Update (2018-07-25)
Shortly after publishing this original post, many of my concerns were addressed. ProtonMail now supports sending mail that is signed and/or encrypted using OpenPGP. This is a huge benefit to the secure-email community. It is also possible to use your own key which allows me to use a trusted key that is already known to the community. There were other features added which are important to securing the overall infrastructure. ProtonMail seems to continue to make strides to make a more secure world for those of us that care about our privacy.
Original Post
There are several "private" email providers that advertise encrypted email storage as well as other security services to help protect your privacy and data online. ProtonMail may be one of the unique providers that actually hides their servers inside a mountain in Switzerland affording them both physical and political (legal) protections beyond what other providers can offer. While some of the features offered by ProtonMail are truly unique in the arena of even private-email providers and should be lauded by the information security community, several implementations of these features, and some policies, are down right confusing and break traditional functionality that many are used to.
As a user of the service over the past few months, there have been times when I’ve both wanted to shake the hands of the developers as well as shout in frustration at how a feature was implemented. Today, I’ll try to document some of the pros and cons that I would have wanted to know before moving my email over to the service.
OpenPGP integration
The ProtonMail website and blog both discuss the storage of email on their servers as being encrypted with OpenPGP. This prevents ProtonMail admins, attackers, and anyone else trying to gain access to the email stored on the server, from gaining access to the contents of your messages. It should be stressed that like using OpenPGP elsewhere, only the contents of your message is encrypted and the metadata is stored as clear text.
Message headers Return-Path: <b064692dc3aeric=xxxxx.xxx@bounce.twitter.com> X-Original-To: eric@xxxxx.xxx Delivered-To: eric@xxxxx.xxx Received: from spring-chicken-ay.twitter.com (spring-chicken-ay.twitter.com [199.16.156.