ProtonMail Open Source Cryptography

Over the past year, we’ve had a number of people ask us about our approach to Open Source software. The reality is that the most critical parts of ProtonMail have actually been open source from day one. This is not something that we have made a special effort to point out, and as a result it is not widely known.

ProtonMail’s front end encryption is completely open source and uses the OpenPGPjs library. All of the source code can be downloaded and viewed here:

https://github.com/openpgpjs/openpgpjs

In addition to using the OpenPGPjs library, our developers have also audited the library and we regularly contribute our fixes and improvements. In the past few months, we have also made extensive overhauls to the library in order to resolve a couple of major performance bottlenecks and when these changes are completed, we will be making a major OpenPGPjs release which we will detail in a future blog post.

ProtonMail’s approach to open source revolves around two core philosophies.

1.  Standards Compliant

We believe in compatibility and interoperability. Thus, ProtonMail’s encryption complies fully with the OpenPGP standard. This brings a number of benefits. Because we are using an open standard, you as the user can know exactly how we are applying end-to-end encryption to secure your emails. In the future, we will be adding to ProtonMail the ability to import and export PGP keys. By complying with OpenPGP, it will be possible to do things like, download ProtonMail messages and decrypt them locally using your own PGP software.

2.  Peer Review

As former scientists from CERN, MIT, and elsewhere, we are firm believers in the peer review process. Open source without peer review is just not sufficient. Because of this, we are committed to helping foster and maintain a strong community around OpenPGPjs. Today, OpenPGPjs has become the most well known Javascript PGP library with by far the largest user community. This translates to many developers from around the world reviewing and auditing the code with us to ensure that it is free of security flaws. Simply put, no other JS PGP library has undergone the same level of peer review.

The Future

We are committed to keeping ProtonMail’s cryptography open source for the long run. As time goes by, we will be continuing to open source more and more software packages as they mature. Recently, we completed the first native OpenPGP libraries for both iOS and Android which will be launched in our upcoming encrypted email mobile apps. These native libraries will allow for unparalleled performance and the best possible user experience for secure email on mobile. We look forward to continuing to support open source on mobile and beyond.

Read More

Summary of HSTS Support in Modern Browsers

This a guest blog post by Mazin Ahmed, an external security expert who has helped test and audit ProtonMail. We hope it will educate our readers about web security.

HTTP Strict Transport Security (HSTS) is a web security policy that is made to protect secure HTTPS websites against downgrade attacks that is used to perform Man in the middle attacks. “Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers”[1]. (more…)

Read More

ProtonMail at Swissnex San Francisco

Earlier this week, we were invited to speak about our free encrypted email service at Swissnex San Francisco’s “Ensuring Safety for the Future of Cyberspace” event.  As some of you may know, Swissnex is a part of Swiss embassies and consulates worldwide and has the mission of connecting Swiss technology and innovation with local communities.  At the event, one of our team members, Bart Butler, explained why and how we utilize end-to-end encryption to provide email privacy to ProtonMail users. (more…)

Read More

We’re upgrading all ProtonMail accounts to 1GB of storage!

Click Here to get a Free Account

One year ago, we launched ProtonMail Beta to bring easy to use private email to the world. We never imagined that our project would gather so much support from all around the world. Thanks to you, ProtonMail has grown incredibly in the past year. To celebrate our first anniversary and to thank all of our early supporters, we are making a big change to our free encrypted email service.

We’re excited to announce that we are upgrading all existing ProtonMail accounts to 1GB of storage within the next couple days, up from the current limit of 500MB.

Furthermore, any ProtonMail accounts requested by June 17, 2015 will have 1GB of storage when activated. If you have not signed up for a free email account, you can get one here.

(more…)

Read More

ProtonMail BETA v1.16 Release Notes

ProtonMail BETA v1.16 is finally here! We’ve added encrypted attachments so you can send and receive attachments from ProtonMail users in a fully end-to-end encrypted way. We are also excited to showcase one of the most widely requested features for productivity: archive folder and custom “folders”. You will also notice a fresh look on our homepage and UX improvements on your inbox throughout. Finally, we’ve added a number of new settings including a way to customize ProtonMail’s theme if you know CSS. As usual, if you encounter any problems, please clear your browser cache or log out and log back in. Here’s a quick introduction to the new features:

(more…)

Read More

Introducing the ProtonMail New Feedback Forum

We’re excited to introduce the new ProtonMail Feedback Forum where you can give us feedback and suggestions on new features that you want to see in ProtonMail. Since the beginning, we have built ProtonMail with usability as our main goal, and we’ve worked hard to make sure that each comment and suggestion is a part of our development process. Now you can vote, comment and post new ideas for ProtonMail to develop in the future through the Feedback Forum.  (more…)

Read More

ProtonMail has raised $2M USD to protect online privacy

We’re happy to announce that ProtonMail has secured a financing round of $2M USD from Charles River Ventures (CRV) and the Fondation Genevoise pour l’Innovation Technologique (FONGIT). In our first fundraising last summer, we received over $550,000 in donations from over 10,000 supporters, and in the process set a new record for software technology crowdfunding. That critical early funding allowed us to go from a software project started in the CERN cafeteria to a fully functioning encrypted email service, supporting hundreds of thousands of users around the world.

This additional funding will allow us to accelerate our growth and get us closer to providing online privacy for everyone. We will be growing our team, and more importantly, speeding up the pace of development in the coming months. Privacy is important, and it is a race against time to build secure solutions like ProtonMail – before it is too late and privacy disappears entirely. (more…)

Read More
ProtonMail

Copyright © 2015 Proton Technologies AG. All Rights Reserved.