ProtonMail Review & Rating - PCMag.com

Posted: 19 Sep 2019 12:00 AM PDT

You probably don't pay money for your webmail account, but that doesn't mean it's free. You pay with your privacy, allowing the provider to mine your messaging for data that helps target advertisements. Had enough of that? Consider switching to a security-first encrypted email provider like ProtonMail. You can use it for free, with some limits, or pay a small monthly fee to raise those limits and add features. ProtonMail stores your data using zero-access encryption, which means that nobody but you can access it—neither a disgruntled employee nor a lawyer waving a subpoena. And when you communicate with other users of the service, your messages are encrypted end-to-end. You can also apply password protection for messages to non-users.

Similar Products

Setting up a free account is a total snap. You start by picking a username. As with any webmail service, this name must be unique, but given the smaller pool of users you may be able to snag a name like billgates rather than billgates_123456. Most users will stick with protonmail.com as the domain, though a Swiss version, protonmail.ch, is also available. Add a strong password to protect your account, and an optional recovery email. As a final step, verify that you're human using a code sent by email or SMS. You can also prove your humanity by making a small donation. That's it.

Clearly you should start out with the free edition, to see how it suits you. If you like it fine, but run up against its limitations, or wish for premium-only features, it's not expensive. You can pay $5 per month or $48 per year.

If the ProtonMail name sounds familiar, you're probably thinking of ProtonVPN, a VPN service that's strongly focused on physical security. Both products come from the same company, Proton Technologies.

Wait, Isn't Gmail Encrypted?

You may remember a while ago when Google tweaked Gmail so it always uses a secure HTTPS connection. When it sends your messages, it uses the standard encrypted Secure Sockets Layer (SSL). As of a couple years ago, Google says it no longer reads your mail. However, it's easy to accidentally give mail-reading permission to third-party apps. And Google does read your messages sufficiently to do things like automatically put airline flight notifications in your calendar. Google has a policy for when it releases your email to government entities, clearly indicating that it can do so if compelled.

ProtonMail naturally uses HTTPS and SSL, but it doesn't stop there. Before it securely sends your messages, it actively encrypts them using public key cryptography. It stores your messages in zero-access encrypted form, meaning that the company can't give your messages to a government entity even if subpoenaed, and a sneaky employee can't weasel into your private message stash. When you communicate with another ProtonMail user, the connection is encrypted from end to end.

Note, too, that ProtonMail is based in Switzerland, which has stricter privacy policies than the US. And it's an open-source project, meaning that experts have an opportunity to look over and vet its security algorithms. So yeah, Gmail and its ilk have some security features, but ProtonMail goes way beyond.

Hands On With ProtonMail

When you open your new account, you'll find that you already have a few messages of welcome and explanation from ProtonMail. Feel free to explore these, or just start using the service. If you've used Gmail, Yahoo, or any other webmail system, you already know how to use ProtonMail.

Emailing with this product is dead simple, because it works like every other webmail service you've experienced. Compose messages, view replies, forward mail, everything works just as you'd expect. Just poking around, I discovered the handy option to enable a shorter version of your secure email, replacing @protonmail.com with @pm.me.

There are some minor differences, mostly aimed at security. For example, ProtonMail doesn't render pictures in messages by default. If you click a link, it displays a warning and requires confirmation before actually opening that link.

The little lock icon next to each From address indicates the security level. If the sender is also a ProtonMail user, pointing to the lock displays a floating tip saying, "End-to-end encrypted message." For other senders the tip says, "Stored with zero access encryption."

If you're sick of all the email you get, you could just start fresh with an empty contacts list, but most people probably don't want to lose connection with their existing contacts. ProtonMail can import from CSV files exported by Outlook, Hotmail, Yahoo, and others. Google isn't on the list, but it can export to Outlook's CSV format. Getting my Gmail contacts into ProtonMail was a snap.

You can use define a signature, with formatting, that ProtonMail will apply to all your messages. It also adds a note, "Sent with ProtonMail Secure Email." Only paid users can modify that note.

Message Expiration and Encryption

On a Windows or macOS desktop, ProtonMail's web interface is nice and simple. If you're using a mobile device, you just download the equally simple app for Android or iOS. When I loaded ProtonMail on an iPad and a Moto G, I discovered a couple of features that had flown beneath my radar in the webmail edition. On mobile, these features show up right below the subject line; in the web-based edition, they're down at bottom left, below the body text.

Clicking the hourglass icon lets you set an expiration time for the message, measured in days, and hours. Clicking the lock icon lets you define a password to encrypt the message for a non-user of ProtonMail. By default, encrypted messages expire after 28 days, though you can set a different expiration time.