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail7i.protonmail.ch (Postfix) with ESMTPS id EF8879A for <eric@aehe.us>; Wed, 25 Apr 2018 13:25:48 -0400 (EDT) Authentication-Results: mail7i.protonmail.ch; dmarc=pass (p=reject dis=none) header.from=twitter.com Authentication-Results: mail7i.protonmail.ch; spf=pass smtp.mailfrom=b064692dc3aeric=aehe.us@bounce.twitter.com Authentication-Results: mail7i.protonmail.ch; dkim=pass (2048-bit key) header.d=twitter.com header.i=@twitter.com header.b="H/vMx/GD" Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=twitter.com; s=dkim-201406; t=1524677147; bh=4NeEOW9arAfrKKWvbk9bnhcwwDTKYhfDutmOK5OPhYw=; h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe: Message-ID; b=H/vMx/GDy8+VZZ0eKryrypRl3XrBEy6lTe/cigpg2ZU2snGvDAhaMgoyTCsOObtEv m4DEt+65Ppveo2Vg89KHP2n0MofYrNcaYYcsHZ8xo+Su493KXN5ISQ+0bkxYo/YVW1 4v3wypNoidcH6ZDv7/omk1izHF3uVGPyAyv13MZVihEoi94op5PYJhhAy2gz1pAP+8 dmifS879PRvONdLMm0dVeXNHs5ipv2wuTDcuV2Oyx5gWuz/OHPO0oVedbLA11YmlZM nl+yd1TkifymWmIXgk48UyFidWi199HchGGVp6gRoVBnkHL95T3o7RReB9bzXPZUs/ jBi0M7NK/uzAQ== X-Msfbl: prnBZH2LJPOZNGLnvH+vormIocunIZh2f4jqKVkU6iU=|eyJnIjoiQnVsayIsImI iOiJhdGxhLWFwcC0zMS1zcjEtQnVsay4xODQiLCJ1IjoiZXJpY0BhZWhlLnVzQGl pZCMjNGUzYzBmNzc4ZjQ0NGIyMmI0ZjEwOGI1ZjkxMmJhYTVAdXNiIyMyNEAyNDR AMTQ1NzI4OTQyQDBAOGVjMDc5ZGRkNjJhNzlhYzE2NDhlOWFiNzFlMDhkYjY0Mzk 4NDdjZiIsInIiOiJlcmljQGFlaGUudXMifQ== Date: Wed, 25 Apr 2018 17:25:47 +0000 From: Twitter <info@twitter.com> To: Eric Christensen <eric@xxxxx.xxx> Subject: Updates to our Terms of Service and Privacy Policy Mime-Version: 1.0 Content-Type: text/html Precedence: Bulk Message-Id: <34.41.29484.B1AB0EA5@twitter.com> X-Spam-Status: No, score=-0.1 required=4.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HTML_MESSAGE,SPF_PASS,T_DKIMWL_WL_HIGH,T_KAM_HTML_FONT_INVALID autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on maili.protonmail.ch X-Pm-Origin: external X-Pm-Content-Encryption: on-delivery X-Pm-Transfer-Encryption: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) -----BEGIN PGP MESSAGE----- Version: ProtonMail Comment: https://protonmail.com wcFMA+sbho89QNYoAQ//erXt5x50TA3FpejptOumiUEukB8HcGvpqJd23ykH nJ9HR1edbfOfB7GY1OsMWkfnRZWxJc22x5VQ0wT5UVkpSABy6FegQuLEJCIO x123n0VqxUuSENaLM6ZPO++Pb+NNpbzEm3MSAqcyQ54LZorrYg8YPAe7m3m0 czVHdxFTMn5F8GH05vCDn8dKTla2IMC7lmUJqNmHoggT7IE7VV1RSH+ewmlw XVmpZCkA0l7gPas5KBNp/HhrME6BsWDB1S8frlmqMOPmcHT5EuQKDd2RVCfW rNLPQg427/XjJKTWDB2MPYFmx+nm2u4rPfiOSIqefGVkDwvg/rRudYylbCK6 stoxhnefiCghZiaRXd27wCBaeWJiO5iGIBAkvCPlou26tVyXsByvryPXYidM EJWmB3kDev+V1Y8L7C89FNnD3daG/awDBzauw5bK6JX3UJZUCbYaPbJGnUQV qDxVq5Zj+w7c+t///GDI100v1yq2dBH2Xh96Yw0qp2eQX/cqxf87sy3lhZAo UwVGLhfDZOPweYHUTtcTru7JmeP4cFBR0M7wuNVA8PUmK1xTxBglX0degPQe vvmCbyvKJQ2O+olk8Zm2B01StAG+zUUo0swsmVkQ/VH1GPT/F7tk2CFhIU03 