As I mentioned in Your Ultimate Security Guide: Windows 7 Edition, ProtonMail is one of my favorite new email providers. As time has passed I have only grown to love this service more. ProtonMail has been featured in Forbes, Huffington Post, at TED, and in many other prominent outlets. While I mentioned ProtonMail in YUSG: Win7, those pages only allowed limited space to cover this email service so I discussed only a few of the most important features. There are several more options that deserve some attention.
Privacy and anonymity: Protonmail does not require you to submit your name, date of birth, telephone number or other personal information when requesting an account. Because ProtonMail is still in beta an email address is required to request an account at this time (it will be used to notify you the account is ready), but this can be anonymous, too. I have successfully used Gmail addresses with modifiers (as discussed in Chapter 2 of YUSG: Win7), notsharingmy.info, and 33mail addresses to request Protonmail accounts.
Message expiration: Messages can be set to expire after as little as one hour (or as many as 672 hours/28 days). Message deletion works with ProtonMail and non-ProtonMail recipients alike and allows you to have some control over how long your messages are retained. Be aware that this expiry is from the time it is received in the recipient’s inbox, not from the time it is opened meaning it may be deleted before the recipient has a chance to read it. Also be aware that if the recipient replies to your message a copy of that message will be saved in the reply and stored in his or her “Sent” folder.
Secure messages to and FROM non-Protonmail users: When I was working on YUSG: Win7 ProtonMail offered the ability to send an encrypted email to a non-ProtonMail user. Since that time ProtonMail has added the ability for non-ProtonMail users to respond securely to these messages. The problem with this is still exchanging a password securely (this is perhaps best done face-to-face) but if a password can be securely established this would be a fairly elegant solution for communicating with users who can’t or won’t set up a ProtonMail account.
Encrypted Attachments: As of May 5, 2015 ProtonMail now offers encrypted attachments between ProtonMail users (it does not encrypt attachments to non-ProtonMail accounts). Currently very few options exist for encrypting attachments (Mailvelope doesn’t do it) and this ability alone is a huge benefit.
Email Notification: If you have a ProtonMail account but don’t use it daily, fear not! ProtonMail offers the option of notifying you at another email address when you have email in your ProtonMail inbox. Though I may gradually transition a large percentage of my email to ProtonMail for now I only use it occasionally and really appreciate this feature.
Things I would still like to see: Though ProtonMail is really endearing itself to me and I find myself using it more and more there are still a few things I would like to see it offer:
- Two-Factor Authentication. I have a very hard time trusting my security to a password only. I would much rather have the added security of a second authentication factor (maybe a system similar to the LastPass Grid could be a useful option?). On the upside ProtonMail places no limit on the number or type of characters that may be used in either the login or mailbox passwords. Both my login and mailbox passwords are in excess of 200 characters and changed frequently which gives me some peace of mind.
- PGP Integration. I would love the ability to import my PGP keys into ProtonMail. This would allow me the ability to communicate securely with PGP users who have not migrated to ProtonMail, and to use my own keypair(s) if so inclined.
- Encrypted for Attachments for Outside Users: Being able to encrypt an attachment to outside users would be a huge benefit. On the other hand accounts are free; if the person with whom you need to share attachments won’t set up an account you could set one up for them.
- App(s) for Android and iPhone: It would be great to access ProtonMail on mobile devices. That said, it is hard to input long, complex passwords on mobile devices making two-factor authentication even more important (as well as the need for users to utilize a password manager). According to the ProtonMail blog (scroll down to the comments) apps are forthcoming for both Android and iOS.
So how do we make this happen? Setting all of this up costs money, and interest in ProtonMail has seen an incredibly spike in account requests over the last months. The best way to make this happen is to donate to ProtonMail (via PayPayl or BitCoin). I have no financial interest in ProtonMail but I strongly believe universal, easily implemented, user-friendly, encrypted email to be a worthy cause.