So we have all heard about the recent DDoS attack on ProtonMail over the last week or so, but that hasn’t stopped them cracking on with things.
I have been with ProtonMail since I heard about them opening it up for a limited amount of people. I signed up straight away.
I like the idea of having an email service that actually delivers on the promise of privacy. This is something ProtonMail seem to be delivering on.
ProtonMails servers are hosted in Switzerland, which is outside US and EU jurisdiction, and has very strong privacy laws (surveillance directives must be obtained through the courts and with no gaging powers targets must be notified, technical interception of electronic communications is only permitted with regards to ISP’s and not ‘mere’ Internet application providers, etc.)
This means the NSA and GCHQ are not going to get that data so easily, like the can with other large American hosted companies that offer email accounts. (this doesn’t mean they CAN’T get it, just means they need to work for it)
For all Free Accounts at present Protonmail offers:
- 500MB storage
- Self-destructing messages
- Messages sent to other ProtonMail accounts are transparently encrypted
- Password protected encrypted messages can be sent to normal email accounts
- 1000 messages per month
- Unencrypted messages can be sent to any account
- Attachments (unencrypted) limited to 11MB.
Up until now I have had to login to the webmail client to use the service, which is fine and works pretty well. Nice looking site quick to login and easy to use.
Today I got a private invite to use the ProtonMail Android App. I can say its a nice little app. Lets dig into it further.
Once you get the invite, we get the install of the app, again remember this is a beta at the moment.
Once you have it installed we come to the login screen:-
As you can see this is a nice neat easy to use screen. Nothing you wouldn’t expect from a service like ProtonMail.
Here you need to input your first password.
Now if you have not used ProtonMail before, we have more than one password we need to login to the account.
The first of username and password are used to authenticate the user and retrieve the correct account (and which ProtonMail keeps a copy of). The second one is used to decrypt the mailbox and is only held by the user. If your sending an encrypted email to a non ProtonMail user, you can specify your own password to decrypt that email (obviously you send that password via other methods of communication). You can also send normal non encrypted email and would act as normal when received by the other normal email user.
The mail is stored encrypted on servers, ProtonMail staff has no access to them.
These servers themselves according to ProtonMail “utilize fully encrypted hard disks with multiple password layers so data security is preserved even if our hardware is seized.”So as you can see so far, ProtonMail are not messing about. No metadata is kept, and it does not log the IPs users’ connect from.
As the emails are encrypted, they are also incapable of scanning the emails to offer advertising like some other companies currently do.
At the moment, when I get an email send to my ProtonMail account, they send me an alert to my normal email account and inform me that there is a mail waiting. I love this feature and find it very useful.
Once we have logged in and Decrypted the mailbox we are greeted with an android app that feels at home with any email user.
If you click on the menu in the top left hand side of the app we get a clean menu. Nice and simple. Everything you would expect from a decent mail app.
As part of the install process of the app, you allow ProtonMail to access your contacts. This means all your current contact are all ready in your ProtonMail contacts list and ready to send email to.
You can also Sync your contacts back to ProtonMail so when you login to the webmail client you have your contact there also ready to use.
Composing emails again are nice and simple.
Emails to other proton users are encrypted by default but if we are wanting to send an email to a standard user we have the added bonus of using the encrypt function direct from inside the Android app. All you need to do is click on the Padlock and choose a password. Can’t get any easier than that. It will ask you to confirm the secret password.
You have the option to leave a hint if you so desire, could be a cryptic clue or something you have pre shared with someone, but its totally optional, doesn’t need to be added.
Another great feature of the app is the the Set Message Expiration button. To enable this you click on the little clock icon and select how long you want the message to be available before it self-destructs (reminds me of mission impossible).
From here on, click on send. And away it goes. Not hard at all to send a encrypted email, no need to import GPG Keys and explain to others how to use it.
The person who gets the email will see something like this:-
They can then click on View Secure Message, this will load up a secure webmail site and allow the user to input the secret password to decrypt the message and allow them to securely reply.
If you are looking to get a more secure email platform, I would recommend using ProtonMail.