3DSC 2.13: Migrate to Private & Secure Email Provider

ProtonMail Premium Review

Today I am asking you to to setup a private and secure email account. I realize that many of my readers are already using ProtonMail (but I also know that some are not). If you are using ProtonMail, don’t worry – I have included tasks for users at all levels of the email migration process.

Difficulty: Easy (initial setup); Hard (long-term migration)
Active Time: 5 minutes (initial setup); multiple small increments adding up to several hours over a period of several weeks (migration)
What it Protects Your From: Traffic interception, mass surveillance, content scraping

Beginner: Setting Up A ProtonMail Account

If you don’t have a ProtonMail account already, your first priority is to set one up. ProtonMail is a free, end-to-end encrypted email provider. I won’t bore you with all of the details, but I will run down the key features.

  • All of your emails to and from other ProtonMail accounts will be automatically, end-to-end encrypted using OpenPGP.
  • Your emails will also be stored securely in an encrypted, “zero-knowledge” format so that not even ProtonMail can read them. Even if you have to correspond with non-ProtonMail accounts, this alone cuts your attack surface in half.
  • Messages can be set to self-destruct after a pre-selected interval, messages to non-ProtonMail recipients can be encrypted.
  • ProtonMail was founded on privacy and doesn’t collect, store, or sell data about you.

If you want to know more about ProtonMail, my co-host and I interviewed their CEO, Andy Yen recently on the Complete Privacy & Security Podcast. Once you set one up, run it for a while and get the feel for it. If you like it it (and if you care about privacy and security, I think you will), follow the rest of the advice in this post.

Intermediate: Migrating to ProtonMail

To get the maximum benefit from ProtonMail, you should make it your primary (and eventually, ONLY) provider. Migrating to a new email account is difficult. There are a few things that can make it easier.

  • Don’t be in a rush. You’ve been on Gmail for the last ten years, so a couple more months won’t kill you.
  • Get the app for your iOS or Android phone.
  • Start with online services. Slowly start changing your contact email address for your online accounts and services. Again, don’t be in a huge hurry, just change this address during your normal logins.
  • Get friends and family on board. Send out a mass email to everyone, letting them know that you are switching to ProtonMail. And while you’re at it, maybe explain why you’re doing it.
  • Send a followup email FROM YOUR PROTONMAIL ACCOUNT. Before you burn that old Gmail account down, send a follow-up letting everyone know your old account is closing down.
  • Take Gmail off your mobile device. The inability to check Gmail from your phone, and the ability to check ProtonMail, will let convenience work in your favor for a change.
  • Forward your Gmail account. Just to be sure you don’t miss anything important, forward that Gmail account. If, after a year you haven’t gotten anything important, it’s time to close it for good.

Expert: Try ProtonMail Premium

If you have been using a free ProtonMail account for a while, spend a couple of bucks and try out ProtonMail’s premium features. Premium memberships start at $4/month. The upgraded features include the ability to bring in your own domain(s), add additional email addresses that forward to your inbox, and increased storage. ProtonMail has also recently begun testing a VPN, and the beta version is currently available to Plus and Visionary members.

As a premium member you also support a worthy cause. ProtonMail keeps journalists, dissidents, and activists safe, and paying for a membership helps demonstrate to other companies that privacy and security is important to consumers.

Extra Credit

Regardless of where you are in this process, if you really want to go the extra mile you can sign up for accounts for the three personal contacts.  These should be the people you email the most.  This could be your spouse, parents, children, friends, co-workers, or any combination thereof.  This will ensure you enjoy the maximum benefit of ProtonMail’s end-to-end encryption, and create a much broader user base and make us all a little less conspicuous.

4 thoughts on “3DSC 2.13: Migrate to Private & Secure Email Provider”

  1. Hi, great advice in this 30 day challenge.

    Would really appreciate a steer from you regarding email address names, especially as I’m going to get 10 aliases from ProtonMail once I know the answer to my question.

    In short, I’m stuck deciding how to name my new account and all the aliases.

    For the main primary account I’m thinking of using a long hash that I’ll never be able to remember (saved in password manager). This will be never use to log into anything apart from PM.

    For the aliases, I’m stuck on what to call each of them – can you help please? Should they all be completely different, or could they follow a pattern, e.g jb100@pm.com. jb200@pm.com, etc. I worry that the latter could be easily guessable. But at the same time, as they’re aliases and nobody can login to my main account, does it matter?

    Any help would be brilliant. Thanks again for doing this series 🙂

    Al.

    1. Al,

      Sorry for the delay in reply here. I would say this depends on what you plan to use them for, but I would not name them in a series. If they are aliases that I will never give out verbally, I would make them random. For example, my bank gets something that looks like: weoubvp98b4uvab2jvub0@protonmail.com. That makes it hard for a hacker to guess my username, and I’ll ONLY use that at my financial institutions (mostly online).

      If you’re going to give some of these out to friends, family, or colleagues, you might want a few that are easily pronouncable, like john.doe@protonmail.com.

      Finally – don’t be mistaken: currently all of your addresses can be used to login to your protonmail account. We hope that this is changing soon, but for now that is the way it is.

      Thanks!
      Justin

  2. Thanks for replying Justin – really appreciate it.

    Wow, am shocked PM allow you to login with any of the aliases. Is it one shared password and 2fa code across all aliases? I’m not sure why they’ve done it like that – it seems to defeat the point of compartmentalisation to me. Have they indicated whether they’ll change it, or at least give the option to log in with each alias?

    Understood about the random prefixes for banking and things that you don’t give out verbally. I had to laugh though, at the prospect of ever having to verbally confirm an email like in your example 😉

    Given I can log in under any alias, is it worth creating my main account with a random hash that I give to nobody ever? The only plus point of doing that is if PM ever did restrict logons to the main account…

    Thanks again for replying earlier. Your advice is worth so much to me 🙂

    1. Al,
      Thank you for the kind words. Logging in with all accounts is a thing that I constantly ask Andy Yen about when he comes on the podcast. He has said that at some point in the future they might change this so that each username can be configurable, i.e. you can select which ones can log in and which can’t. Because this *might* happen in the future I used a random hash as my primary login name.
      Thanks again!
      Justin

Leave a Reply

Your email address will not be published.