What Yahoo’s NSA Surveillance Means for Email Privacy

Updated October 7, 2016 with additional clarification and analysis of Yahoo’s denial

Dear ProtonMail Community,

Two weeks ago, we published a security advisory regarding the mass hacking of Yahoo. Unfortunately, due to recent events, we are issuing a second advisory regarding all US email providers.

What happened?

This week, it was revealed that as a result of a secret US government directive, Yahoo was forced to implement special surveillance software to scan all Yahoo Mail accounts at the request of the NSA and FBI. Sometime in early 2015, Yahoo secretly modified their spam and malware filters to scan all incoming email messages for the phrases in the court order and then siphoned those messages off to US intelligence. This is significant for several reasons:


  • This is the first known incident where a US intelligence directive has indiscriminately targeted all accounts as opposed to just the accounts of suspects. Effectively, all 500 million+ Yahoo Mail users were presumed to be guilty.
  • Instead of searching stored messages, this directive forced Yahoo to scan incoming messages in real-time.
  • Because ALL incoming email messages were targeted, this program spied on every person who emailed a Yahoo Mail account, violating the privacy of users around the world who may not even have been using a US email service.


What does this mean for US tech companies?

This is a terrible precedent and ushers in a new era of global mass surveillance. It means that US tech companies that serve billions of users around the world can now be forced to act as extensions of the US surveillance apparatus. The problem extends well beyond Yahoo. As was reported earlier, Yahoo did not fight the secret directive because Yahoo CEO Marissa Mayer and the Yahoo legal team did not believe that they could successfully resist the directive.

We believe that Yahoo’s assessment is correct. If it was possible to fight the directive, Yahoo certainly would have done so since they previously fought against secret FISA court orders in 2008. It does not make sense that US surveillance agencies would serve Yahoo Mail with such an order but ignore Gmail, the world’s largest email provider, or Outlook. There is no doubt that the secret surveillance software is also present in Gmail and Outlook, or at least there is nothing preventing Gmail and Outlook from being forced to comply with a similar directive in the future.  From a legal perspective, there is nothing that makes Yahoo particularly vulnerable, or Google particularly invulnerable.

Google and Microsoft have come out to deny they participated in US government mandated mass surveillance, but under a National Security Letter (NSL) gag order, Google and Microsoft would have no choice but to deny the allegations or risk breaking US law (our analysis of Yahoo’s denial is at the bottom of this post). Again ,there is no conceivable reason US intelligence would target Yahoo but ignore Gmail, so we must consider this to be the most probable scenario, particularly since gag orders have become the norm rather than the exception.

In effect, the US government has now officially co-opted US tech companies to perform mass surveillance on all users, regardless of whether they are under US jurisdiction or not. Given the huge amount of data that Google has, this is a truly scary proposition.

How does this impact ProtonMail?

ProtonMail’s secure email service is based in Switzerland and all our servers are located in Switzerland, so all user data is maintained under the protection of Swiss privacy laws. ProtonMail cannot be compelled to perform mass surveillance on our users, nor be compelled to act on behalf of US intelligence. ProtonMail also utilizes end-to-end encryption which means we do not have the capability to read user emails in the first place, so we couldn’t hand over user email data even if we wanted to.

However, since email is an open system, any unencrypted email that goes out of ProtonMail, to Yahoo Mail for example, could potentially have been swept up by these mass surveillance programs and sent to US government agencies. This is why if you want to avoid having your communications scanned and saved by US government agencies, it is important to invite friends, family, and colleagues to use non-US email accounts such as ProtonMail or other email services offered by European companies.

What can the rest of the world do about this?

Unfortunately, the tech sector today is entirely dominated by US companies. Just like Google has a monopoly on search, the US government has a near monopoly on mass surveillance. Even without US government pressure, most US tech companies also have perverse economic incentives to slowly chip away at digital privacy.

