Switzerland-based encrypted email provider has launched a new application called ProtonMail Bridge which allows users to enjoy the benefits of end-to-end encryption using Mozilla’s Thunderbird, Apple’s Mail and Microsoft’s Outlook clients.
ProtonMail saw a sizable bump in user numbers upon Donald Trump’s victory in the 2016 US elections when former NSA contractor Edward Snowden told people worried about its privacy implications to use encryption.
The company was hatched by several researchers at CERN aiming to solve the challenge of making end-to-end encryption email easier. It differs from popular webmail services that encrypt email content in transit but once stored on a company’s server can be accessed by anyone with decryption keys, assuming it’s encrypted at rest. ProtonMail encrypts email before it arrives at its servers, meaning anyone with access to its servers can only access encrypted packets.
The firm launched shortly after Snowden’s NSA 2013 leak, but interestingly, it does not recommend anyone in Snowden’s shoes to use ProtonMail or indeed email at all for communications.
The new Bridge application acts like a local email server and uses IMAP and SMTP protocols while encryption and decryption happens on the user’s computer.
Proton Technologies outlines in a blog that one of the key benefits Bridge offers is search and indexing of content, which is usually handled by web mail providers. This can’t be done on company servers if GPG or PGP has encrypted the content of email. Google, for example, notes in a support document about Gmail encryption that using PGP creates a “tradeoff of convenience for additional security”, which makes indexing and hence search impossible.
But since Bridge decrypts email content on the computer, users can rely on their preferred email client’s search functionality for this task.
“The Bridge decrypts messages as they arrive in your computer and delivers them to your desktop email client. These local copies are stored on your computer, so the search features of your desktop client work normally and you can search within your encrypted emails,” explains ProtonMail’s maker, Proton Technologies.
The other key benefit Proton Technologies highlights is where an email client has been set up with a ProtonMail account and a Gmail or Outlook account. Users can drag and drop a single Gmail message to the ProtonMail account or transfer all their email from another webmail account to ProtonMail using email client account import features.
The catch — which depends on how much you value your privacy — is that you have to pay for ProtonMail. Unlike Google and Microsoft, which offer up 15GB for Gmail and Outlook respectively for free, ProtonMail charges €4 a month for 5GB of storage. ProtonMail has a free account but this is limited to 500MB of storage.
Privacy conscious people can use services like GNU Privacy Guard (GPG), the open source cousin of Symantec-owned email encryption program PGP, which was created by Phil Zimmermann. However, these programs require effort to use correctly.
But ProtonMail does offer some security advantages. It isn’t a browser plug-in so obviates attacks on the browser but it won’t protect messages on device that has been compromised by malware.
Proton Technologies plans to release Bridge’s source code to allow users to compile the applications themselves rather than relying on binaries from it.
The setup is fairly simple. Users need to install the Bridge app, and then add their ProtonMail account to the app. Then users need to add their ProtonMail account to their preferred email client and configure its settings.
- Google plugs KRACK wifi security flaw in November Android patch
- EU will give its opinion in Microsoft’s US suit over access to email in Ireland
- Why Android explosion is attracting cyber criminals on the dark web
- Centrify predicts how to turn the cybersecurity tide in 2018
- An enterprise encryption app for Outlook is not so secure, say researchers