se94pR0wzcY9OMWTj15/L+vPnALnoTlcP6pXrQRez9TSzDEB64MSH7dvrY7P n9J4jEU6DYClMxRC9Wtwkjuo9ZBJs9mRPlZMG2M31agkH2916CvsIAkHFYYh HEkuQ72/hQaabLTho6PekJRVbJmHwUthhaTo3C6z1/CHOzftx8g3gqRixY65 MDOb4D0MiJIYLO4bbq+hJVCPdqKX9GNHx+yfgUhjPdkCjteTEaRBhYUczaEC BEvjjp/NCoM/PEBZI3DbtJrpr3n3sLqOMiH4auOAEkw2Sn/i0Yyi/ZV8aVuN pCo4wWfJraMxGLmjmML3IXgmMdEF2ZifhxeQBqv15XH9zDOatpa5hQjWtO+F RQ/EW9fThlRPAxJ+TrQSZVOoOXhoAmkbQVy9MRg1rSuvTw+J5f1ZjrQAD1Fy g85Fq9CBr7GqQx16JEfshrZSlr6jgSldo4L/YGp5odXb+H4u5UHBAGSEWbZP WiH5pEV1De7axaPmV5VlEt9JoiX35h7thrwYl+Bkzq+l8bTuRKMCm+u89Q/G e9grt9H3pUs4rCCLpFC97ahhLQ0Sn4HgPhifS4Wc9YU+3RW3P+1TEDPXH1dT 4F2GWPu/M40RiXV2stHIh7pvLI/ngSDDXPu3Z9ptolc4kAB9SH5lf+X7gb7p Xn11fObxUKgS0kv5HR5tQ1LrdVOvfZq80D2P2+eZnc02ba0Somzzc3DnKLEK melC9Fi+bRE2t0FhHVphKBBbIfFtXIfYFwiPr+yYD/mEY2jTSjw7aJYgHixd iSWCgk5z7GJg/uw+0ZmuDXPLZD//hOA1V++mo/9Jruk6saek3z7XT80pEorM 1Kx8+wysTJhinHnPUPngKaLlr82C8nrxY7kNViKfz7igq39HiaeaYyu8oWLU 4SrsuMifk9G0qtrLcbMSsf/Em/GQUpPobvUudzGi3CmVigBVkcJT+U+lfVGl dM88ue/kmXmE87zOqVY3ZaZc8QZK2GQ1DlrS7cUR+vh5rJkyqG9oBJaVqoeE 0gliaUeprBaD8tzOuGcgE2wNWN4ilC3tyC97TtYsVFCExis2iq/hL6L0hNcC U6Lw53DsHczZpDxvNFKUAmG1ehJMsfwS2BycEmTc30MMK1UuJFFZrc6dj2ps M+g66m5amTfub6Hwli3/lrr83cLB6MR09Hh5NQpKFeFjPX/IWY19OHD2FwwT TLKx3mQdrFdbYPJc7iCp85xmZgHA8856EN3E/xc0u+HI4Ol+Yw0GXygib+bY j0ast/dt7qHMk6gKf/uroW7gxsJ0g5gPx09c2Yg1R5pH7mk8b4j/Zpvv2/Nc vygf1LxjPbKEEt5wUH96xoVQPOblGesuut9AzCxxxc+otufTmKzXq4x6Q79a 2LNAYLZZeXPhVzx1xJ89zTXvKo0vJQhxrqDT53IT3YJmZlVKqYyw9CWSa+rD rhibwwI8w5cRtCWDXSSKxbH1jsFtsWHezssu1l4mrielDquTOHfPWNGANnJC uzwuvQXBIwfmsIePMJObqlw4oUIrST5tk2KzEV1h7sxTW8tDdtQ2vlTwZKv8 l+PlPMDk8eur0qNm9XawePdXbIzOZ2XI/LePtl40oESa3tZbux3s+/BuJfuY fWEUG1exXTAPBPOOO67lrBNjuD/VOhr+frG3M4isSeUuaBdgTKzcubdy8LkC ckTuiMoPV+UO7b80fDZP5yUFyurTE+O2BHU65mWOMes1+WjpcFgAlIGLZH37 Rc5WwW0X7HHrCiHcJQgnpCkafdnNe+ChcoSNXuH+MDzULljSX046kTK/t3Xf LcTO0xAE8jrJj1oWdKn1zdNnPvtK/HaKmS/HEvKcFMqa8/WobB3HlqkO2FVS ATiDW4vgGS2jlBkDgWcmigh+Sv5SGyQAG6zj8xl8/NRxJ3e+cXMSdkdXcpq4 HGc8wQxpJA4o7mHgVdj1QB2KA1CfIjDKnovKnZdzuVG9M/DuBtZ8BIfxiFCV F8D9pClVBq1N/gv2xpS32wRWqkCalYAjQXCHFlYWbbhAQnXBLeruTELvNv1A 3sz/xvRQrmrm8+d72yXQB2QsW4mAZpqBF82YqyVkyKyGK5jUMrZdi4T9PwTL bNfleyYc40IEP63EjC9CUsrJCuQuNxc/zkNz11UyFiDedf0mIMF/YReIm2/P FikAMlET3z7sqpuqRXYPc2LqmbWKm0yL6gwSmX7nodVQuPg6BQEijC7CwXPw GjqDoqepchb3t0/txIwXW6T313Rm7wqAFuNUCYX/j1Sl+UZLahPgoBhENd/E Cal9O5udE+m/HCf1gh18MiDsTZE8uqsHjsXioAJfF256RXaiOanoD4AHty5J rmbiT6rX85AZ2qoxb7acLWLGljpJ7TFx+ZGdfEDpXtCU/37Ye7gNOyfsmbTb lZH9a+sFdpIbSE06MVxyQ10BJ6WzbwX+FY7MWLA4eZ/TVo2WA/JuOCcOHwgR Cf+OpLQxXqoc19wV4WC+BRYNo5/VwrHH+9kFzUPU0i1YldrJ3Nz0EaD31OxY