When your correspondent receives the message, it comes with an explanation, and a link to view message content online. The recipient simply enters the password (which you've transmitted securely, perhaps by text) to see your important missive. A banner above the message body counts down to the message's expiration. StartMail, another encrypted email service, offers a similar method for secure communication with those who don't use the service, but it doesn't support automated message expiry.

The mobile apps do have a few features just not found in the web-based app. You can enable authentication by fingerprint, and define actions for left and right swipe; by default swiping to the right trashes a message, while swiping left marks it as spam. You can also set a mobile signature, distinct from the regular signature.

Security Features

One useful security feature offered with Gmail is two-factor authentication. Naturally, ProtonMail also includes this feature. You need to equip your smartphone with Google Authenticator, or with a work-alike that creates Time-based One Time Passwords (TOTPs) in the same way. Then open Settings, click Security, and click to enable two-factor authentication. As usual, you snap the QR code to add ProtonMail to your authenticator. Now even if a sneak thief gets hold of your password, your encrypted messages are safe.

[embedded content]

While you're looking at the security settings, check out the list of all current ProtonMail sessions. If you suspect someone might misusing your account, or just want to secure a session you left open back at home, you can shut down all other sessions with the click of a button.

You only get automatic end-to-end encryption when corresponding with other ProtonMail users. However, if you have tech-savvy friends who've implemented PGP (Pretty Good Privacy) email encryption, you can set up fully encrypted communication with them. When you compose a message, there's a simple menu option to attach your public key. After that it's up to the recipient to enter that key into their PGP-aware email system. This definitely isn't for everyone, but it's available. As noted earlier, you can also use a password to encrypt messages sent outside the ProtonMail network.

Another simple menu choice lets you digitally sign an outgoing message. I'm accustomed to seeing a red badge in Outlook for digitally signed messages. When I sent a signed message from ProtonMail, it came with an attachment named signature.asc, and no badge. My contact at Proton explained that ProtonMail uses the OpenPGP signature, and that Outlook requires a plugin to provide the badge icon for such messages.

Premium Features

Possibly the biggest limitations on users of the free edition are the caps on storage space and messages per day. Without spending anything, you get 500MB of storage and 150 messages per day. For some, that may be plenty, especially if you're the type to deal with email right away and then delete it. Ponying up for a premium account gives you 5GB of storage and 1,000 messages per day. For comparison, a free Google account gets you 15GB of storage, shared between Gmail, Google Drive, and Google Photos; you can raise that to 100GB for $19.99 per year. With StartMail, you get 10GB of storage and no limit on number of messages.

ProtonMail lets you put messages in folders, tag them with labels, or both. The difference is clear; a message can only reside in one folder, but it can have multiple labels. However, those using the free edition can only define three folders and three labels, while paid users get 200 of each. I can't imagine needing more than 200.

What Outlook calls Rules, ProtonMail calls Filters. You can add one or more conditions based on the subject, sender, recipient, or attachments, combining them using And or Or. And you can apply actions such as moving messages that match the filter to a certain folder, tagging them with labels, or marking them as starred. I defined a rule stating that any message with "webinar" in the subject goes straight to the trash. Very freeing! But only premium users can have more than one filter.

You'll encounter warnings when you try to use other premium features. Only paying customers can define an Auto-Reply message for when you're out of town. Like StartMail, ProtonMail can be configured to support IMAP/SMTP, so you can use your preferred email client. That's another premium feature. Premium users can also have up to five ProtonMail addresses, where free users just get one. A StartMail subscription gets you one primary account and two feature-limited companion accounts.

If you own your own domain, you can configure ProtonMail to use your personal email address, but only if you upgrade to premium. As with the custom domain feature in Burner Mail, I don't think many consumers will use this feature.

Even if your webmail provider refrains from peeking at the contents of your messages, your contacts are fair game. Knowing who you exchange email with can reveal a lot about you. Access to the email address itself is a necessity, but premium users of ProtonMail can encrypt ancillary information such as phone number and home address using zero-access encryption.

Other Avenues

StartMail works in much the same way as ProtonMail. You can send encrypted messages to anyone, but you must define a secret question and answer for each message. The recipient clicks a link to answer the question and read the message. To get seamless encrypted communication, you must initialize PGP within the program. Once you've done that, your correspondence with other StartMail users is encrypted. As with ProtonMail, you can send your public key to tech-savvy friends who know how to use PGP.

StartMail also includes the option to create unlimited random disposable email addresses (DEAs), or up to 10 custom email aliases. You use these to interact with online merchants and such while protecting your real email address. With Burner Mail, disposable email addresses are the star of the show. You can let it gin up random disposable addresses or create custom ones, with no limits. In addition, it lets you forward mail from one burner address to multiple recipients. With either product, if you start getting spam on one of your disposable addresses, you simply…dispose of it!

