Which email service do you use?
- Gmail? Every single email sent from or to a Gmail user is scanned by Google.
- Outlook? Outlook also scans every email, except (they claim) they don’t make money from it like Google (through targeted ads).
- Yahoo? Don’t make me laugh.
. If you can’t prove that something is secure, then it is not secure. The above companies (and so many others) want you to trust them. Trust that they’ll use their powers for good. And of course we all know that companies never lie, do they?
Today, “privacy” and “security” have become buzzwords, thrown around without any meaning. Constant vigilance is the price we must pay for true liberty.
Back to the problem at hand, we can’t just give up using emails so what do we do now?
What is ProtonMail?
ProtonMail is a secure email service developed in 2013 at the CERN research facility in Geneva, Switzerland (outside of NSA’s jurisdiction). The bit that we’re interested in is that ProtonMail is end-to-end encrypted. The emails that we send are encrypted right in the browser (or the app) before they even leave our device. And the encrypted emails that we receive are again only decrypted on our device. No one, not even the the database administrator of ProtonMail can read your emails. Even if they got hacked, the hacker would just have a bunch of encrypted emails each of which should take forever (give or take a few thousands years) to brute force. This is what makes ProtonMail secure.
You can even send secure (encrypted) email to non-ProtonMail users. For this to work, you and your recipient must know a shared password. You use the password to encrypt the email and the receiver can then decrypt it by entering the same password.
Not only that, but ProtonMail allows you to set an expiration time after which your emails are deleted forever from their servers. And it gets better. You can also use ProtonMail through Tor (learn more about Tor).
Now let’s get you started with an account on ProtonMail. There’s not much to it really, it’s a simple registration process like any other.
Step 1
Head over to ProtonMail.com and click Sign up
.
Step 2
Now you’ll see a standard sign-up form, fill it out and click Create Account
Step 3
And that’s it! You now have a ProtonMail account. Pat yourself on the back.
Step 4
On the next screen you can choose your display name.
Step 5
Now you’ll see a familiar email interface. Let’s click Compose
and send our first secure email.
Step 6
You can specify a password so that the emails sent to non-ProtonMail users are also encrypted.
Step 7
And you can set an expiration time after which your email cannot be accessed by anyone, you included.
And there we go. You’ll find all the normal features expected of an email client, except this one doesn’t violate your privacy. Remember, it doesn’t take much to be privacy conscious, by simply using services such as this one you are helping make the world a better place.
Using ProtonMail through Tor
Anonymity is often just as important as security. To remain completely anonymous, you can create and use ProtonMail through the Tor network. This improves your security in a few different ways:
- It prevents sniffing. If you’re on an untrusted network, say using a public Wi-Fi hotspot or someone else’s network, using Tor allows you to hide what you’re doing on the internet.
- It prevents MITM-ing. On the same note, Tor protects you from man-in-the-middle attacks. Your connection to the rest of the Tor network is encrypted, making it practically impossible to tamper with.
- Even ProtonMail won’t know who you are. Should the day ever come that ProtonMail is compromised, all their servers will see is a random Tor exit node and not your IP address.
Even if your ISP or country has banned ProtonMail (as often happens to privacy-conscious services), you can still access it through Tor.
You will need to enable JavaScript on Tor and change your NoScript setting to “Temporarily allow all on this page” for ProtonMail to work. Be careful though, you don’t want to disable NoScript on the wrong website. Allowing JavaScript is also a potential security hole. ProtonMail could technically find out your real identity. However, if they even tried to do this it would be clearly visible in the JavaScript source. Given that they have a large and active user base, such an action by ProtonMail would likely make the news and tarnish their reputation forever.
I almost never recommend companies or products, but ProtonMail has proven itself to be quite reliable. Even though it’s about 4 years old now, it’s still a relatively young company. I suggest cautious optimism. I will keep this article updated on anything you may need to know about ProtonMail.
Want to be a real hacker? Sign Up!