This week, we have again seen how easily the massive amounts of private data retained by US tech companies can be abused by US intelligence for their own purposes. Without alternatives to the US tech giants, the rest of the world has no choice but to consent to this. This is an unprecedented challenge, but it also presents an unprecedented opportunity, particularly for Europe.

Now is the time for Europe to invest in its own tech sector, unbeholden to outside interests. This is the only way the European community can continue to safeguard the European ideals of privacy, liberty, and freedom online. It is time for European governments and citizens to act before it is too late.

The only chance for privacy to prevail against these attacks is for the global community to support a new generation of web services which protect privacy by default. These services, such as ProtonMail’s encrypted email service, must operate with a business model where users can donate or pay for services, instead of giving up data and privacy. The security community also has an obligation to make these new service just as easy to use as the ones they replace.

Services such as secure email, search, and cloud storage are now vital to our lives. Their importance means that for the good of all citizens, we need to develop private alternatives that are aligned with users, and free from corporate greed and government overreach. Crowdfunded services like ProtonMail are rising to the challenge, but we need more support from the global community to successfully take on better funded US tech giants. Privacy matters, and your support is essential to ensure the Internet of the future is one that protects our rights.

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

You can support our mission by upgrading to a paid plan or donating so that we can grow beyond email.

Analysis of Yahoo Denial:

Yahoo, like every other US tech company, has issued a denial, basically denying Reuter’s account of the mass surveillance. Here is Yahoo’s denial, word for word:

“The article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.”

It is curious that Yahoo’s response to this incident is only 29 words, but upon closer examination, it is a very carefully crafted 29 words. First, Yahoo calls the reports misleading. This is a curious choice of words because it does not claim that the report is false. Finally, Yahoo states that, “The mail scanning described in the article does not exist on our systems.” While this could be a true statement, it does NOT deny that the scanning could have been present on Yahoo’s systems in the past.

The same day as the Yahoo denial, the New York Times obtained independent verification of the Reuter’s story from two US government officials. This allowed the New York Times to confirm the following facts:

  • Yahoo is in fact under a gag order and from a legal standpoint, they cannot confirm the mass surveillance (in other words, they must deny the story or avoid making any statements that would be seen as a confirmation).
  • The Yahoo mass data collection did in fact take place, but the collection is no longer occurring at present time. Thus, we now understand the disingenuous wording of the last sentence in Yahoo’s statement.

Yahoo’s denial (or non-denial, as the case may be), followed immediately by confirmation by the NYT demonstrates the new reality that denials by US tech companies cannot really be taken at face value anymore. It is not that US tech companies are intentionally trying to mislead their customers, but many times, they have no choice due to the gag orders that now inevitably accompany any government requests. If statements from US tech companies turn out to be suspect (as in the Yahoo example), the likelihood of the public ever knowing the truth becomes highly unlikely, and this brings us to a dangerous place.

About the Author

Andy Yen

Andy is the Founder and CEO of ProtonMail. Originally from Taiwan, he is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and received his PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

87 comments on “What Yahoo’s NSA Surveillance Means for Email Privacy

  • There are countless reasons to switch from Yahoo to ProtonMail, however ProtonMail still does not have a way to import Yahoo emails and does not have folders.

    That is a blocker for Yahoo users who want to switch over.

    Please add those features ASAP while the Yahoo issue is still on people’s minds, otherwise they will just move to Gmail, or if they are smarter then to other secure mail services.

    • I’d love folders too.. However, Proton does have tags.. and filters. Meaning you can create tags for different emails associated with your account, setup a filter for a particular email and sort them that way.

      I don’t know how Yahoo works, but I guess you could mark all and forward them to your new mail?

    • Unless you have a paid account, yahoo does not allow the export of emails. Most people I know have the free yahoo account. I know this because my mom and sister have it and I’ve tried to export their emails into gmail and it will not happen since they do not have paid accounts.

    • those email are tagged like wild animals invisible beacons… careful what you wish for may expose and cause a zero day for proton food for thought laws of privacy have never stopped talented programmers before. The first email and web was created for these cern scientist until someone made arpnet availble to everyone the only way to stay safe and maintain anonymity and privacy is to keep things locked up the way “I HOPE” they claim to be here. So what you’re hoping for can never because that would require access, access by yahoo.