W9DJSdnWuZOs0tdwDXp1T27o/2i9I5JNqmJYHeJ8LtdRBCzv0my3pSOZrHOv sBe6w+yTEgyIXRmF0Acp9R9CoLjKdFsC11kgbZsQmY6JU9p+OKrQpMzZ1/9g /XeUrndjpO1G3LWENLCyA/W31GFravGFCJiDGGv2Eedi0hKOY3hS222T9uWB a2PcG5olLb1kXgUSXpcHOlsRR4CKXoLIMYMMvhvjihx3gsK54WSzqwolfN9Z TwOrMFkun56qFTQY1sYSSvMh9iwtt7kOIu5bziJ6F/2/mybV1BTj444v0OVY J5TNNjIJcVtTj/qYMU0832i6Lye4DrwmUyKDKoPlH/9gD1qO95gezXDh7Sa3 qItnNj5iCapfU3BPv6hbw39x/gpXx2Qj2+dBh2x4F1SjLcou5ZpxckaxPLWj eGa4fW0J1HjAAo7KUFJuVoWgpHLbSTcEbJxqCEELLWjtykVL8fFsoGn+fk+D ie7WdqZKVyEUb4g8c6JRDTexQGxAOnATp+BsGTVcGoW1mgPEVjQkeusfWBaE n7yaGnoqkycEPxqpHMbpq/aITYqWTU09I5EDZyG3gCxlMk4S4oDJgbSYYn1A x7OMfq/Zu+vrOUp9yobk84FFX+Qr7+Khbx88814K50BdH2HgXIen7XZ7sW5i aytN//5McfWY+Y+UrhJ+eRK2XoUqERw4JIP28qbkMYLAGR20dyCAJXUy1Avx vn6KudjRowMdob+0Lrc/scisUUxBTHHcSfbuaOWjFwn6V09VWUtQLv169nzQ uKzhPVpgeU7h4ZlaOCA6Ns92v3dn6bQv4G6V1IWwYUuG28mscoVqRFbVviq/ wvkY9FQBhgbGottqyuNQD/FIlvMz7yRD58BVZokvHMx8ZqTYIdj+nc5RVBAa nE90IBCt0Iqy6zDdWCpUpLI+ZALzzzZE/govoB/GLUSF3G1xCOPcFGNpxPB8 pNHr5qqKD3kWoTVbLDIQYpxzwzHYq6OViwZ+y6d+9dpaaCML8Y5aAircBi8J n72AodmXfEfCajupgjvh29Ft1r/RWh18JfxuM6pBvdMGekchSKkHpHu1RCNn KplMIjurt1IVMuM5QlqgcugjckElXNuUATLxfiqMI1swDX6ARq5m30q5SFB6 V6vxBBKBavO4kNP/s3qJpMpodWyDaU0lso+Y36ALr3Ll+Yxke0Wl3trRPxGB R3OsxDwrNBDakLntL+zntu99A4lAdd1FgouQ+112U7p53pkdpf4ELFCgU7nh qCMg1spqpA0Kmm72QzOrVZVdaGdpkKZkduOjnG+CRLgpPbfxnE6QOlsSewj/ Mu/PNxfrMZbJwZ36locA+iVsMaqL9i1jSEtR9eTogqZNH6gd4Nbq6VydWNVd axetcgw81CSOfC1im32yeVL/felFUeeUQhVCtc5EF7ESwENKbe7JOyqYcEAb 5dSwdzPbaITsKQG4hbkNZhtuKw/TTezD4soKQzdZACDQjSrsTKhh5eXZZRzI nyKxrQx+ecNBNRDVyNJk1dhiKj2vELJFCple/8Rd+AqRZi0YfsXE8cHVBM1U qNH6lLxlAku+/5YgmLu/ZF3dUDNa/WP7Tp7LYzhVoXJUQP7I1KpSebseEq3V pPKpnOEucYYQjZBCkq7KQdaufF0rvCCCdoT7kzqsux7LXB5p6qxhgFN17FP2 /u9NxZYHVbT6Xw/wu/DkKyPlzxH3JN3ZnoRgGYzoDX4PzGQaMJvEG4kf/Y/1 xoQQqk8duBKKpVVTyWcf2cPSjynDyOqCKdXUwWBrsY5TE3mfQVuDZvKFQGNP p1FaNtZJ04VcCIvl1/A7FUafQurAq+kyQWDzVJUXkCznOFtBaTWdGD0ozVUM JeUA7uRuTzS2i/cPKgGsdOLNSjcUxviN5wdRELPWth21wSFJEOOeJxM3BtQd TXeqy/MVDIRfZCw7odrqsRpX =RxF7 -----END PGP MESSAGE-----
One feature that may not be immediately apparent is that because an OpenPGP key pair has to be created for each account in order to store messages encrypted, this key pair can also be used by external users to send encrypted messages to you. This provides a real end-to-end encryption (E2EE) solution for users. The private key, necessary for decrypting the messages, is stored encrypted on the server and is decrypted with your ProtonMail password. Also, any message sent to or received from a ProtonMail user is automatically encrypted.