ManyMe also protects your actual email address behind disposable addresses, which it calls FlyBy addresses. The big difference here is that you don't need to register the disposable address in advance. You can meet an ad rep at a conference and make up a FlyBy address for correspondence on the spot. ManyMe is free, with plans for a feature-enhanced premium version to pay the bills.

Keeping your true email account private is a great way to avoid drowning in spam, but there's more work to be done. In addition to masked email addresses, Abine Blur Premium lets you shop online using masked credit cards that can't be tapped for money beyond the individual purchase, and even mask your phone number. It's also a complete (if basic) password manager, and it actively prevents advertisers and others from tracking you online.

When you adopt ProtonMail, StartMail, or a similar encrypting email service, you're starting over with a brand-new address. Adding a disposable email address service lets you keep that shiny address from ever hitting the spam lists. If your email address has already been smeared promiscuously all over the internet, you can still get some benefit from using DEAs, but not as much. That's where Abine DeleteMe comes in. This service looks for your email and other private information on many dozens of legitimate data-aggregating sites and sends opt-out requests for you, following up as needed. Because the service requires human monitoring, it's relatively expensive.

Easy Encrypted Email

ProtonMail stores your message stash using zero access encryption, and messages with other users of the service receive end-to-end encryption automatically. You communicate securely outside the ProtonMail network by password-protecting messages, or by giving PGP-using correspondents your public key. You can set messages to expire after a time, and configure your account for two-factor authentication. It's free if you can live within certain limits, and still inexpensive if you need premium features. This is a secure, solid encrypted email solution.

Even so, ProtonMail doesn't provide the comprehensive privacy protection that you get from Abine Blur Premium. Blur handles password management and actively blocks web trackers. In addition to disposable email addresses, it gives you disposable credit card and phone number. In the varied field of privacy products, Blur remains our Editors' Choice.

What you need to know about encryption on your phone - CNET

Posted: 10 Mar 2016 12:00 AM PST

The heated and very public confrontation between the FBI and Apple has spurred a lot of talk about encryption, the technology that shields data on phones and other gadgets.

The feds are pushing Apple to find a way to prevent an iPhone 5C from erasing itself after 10 successive incorrect guesses at the passcode. The user of that phone, San Bernardino shooter Syed Farook, used a PIN code to secure his device, and without bypassing that code, the data stored on it is unreadable, thanks to encryption.

If Apple were to disable the auto-erase feature, the FBI could then connect the iPhone to a computer and quickly and repeatedly attempt to guess the passcode -- a technique commonly referred to as a brute force attack -- until the device is unlocked.

Should the FBI prevail and the courts force Apple to comply, the decision could have widespread implications for our daily lives. Apple and fellow technology companies would be forced to create permanent solutions for law enforcement to get around encryption, using what's commonly referred to as a back door.

Alternatively, companies could very well decide the financial burden of maintaining encryption and abiding by law enforcement requests is too much, and give up on adding security features to the devices we've come to rely upon.

With our personal devices carrying more and more of our lives than ever before, it's a good time to look at what is and isn't encrypted and what you can do to ensure your information is safe.

What is encryption?

A fancy word for a basic concept, encryption is the science behind protecting any information stored on an electronic device, be it a phone, a laptop or a server. On a phone that means your photos, text conversations, emails and documents.

Encryption stores information in a scrambled format, typically unreadable by computers or people without a key (which only the device's owner should know) to unlock the data. PIN codes (of numbers, letters or a combination of both) and fingerprints are just two of many examples of keys used to unlock an encrypted device.

Indeed, the practice of encryption is far more technical than requiring a PIN code or fingerprint to unlock a device. Some phone manufacturers, such as Apple, require multiple pieces of information -- one known to the device owner, another embedded in the processor inside the device unknown to anyone -- to unlock data stored within the device.

It's important to note, regardless of the device you're using, data created by third-party applications store information on their own servers, which may or may not be encrypted. Even then, the rules for decrypting data stored on a server are often different than data stored on a phone (see iCloud section below for more information).

In other words, most of what we do on a phone is backed up to a server at some point. That means a copy of your Facebook posts or photo albums, Snapchat conversations, or Twitter direct messages are stored on your device but also on the respective servers for each service.

Essentially, any information stored within an app on your phone that forgoes any sort of connection to a server is encrypted and inaccessible by law enforcement on a locked phone. For example, if an iOS user wanted to keep Notes or Contacts off of Apple severs, he or she would need to disable iCloud sync for the respective app in Settings.

