Update about reported XSS issue

A couple of days ago, a video was circulated online that claimed ProtonMail is susceptible to a XSS (cross site scripting) issue which raised some concerns among ProtonMail users. We want to clarify that this does not impact the current version of ProtonMail.

XSS issue

ProtonMail is constantly making security improvements through our beta process and we appreciate all the assistance we have received from the community in helping us make ProtonMail better. The concept of encrypting on the client side is a relatively new one and comes with its own security challenges which we are working diligently to tackle.

The ProtonMail security team has reviewed the video and confirmed that this particular security issue is not present on the live version of ProtonMail. The video is showing an earlier development version of ProtonMail that was originally released on May 10th, 2014 for limited testing, and is not used in the current production systems.

We are supportive of all efforts to improve the security of ProtonMail and appreciative of our security contributors. Security inquiries can always be directed to security@protonmail.ch

About the Author

Proton Team

Proton was founded by scientists who met at CERN and had the idea that an internet where privacy is the default is essential to preserving freedom. Our team of developers, engineers, and designers from all over the world is working to provide you with secure ways to be in control of your online data.