One problem that has been found in this process is if you try to use your own OpenPGP keys on top of, or in lieu of, the ProtonMail encryption, bad things happen. One might take a standard PGP-encrypted message, and try to insert it as plain-text in the email content field. ProtonMail will take this message and munge it to the point that what actually gets sent may or may not be decipherable. Similar things happen when someone sends a message to a ProtonMail user using a different key than what ProtonMail is expecting. This is unfortunate as someone wanting to provide an additional layer of security, by using a key pair that they physically control, is unable to do so.
Another problem in this system is the lack of sending messages encrypted with OpenPGP. If a ProtonMail user is sending a message to an external-to-ProtonMail user, they cannot encrypt the message with OpenPGP. This can be a confusing bug as the opposite is possible.
The solution, by the way, provided by ProtonMail is to provide a password (OpenPGP being used to do symmetric encryption?) that can then be passed to the external user by a separate means, for them to be able to open the message using a special URL. The problem, of course, is getting the password to the external-user in a secure method.
Lastly, at this time it is impossible to rekey your account so if, some how, the OpenPGP keys needed to be superseded it could not be done.
Webmail and IMAP/SMTP
ProtonMail’s webmail is nice and feature-rich but not overly confusing to use. There is also a security benefit to having one’s messages physically stored on the server with no real way to export them. Because everything was always on the server, there would never be a local copy that could be stolen (encrypted or not). Of course this also limited the ability of people to be able to move away from ProtonMail, if they chose to do in the future, as their data would be forever locked away and they couldn’t bring it with them.
I frown on vendor lock-in on every level and this was a big lock-in. The developers kept talking about the forthcoming ProtonMail Bridge which was to provide local decryption of messages and a local IMAP and SMTP server that would allow local clients to connect to the ProtonMail email servers and download their messages (along with sending and receiving messages outside of the webmail GUI). When the official release came I was extremely disappointed to see that while Windows and macOS were both supported, the Linux version was still marked as "Coming Soon" (and still is as of this writing). It was only much later that I happened to find an utterance of a beta program for the Linux Bridge that I could join to get early access. As I’m not shy about beta testing software, I submitted my request and was rewarded with a download URL link. Since then I’ve been using the webmail instance, Thunderbird, and the mobile app and haven’t found any issues with the Bridge causing problems. This does solve my vendor lock-in fear as I can pull my messages out and move to a different provider at any time.
SMTP limits
Here’s the one big issue that is not technical in nature and is causing me some major headaches: limits to the number of addressees on an outgoing message.
ProtonMail doesn’t explicitly tell you what the limit is for the number of people you can send a message to but may mention that there is a limit. That number, by the way, is 25. Sure, how often do I send a message to twenty-five individual addresses? Not often! But when I do, I really need to… R I G H T N O W!
Here’s my use-case: I am on a search and rescue team that uses email for disseminating information quickly to a large number of email addresses. The last mission I was on I found myself as first on scene and needed to convey where the incident command post was setting up. If only I could do something simple like replying-to-all on the message I had just received to let everyone know to meet me at the intersection I’m standing in. Nope, could not do it.
ProtonMail support will tell you that this "feature" is in place to protect the reputation of ProtonMail and not allow it to become a haven for spammers. While I can sympathize with their problem, I feel this is not the way to go about fixing the problem. In my case, it has limited the ability of a paying customer to legitimately do work. And this is a unique "feature" among email service providers.
Tor
ProtonMail also supports Tor users with an .onion address to access their services. This means that you can connect to ProtonMail over Tor end-to-end which helps reduce the attack surface of the communications going across the Internet. Overall, this is a positive step for helping people preserve their privacy through anonymity but there is one piece that seems to have been left out: .onion email addresses.
There are some email providers that provide .onion addresses for people to use exclusively on the Tor network. None of the providers have been anyone that I would trust my messages with, long-term, only because I fear they may disappear tomorrow. ProtonMail is different in that regard and it would be very interesting to see them take on this as a challenge.
Overall feel
Overall, I like what ProtonMail is trying to do. For the average person it probably works very well. But as soon as you try to push the system to where you expect it to be, disappointment appears on the horizon.
I was a paying member before I started using the service full-time because I believed in what they were trying to do. I am used to dealing with software bugs and testing software to find flaws so many of the downfalls I’ve spoken about are things that I’m sure will be remedied soon. The sticking point, to me, is the self-imposed limit to addressees in outgoing mail for paying customers. I’m not exactly sure how I want to deal with this bug but it may curtail my funding the project in the end.