If you've opted not to sync your contacts or calendars through Google or a similar service, relying instead on a local copy of information on your device, that data is encrypted and presumably inaccessible by law enforcement.

How does iOS handle encryption?

Apple began encrypting iOS devices in 2014 with the release of iOS 8. Prior to iOS 8, iOS users were able to set a PIN or passcode to prevent unauthorized access, but some of the data stored on the device was still accessible by Apple when law enforcement presented the company with a valid warrant. A total of 84 percent of iOS devices are running iOS 8 or later.

With iOS 8 and beyond, Apple no longer has the tools required to bypass a device's lock screen and gain access to any data stored on your iOS device. That means items such as call logs, photos, documents, messages, apps and notes are inaccessible to anyone without a device's PIN.

This is an important detail, as it has led to the current situation playing out in public view between the FBI and Apple.

How does iCloud factor in?

Another topic that's come up in the battle between the FBI and Apple is what data stored in an iCloud backup of an iOS can and cannot be accessed by Apple.

Apple's Legal Process Guidelines state iCloud backups are encrypted and stored on the company's servers. However, unlike an encrypted device, Apple can access information stored within a backup. Specifically, it's possible for Apple to provide authorities with "photos and videos in the users' camera roll, device settings, app data, iMessage, SMS, and MMS messages and voicemail," as detailed in Section J.

What about encryption on Android?

As with all things Android, there's a long list of caveats regarding encryption on an Android device.

Android manufacturers use different processors and components, each requiring custom software and backup services outside of what Google originally designed Android for. It's the key selling point of Android over iOS, as Android fans are quick to espouse. And they're not wrong. However, each change can introduce unintended security issues outside of Google's control.

Google first provided the option for users to opt into encrypting their devices in 2011. At the time, the option was strictly up to the user, leaving the manufacturer out of the equation.

Toward the end of 2014, though, the company released Android 5.0 Lollipop with the default setting of encryption turned on. But phone makers didn't have to enable encryption to be default when they made phones; it wasn't a requirement of Google, and in the end, most OEMs left the setting turned off, citing performance issues as the reason.

Then, with the release of Android 6.0 Marshmallow in 2015, Google started requiring manufacturers to enable encryption on all devices out of the box. There is, of course, an exception to the rule: Google allows phone makers to disable the feature on what amounts to entry level, and thus often slower devices. For those who want a more technical explanation, read section "9.9 Full-Disk Encryption" of this document.

Once an Android device is encrypted, all data stored on the device is locked behind the PIN code, fingerprint, pattern, or password known only to its owner.

Without that key, neither Google nor law enforcement can unlock a device. Android security chief Adrian Ludwig recently took to Google+ to refute a claim of a back door into Android: "Google has no ability to facilitate unlocking any device that has been protected with a PIN, password, or fingerprint. This is the case whether or not the device is encrypted, and for all versions of Android."

Nevertheless, each phone manufacturer is able to alter Android, customizing its look, adding or removing features, and in the process potentially introducing bugs or vulnerabilities authorities can use to bypass Android's security features.

So how do you know if you've got encryption working?

Android users can check the encryption status of a device by opening the Settings app and selecting Security from options. There should be a section titled Encryption that will contain the encryption status of your device. If it's encrypted, it will read as such. If not, it should read similar to "encrypt device." Tap on the option if you want to encrypt your device, but make sure to set aside some time -- encrypting a device can take upwards of an hour.

Google's backup service for Android devices is optional for device manufacturers and application developers. As with Apple's iCloud Backup practices, data within a backup stored on Google's servers is accessible by the company when presented with a warrant by law enforcement. However, because the backup service is opt-in by developers, it may not contain data from every app installed on your device.

What can you do to better protect your data?

Android users should enable encryption and set a PIN code or alphanumeric passcode. iOS users, setup Touch ID and use an alphanumeric passcode containing at least six digits. The longer password is a hassle, yes, but with Touch ID enabled, you shouldn't have to enter it too often.

If the FBI succeeds in forcing Apple to bypass a device's lock screen timeout, it would take five and a half years for a computer to crack a six-digit alphanumeric passcode, according to Apple's iOS Security Guide (see page 12).

As for protecting data stored in backups on Apple's or Google's servers, you can start by disabling iCloud backups by opening the settings app, selecting iCloud, followed by Backup and sliding the switch to the Off position. Apple also allows you to delete iCloud backups from your account through the iCloud settings on your iOS device by opening Settings > iCloud > Storage > Manage Storage.

On Android, the process for disabling backups will depend on the device you're using, but generally the setting is found in Settings app under Backup & Reset. You can remove backed-up data from Google's servers under the Android section in your Google Dashboard.

Search This Blog

Android Full Encryption