  • I really want to use ProtonMail and I really want to pay you for it. However, I can’t easily move off of GMail because I’ve got gigs of mail history there that I can’t leave behind. Please give me an import/migration tool and I will hand over my money immediately.

      • I started the export process. Emails from 10 years ago. I’m not sure I want to import to anywhere else. I don’t search for them. Nice to have just in case, but other than that, I’ll put them on an encrypted cloud drive. (mega.nz). I could really use imap though.

    • after I switched over from Windows10 to Ubuntu, I loaded Thunderbird, email desktop client. After registering my Google account, all my emails of the last 8-9 years were downloaded to my computer and put in Thunderbird.
      Just archived them all and closed the Google account in Thunderbird, as now I am using Protonmail.

      a reference to an older email.
      open Thunderbird, search for that email , copy paste into Protonmail and edit for usage

      • Yes, I switched from Yahoo and it wasn’t that hard, just a bit labor intensive:

        (a) Log in to Yahoo email and start Thunderbird,
        (b) Open one of my Yahoo email cloud-based folders (I had 100+),
        (c) Move all emails from that folder back into the cloud-based Yahoo inbox,
        (d) Retrieve (download) the contents of the inbox using Thunderbird (i.e., move the cloud-hosted inbox contents to the local-drive inbox), and
        (e) Copy emails out of the local inbox back into an almost identical folder structure on my local drive.

        It took a few hours spread over a few days. Now I have decades of Yahoo emails archived locally, nothing on the Yahoo servers, and I exclusively use Protonmail going forward. I keep the Yahoo account open but only access it occasionally and only through Thunderbird. It’s my junk/spam account now.

        Protonmail is absolutely great, simple and effective, which is why I’m a paid subscriber. Thanks, Protonmail team!

  • Yes. This is a BIG opportunity for non-U.S. entities to provide privacy solutions.

    If you are in the U.S. government, or a U.S. corporation, it is EXTREMELY important to report these illegal schemes by your employer. Report these schemes when they are even SUGGESTED by your superiors.

    It has never been SAFER to use encrypted email, Wikileaks, etc., when reporting these schemes. With encryption, you can forward VOICE communications, as well as text!

    If you are told to promote these illegal schemes, refuse. Your career and livelihood are in danger. You will be discovered, and left hanging in the wind by your superiors!

  • Dear Protonmail,
    I would so much like to switch and host my domain email with you. However, until you can enable access from desktop clients, or else some kind of export procedure that is compatible with those software, what happens with Protonmail is vendor lock-in (our email is forever locked in the Protonmail vault with no way out) — which, in a way, similarly undermines our very trust in handing over our important data. We can only use the service for email we’re comfortable to lose eventually, which is inherently contradictory with the idea of choosing Protonmail as a trusted partner for our communications. This is about ownership of our data, and a key missing piece in the puzzle!
    In addition, there is an inaccuracy in your blog post: ProtonMail only uses end-to-end encryption between Protonmail users, or for specially-implemented outgoing messages, *not* for incoming messages from other providers — in that case it is at best only encrypted between email gateways (not end-to-end), and also there is a large part of email parties that still don’t support Encrypted SMTP, so it is well established that Five Eyes agencies have been snooping all exchanged email already for a couple decades by plugging onto telecom links (Echelon infrastructure), regardless of whether email is stored encrypted inside the Protonmail servers.
    So, the lessons that this whole US debacle is teaching us, I believe, are:
    1) Yes, you’re absolutely right: the 1st priority is to host our email with a service which is reasonably far away from the legal arms of surveillance governements. It is a European citizenship duty to support the development of our own services (with paid subscriptions — your fee for hosted personal domain email is very reasonable).
    2) With the protection of Swiss law (I wouldn’t say this in any other country, not France, not Germany, not the UK obviously), and while that protection remains in place (with Protonmail’s activism – fingers crossed!), point 1 is more important than having our email technically encrypted in your servers *if that means* that we cannot take our email with us / export it / access it from desktop clients (a requirement before handing our data over to Protonmail). A plug-in to Apple Mail, for instance (like GPGMail), would be an elegant way to address both issues (user-controlled encryption and user’s ownership of their data).
    3) Some day, I hope you can provide true end-to-end encryption (with per-user management of PGP keys for instance). Until then, you’re really solving point 1) (the issue of trust) — which is a considerable achievement already and a good enough reason to switch to your service (provided you solve point 2).
    Kind regards, keep up the good work!

