should ideally do both HSTS pinning and Public Key pinning, but you currently don’t have Public Key pinning on your roadmap list (you do have HPKP, but this is different; this is about getting your SSL key hashes pre-programmed into major browsers).

    Reply
  • Why does protonmail.com/blog not list the latest article first? This is very annoying, I only discover important new stuff by scrolling down.

    Reply
  • What is the status of the hack which occurred near the end of last year? What damage was done? Is protonmail still vulnerable to similar hacks?
    Is there any downside to us ( the users) from these hacks?

    Reply
  • This is awesome. Really looking forward to extra-tight security/privacy for everyone and better PGP support. Big thank you to the ProtonMail team!

    Reply
  • still no (one-shot) IMAP(s) import? How will I ever get rid of my deprecated hushmail account, while retaining my mail history? Please?

    Reply
    • You can already change your encryption password. You can also change your encryption keys, although this will make old message unreadable. In a future release, we will try to address this.

      Reply
  • I climb to the top of the highest mountain and exclaim WAAAAHOOOO!!!!! Such absolute, infinite respect for the blessed, delightful, honourable and worthy human beings devoted to this project. What an absolute gift. How special. You are so thorough, dedicated, upright. You have done what no one else has done so far – the highest possible standards combined with usability. This is gold.
    I would identify the most important component here is that the message remains encrypted for email users outside of the unique provider (ie Protonmail). You’ve gone one step further and allowed to send encrypted message BACK!!!! I just can’t believe it. I’m beside myself in gratitude and appreciation

    An interesting point is this website has no 3rd party trackers whatsoever. Nice work

    Reply
  • The fingerprint feature for verifying the importation of public keys for both parties should be added.to mitigate against man in the middle attack.

    Reply
  • Any plans to implement Thunderbird support? maybe through an extension? Without this I can´t take protonmail as a serious option.

    Reply
  • Hi team, ProtonMail! That’s too innovative and creative name, service provided indeed is fantastic! Ultimate thing is it’s privacy, making it’s standard grow so widely in history and I hope it will in the coming days too! And, Please give me a invite soon (praveent8547@protonmail.ch) and is there a possibility of developing ProtonMail as Universal Windows 10 App? They are turning out to be a new revolution and apps are increasing to flow with UWP in Windows App Marketplace! Please consider Windows Platform alongside iOS bridge and Android Platform.

    Reply
  • Regarding the authentication points, I’d love to see PM consider a password-free 2FA option for step one of the PM login process. E.g., Clef (getclef.com) is gaining traction in the BitCoin authentication space, and their WordPress plugin is the most popular 2FA plugin for WP right now. A passwordless approach like this might be well worth a look.

    Reply
  • if I have interest in exporting all my mails to another provider, will be available an option to export emails in the future?

    Reply
  • I have my own GPG key and have it registered on various key servers. I was wanting to download my ProtonMail private key so I could get rid of the previous key I use to use and list my ProtonMail public key on the servers instead. It appears from reading this post that eventually this year I will have the ability to upload and use my own key with ProtonMail that I’ve been already using over the years. Is this correct? Any idea about when this feature will be implemented?

    Reply
  • How far away is this feature?
    “Browser extensions or desktop applications so client side code does not need to be loaded each time ProtonMail is accessed.”

    Reply
    • It is difficult to fit this into the 2016 schedule, but our code is open source and we’re hoping the community can help with it.

      Reply