Can we crowd-source a Brigada-sized initiative to analyze ProtonMail as a ‘prime example’ of secure communications? Can we ask you — and any I.T. people that you know — to hop on and verify to tell us… Is it true that ProtonMail is…
- Open source, meaning that it’s possible to download the code and verify ourselves that there’s no possible backdoor for bad guys to acquire and spy on your email? And that there are no prying “advertiser-trolling eyes” that can see into it?
- Based in Switzerland, and, as such, isn’t beholden to any government laws from anyone, anywhere, to give up access to your inbox?
- Completely encrypted, top to bottom, even while it’s at rest on their servers?
- Truly anonymous, in that you aren’t required to provide contact information to open an account? (It’s optional.)
- Only 6.25 Euros/month if you pay annually for up to 5 gigs of storage. (See https://protonmail.com/business/pricing for the easy verification on that answer. haha)
Assuming all these things are true, we wonder… why wouldn’t more workers (who aren’t provided a secure solution by their respective agency or company) choose ProtonMail as opposed to Gmail or Yahoo.com or any fill-in-the-blank.com free, less secure email? Because, for example, is it true that Gmail would…
- Perhaps have to hand over your email to a law enforcement official from virtually any country in which Gmail had a server/office?
- Declare your email all but “dead” after it’s 6 months old, meaning that it would hand over those emails without a warrant even?
- Perhaps analyze your email for “features” like calendar items and such, meaning that someone, somewhere, has access to your information?
- And for all this and more, you resist paying $7 bucks per month?
Help us think through this picture? Why/How has Gmail practically become the defacto communications medium for the entire missions world, even in secure countries????????????????????? What are we missing here? [Note: We receive no compensation or benefit from anyone for proposing this option.]
Yes, indeed! ProtonMail is a valid option for security in email.
There are a few security apps for SMS also.
I use both proton mail and psmail.net. Both meet the highest levels of security.
There are a few issues here
1) “Open source” does not make it secure. Yes, you can look at the code. But the server it runs on also has to be secure both physically and in configuration (e.g. firewall, system updates, etc). All software has bugs that can lead to security issues — there have been some spectacular failures in both open source and commercial apps. Plus, unless you install the software yourself, you have to trust that no one else has altered the code and inserted a “back door.”
2) Email is only secure as it is on both ends. Proton mail might be secure, but only if both users are on the same system. E.g. if you use such as service to email someone on another ISP, then your mail can be read by that ISP as well.
3) Email can be but is often not encrypted as it goes through the internet. Your connection to your mail server might be secure, but the message is being relayed through routers and such to get from one pace to another — and there’s no guarantee that is encrypted either. (And all these routers and networks worldwide can be subject to wiretaps and other surveillance. (Just ask ATT & the NSA.)
4) Given 2 and 3, using Google-based apps, as many organizations do in the US (the commercial version of Gmail) *might* be more secure. If I send a message from one Google-hosted domain to the other, then that message has most likely stayed within Google’s secure cloud.
The most secure way to send a message over the internet is end-to-end encryption. In the case of email, this means using a tool like PGP to encrypt using a shared secret model. But this is still not bulletproof, and it’s not user-friendly.
There are other potential benefits to using something like Proton. But if you are paying them something, you’re likely not going to be truly anonymous because they’ll have your CC number or other payment data — unless you mail cash.
I’m not a certified expert on security, but I’ve been in the tech world for a long time and manage servers and such
Hi Andy. Your response is interesting – but it would be great to get some supporting citations. With deep respect, for example, it was our understanding that if both users are on Protonmail, there indeed IS a guarantee of security.
Been using ProtonMail for years for certain contacts. ~~~NEAL
Like Andy F stated there is no completely secure option. Having said that I’m sick of empowering the giant technocrat overlords. If you take the time to read the service agreements and take them seriously I wonder why any one would use Google or Microsoft. If your not paying for it YOU are considered to be product by the giant tech firms they can literally do anything they want with your data or content. Along the same lines right now I like Brave for my browser and Duck Duck Go for search. Proton also has a free option that does not have many features that you can try to see if you like it. So far I have been pleased.
I’ve had protonmail for a month or more – both the free version and the paid version. It works fine, no problems there. However, I found out that it was developed by CERN in Switzerland and I do have concerns with this group that is with the Great Global Reset (WEF, Klaus Schwab) and, though I’m not a conspiracy theorist, I prefer to act with an ounce of wisdom and not go there.
Then there’s this more technical assessment I just read which gives another option addressing protonmail’s security issues:
https://healthimpactnews.com/2021/protonmail-is-inherently-insecure-your-emails-are-likely-compromised/
I have used Proton mail for several years with no problem. However, I have recently switched over to MailFence.com since I preferred some of their features (like using my ministry email addresses). MailFence does offer PGP encryption. I am also using Brave for browsing and DuckDuckGo for searches.