  • Hi, Andy ! Thank you, both for building Protonmail and for providing informative insights along this blog !

    IANAL, just wondering here : could Ya.oo (as an egregious example; not them only) be sued/prosecuted for breach of privacy and abusing their customers confidence?
    Then, assuming they were compelled by a sovereign government to commit this abuse, would this be accepted as an excuse by US/non-US/international prosecutors and courts of justice ?
    And assuming it were alleged or proved that they were compelled by a sovereign government (or agents thereof), could Ya.oo (for example) and the government in question be brought to Courts for, say, conspiration, in addition to other crimes ?

    I’d be delighted to read your opinion as well as that of others, especially legally informed opinions.



  • Having served the US military for a little more than a decade, I was seeing the focus shifting from National defense to global governance. I served with a Force Recon Black Ops team. Within the Pentagon there are multiple factions, each having loyalty to their own agendas. There are still Commissioned Officers loyal to the Republic and the populace, but their numbers are dwindling. Most are leaning towards alliance with the UN take over of the United States Inc. It’s very scary. I love my country but I strongly distrust my government. Congress should wear NASCAR style uniforms, so we know who is owned by what foreign entity. When I was a guard at the White House (USMC) the Trump’s and the Clinton’s were tight like, two peas in a pod. But I am thinking more and more lately, “I wonder what Kazakhstan is like this time of year?”-

    • We operate a 24/7 support desk with tech support staff in both the US and Europe. Depending on the time of day, your inquiry will be handled from either the US or Europe.

  • I am chopping at the bits to fully move to my Protonmail account, bring my domain name and family members over. I just need the domain name feature to be sorted with a Proton Drive, calendar and I’m in. I hear it is for the end of this year.

    With Protonmail, Signal for messaging, Qwant as search engine, we’re on a very good path.

    Thanks to the entire Protonmail team, great, great job and service to a sane digital future

  • Plenty of people would undoubtedly want to switch to Protonmail from services like Gmail, Yahoo and Outlook, and many of those would probably pay. But the fact is that the functionality isn’t there. Compare to Gmail, Yahoo and Outlook, Protonmail is underdeveloped severely in its Contacts (why, oh why can’t I add address details or phone numbers?), it has no Calendar and no import/export. So yes, it’s more secure and private, but it’s not a replacement exactly. Sort these things out. Make usable Contacts and Calendars and THEN say that you present a viable alternative to Gmail, Yahoo and Outlook.

    • Also, whilst Protonmail is more private than Gmail, Yahoo and Outlook, it is not necessarily more secure since Protonmail does not offer Two Factor Authentication (2FA). The same method, e.g. a keylogger, could be used to capture both my Protonmail passwords. If I have 2FA with Gmail, Yahoo or Outlook, a keylogger is not enough. So if you want to present a viable alternative in terms of general security, Protonmail should as soon as possible implement 2FA options, such as Yubikey.

    • @Göran
      “Protonmail is underdeveloped severely in its Contacts (why, oh why can’t I add address details or phone numbers?)”

      Oh, I see you are one of those really annoying contacts that undermine my privacy by sharing my personal data with Google without my knowledge ?

      Dude, don’t add people’s phone numbers or real address to your Gmail account, that’s just rude. It’s downright offensive if your contact is on ProtonMail or is otherwise an obviously privacy-conscious user.

    • Make sure that you opt now for paying account. This way developers can add features you want, instead of looking for a second round. Vote for your bright future with dollars today.

  • On the 26th of September Swiss citizens voted in a referendum by a large margin in favour of a mass surveillance programme. After this referendum the Swiss Secret Services gain the power to indiscriminately tap phone conversations and internet communications taking place in the country. It includes access to communications stored in Swiss data centres. This is not very different from the surveillance programmes the American companies are subject.

    This development is particularly worrying since ProtonMail stores in its data centres both the private and public keys of all its users. I hope you can solve this issue quickly (e.g. pass on private keys to users), because right now ProtonMail appears as secure as Yahoo.


  • Whilst I generally do agree with the statements and sentiments from this blog post in regards to mass surveillance on US based E-Mail providers, the recent developments in Switzerland don’t do much to contribute to Switzerland being a “Privacy”-focused location.
    The last – clear – vote for more Government Surveillance – especially in the Tech-Sector makes me question how Services like Protonmail and others who have so far proclaimed their swiss location as a bastion for privacy, tend to uphold privacy aspects after that vote becomes law?

    Last but not least, the one feature that Protonmail truly lacks for me to choose it as my (paid-for) company E-Mail Services is a robust Calendar with full syncing (android/iOS) support.

  • Good article and I think most protonmail users expected this behavior from other email operators anyway.

    It’s interesting you mention the following:

    “ProtonMail’s secure email service is based in Switzerland and all our servers are located in Switzerland, so all user data is maintained under the protection of Swiss privacy laws.”

    Recently the swiss public voted to allow their government to be able to use more surveillance etc but there has been no blog about this. how does this affect protonmail ?

  • While you are on a topic of policies, can you comment Swiss referendum that confirmed the new law, which you were rallying against.
    Give us an update. Cause all we saw were glorious news about harmonization of Swiss approach with a less respecting regimes.

  • Words Cannot express my Disapproval and Disgust at what is happening with Privacy.
    It is too bad we cant just Flush a Giant toilet to remove this infection.
    Where do they find these incredibly (the words escape me ) Humans.
    So Many questions with No answers.
    This problem is beyond my comprehension because it would Never occur to me.
    I would starve to death before I would work for vermin like this.
    Long Live protonmail.ch and private Internet access.

  • Andy,

    wouldn’t it be nice if Protonmail were to open an alternate access through Tor as a so-called hidden (onion) service ?
    It is not something particularly difficult to set-up, at no or maginal costs to you, especiailly for a tehcnically briliant company like yours – hey, even Facebook managed to achieve it !

    Well, just my 2 cents … BTW, do you have versions of these blog posts and announcements in the languages of the Swiss confederation ?

    • An onion hidden service is on our todo list. We did use to do French and German blog posts, but the Germans couldn’t read the French ones and the French couldn’t read the German ones so we got complaints all around. So now they are in English that everybody can read.

      • Wow, looking forward to Prot-on-ion-mail ! It’s great news – the perspective was not mentioned in the 2016 roadmap, can you hazard an estimated date of arrival ?

      • And that’s the irony in Europe: Due to the lack of interest to establish a real lingua franca, be it esperanto, Interlingua, modernized latin, whatever non national language so no cultural nor economic colonization would be implied, we have ended speaking the language of the anglo Amercia, a language who nobody speaks natively in the European continent since it’s oboriginal from the british isles, not continental europe. Absurd (>_<)

        Off-topic reflexion, I know, but couldn't resist. xD My apologies.

  • Another interpretation of the statement “The mail scanning described in the article does not exist on our systems.” is that the system(s) which do this are owned by the NSA (or at least not by Yahoo) even if they are in the Yahoo racks.

    • Another interpretation of “does not exist on our systems” is that a very similar feature, differing in some details from how it was described in the article, does exist on Yahoo’s systems.

  • I am a moron but the thought of someone asking a mailman to deliver a blank envelope came to mind.

    I do have a couple of comments about what I read and the first one was when I signed up I was asked which proton the usa .com or the swiss . ch and stupidly I chose the .com Does that matter or affect my safety?
    Is it possible to switch?
    The second thought was also concerning the .com and was wondering if the .com part of proton is acting under a gag order.
    Could this post be your way of saying we are being snooped on and to switch to the .ch part of proton?
    Like I said I am a moron but the only way to change is through asking questions.
    thank you

  • Proton and “Others” need to include ways to ensure that USER: hardware based toolsets and APIs can be used as a means to package and address messages. This would include pre-and post message creation authentication that could be from any source the end-user wishes.. (fingerprint, thumb drive, yubi-key, VR headset with eye-tracking, pattern-draw, etc.)

    Included in this would be a purchased drop-box and a forwarding service.. BUT being that ProtonMail would only be the purveyor of content with no keys or authenticators, etc.. it would be close to a P2P system with value paid (money) for backend-store-transport to support ProtonMail servers and services!

  • Finally, Yahoo states that, “The mail scanning described in the article does not exist on our systems.” While this could be a true statement, it does NOT deny that the scanning could have been present on Yahoo’s systems in the past.
    Or, it means that there exists a different type of scanning 🙂

  • Hi Andy, Thanks for this nice informative post. Keep on sharing information like this for the better awareness. This is a BIG opportunity for non-U.S. entities to provide privacy solutions.

  • I need POP/SMTP email for Mozilla Seamonkey. My messages and files are safer on my computer than out on the internet. I do not live on the internet.
    If I want tags instead of folders I could go back to gmail. But I HATE tags instead of folders. I hate gmail after they started blocking my friends.
    Hotmail webmail will not send. Yahoo, well, we all know what yahoo is. Netzero doesn’t like some of my mail. It never arrives, just disappears. Tried another ‘secure’ email webmail. It will not send.
    Can’t find email that has basic functionality.

  • Im bahais nobody help me im afreid stayvin indonesia i needcsom one protecet. Me i dont have any safty thanks please so faster answer me

  • Something tells me this was the surprise hack that Yahoo experienced on millions of user accounts at Yahoo. Once I verify this assertion, I’ll delete and abandon Yahoo for good.

  • Hi, I want to download the Android App, but you redirect me to Play Store.. how can I download the apk directly from your site?? I want to get rid of Google anywhere on my circuit, actually I don’t trust Google anymore. Thanks.

  • I am not sure if any e-mail is secure or private for that. There is an easy way to reclaim our democracy, defund the government and its anti-democratic institutions. You can’t spy on the public if congress/senate does not authorize the budgets. So, do not vote for politicians that are anti-public and anti-freedom. We are paying for the surveillance and we are paying for privacy. The only surveillance we should worry about is non-democratic actors operating on foreign soil, but to worry about our very own people is pathetic.

    • I take it you are pretty patriotic. I use to be, until I found the truth amongst the confusion in late 2017. I’m not sure who you want to survey outside the US and for what reason but know this. It was the US initiative to spy without reason or thought, indiscriminately, I will add. Everyone else is only responding to an action they found threatening.

      Also, using George Washington’s name, the place he lived is the place I grew up. He would never say what you said. It isn’t fair, it isn’t just because it is people like you that made it possiblle for the agency to do what they do now.

  • I stopped using email in 2014 for the most part, after a long span of difficulties that started in 2009, including email from my own website server and ISP provider accounts. I started using email, computers, BBS’s in 1989. I once worked for a small ISP (when they were new) and his wife was reading clients email, to my horror (circa 1995-6) so I knew it wasn’t private. Recently, I got back online, knowing all the more that big bro sticks his nose where it doesn’t belong. I have to wonder how long our snail mail was being read before this at the government owned PO. It is not that I have anything to hide, it is just a matter of privacy. I have the same feeling about guests who use my bathroom and while they are in there, I hear the cabinets open and close and that makes me think, I’d like to rig it with a realistic toy animal inside to jump out at them. Or putting up a sign: Inventory: toothbrush, a bottle of alcohol, mouthwash and a left over bottle of medicine.
    Since getting online, I tried using my old gmail account that I used for websites knowing it would receive the spam that was thereafter, generated. This was hacked within a month as was my new phone that literally required I connect to google. After getting a message it was hacked by someone with an IPhone on the other side of the country, my new smart phone doesn’t let me sign into google and I can only get into google on my computer that google also so creepily identified down to the brand, if I have a text message sent to my phone. No matter how I have tried to change the settings, to not have to go through this, my desire to not have to confirm a text message is impossible.
    So, I went to the yahoo account I used to have before gmail that was tied into yahoo messenger and a couple membership sites. And, somehow they tied the google account to my yahoo and so yahoo too, has my cell phone number. Like that is great. Get hacked, have your phone monitored by some creep (other than the government) and be stalked and who knows? This practice is NOT for our safety. It is for the convenience of government spying on citizens. I say we all should trade phones to throw them off and further trade empty or equal bank accounts to facilitate shopping for things like toilet paper incognito.

    Not to put any doubt on the security of your product but how aside from encryption does proton mail secure emails. I am very sure that for every encryption method, the feds have a key. And, how do we know the email isn’t scanned on the way stateside? Why doesn’t someone re-invent communicating direct with email, device to device? I think this would be more secure than all the hops (and stops-on servers) that an email has to jump through. Such a program could be designed to have something like a cover sheet that states exactly who copied, where and when, as it makes it’s way to the intended recipient. No one could deny their involvement. The way it is now, we do not know for sure if it is our government spying and collecting our data, always. We could be attacked this way by a criminal or foreign malicious government, but as it stands, if you suggest your email is being hacked our government, press and media has made such people out to be delusional, paranoid or into conspiracy theories (a theory by the way, has been proven with fact, but hypotheses, is just a strongly held belief, without a complete proof.)

  • The only problem is that if you were highly successful and became the go to email company the USA would find a way to get around you or force compliance. They would likely treat you in the same way as they did the banking system. Brute force. Comply or we’ll cut you off.
    I do appreciate your efforts.

  • Love the article, but it makes me wonder even more why the protonmail application on android is dependent on the Google Services Framework…
    It is like living in a bunker to secure yourself, but at the same time invite a pair of criminals for a dinner…

    Please protonmail, if your find privacy to be so important as you claim, make the PM android apk available independant from ANY google service… PlayStore & Google Services Framework included!

  • Hi Andy:

    I already have an account and love what you are doing.

    Promise I will sign up for the paid version when you offer 2 step verification at sign in…like a text code send to my phone.

    This is the only thing stopping me from moving completely to your platform.

  • Google, Yahoo, etc . . . . if it’s a U.S. based company . . . big brother is looking at your life. They say they are secure, but . . . . NO!!! I was told about Proton mail and got it that day. I now have proton’s vpn and email paid and awesome. I’me going to put it on my wife’s phone, & home computer.

  • And after reading all that… I have to ask myself.. With this knowledge, why, at the top of this page are there buttons linking to protonmails google, Facebook and twitter social media pages….
    Its a bit harder to believe protonmail is as concerned about handing our private personal data to these corporate giants as they make out, while they themselves actively use those companies services as a platform to promote their own service that ironically claims to be against the practices of these very companies they are linking to…

    • We need to keep in touch with our community somehow. The links on our homepage are just links, they are not tracking pixels from Facebook or Google.

  • Hello Mr. Yen and ProtonMail team,

    I had abandoned my Gmail account several years before news broke about U.S agencies activity.
    My suspicions continued with Yahoo, specifically the ajgorithams used on social media. I consider it a honor to open a ProtonMail account to continue my research with like minds that have become before me. Unfortunatly the best encryption cannot help me or the thousands of people I mention, but together we maybe able to preserve your privacy rights, as it is complicated.

    Sincerely, NUMBER 5