A secure (really secure), anonymous, “off the govt’s radar” E-mail service is the need of the hour, isn’t it? Well, that’s where this Protonmail review comes in.
What if I told you the govt. can spy on each of your E-mails? Each of your files being shared over the Internet, along with the E-mail providers, and third-party hackers being able to do so as well?
That’s so because the E-mail providers are required by the law in some situations to co-operate with the govt. to the fullest extent, and they being “for-profit” organizations feel no need of going at arms with the govt.
So, how do you keep your E-mails safe, secure and at places where the intrusive govt. and other prying eyes can’t reach them? Protonmail seems like a viable option, but how good or not good is it? That’s what we would uncover in this Protonmail review.
What is Protonmail?
Obviously, if you’re reading this Protonmail review there’s every chance that you’re not yet acquainted with the platform.
Protonmail is an E-mail provider, a platform which lets you create, send and receive E-mails and files over the Internet.
But what makes it worth this Protonmail review is unlike Gmail, Yahoo or any of those other mainstream E-mail providers, it’s Anonymous, secure and is off the govt.’s reach.
It’s an E-mail provider which protects your privacy and security and that’s what makes it special. Here are the factors which make it as anonymous as it claims to be.
- Website: https://protonmail.com/
- Onion Links: https://protonirockerxow.onion/
- Email Security: 2FA, PGP Support, Advanced End to End Encryption, Password Protection
- User Interface: Friendly and Cross-platform
- Self-Destruction: Yes
- Custom Domain Support: Yes
- VPN support: Yes
- Premium Plan: Available
- Payout Method: PayPal, Bitcoins
*FunFact- In case you’ve watched Mr.Robot, in its season 03 Mr. Robot uses Protonmail anonymous email service as his anonymous E-mail client!
a. Protonmail Registrations
For starters, it doesn’t ask you for any personal detail while registering. In fact, it’s encouraged that you use random names/characters in your E-mail ID along with other untrue details.
Because Protonmail doesn’t know who you are either, there’s no chance of your anonymity being unraveled even in the case of a hack or seize as the details don’t exist even with the company.
b. Based in Switzerland
Secondly, it’s a company based out of and registered in Switzerland, and obviously the Swiss are famous for their integrity and respect towards user privacy, so even if your govt. did want to get a hold of the servers or the data, there’s a next to impossible chance for them being able to do so.
And as explained later, even Protonmail doesn’t have access to your Data which results in the fact that no matter which govt. you’ve offended, there’s just no practically possible way for someone to get a hold of your personal conversations. (Unless the encryption is rendered useless, which by itself is next to impossible).
However note that Switzerland isn’t completely untouchable. But the way Protonmail handles legal requests does still make it the best anonymous E-mail provider.
So, let’s start with the fact that govt. authorities from other countries can, and do request Protonmail data. However, because of the Swiss rules Protonmail can’t (even if it wants to) comply to foreign requests without the approval of the Swiss authorities.
Anyway, Protonmail does comply to Swiss requests, as well as foreign requests approved by the Swiss govt. However, because the company is exempted under BÜPF, it’s not required by law to store IP logs.
Note that due to the technical reasons, the company does have access to “Metadata”. It simply contains the subject field, sender/recipient etc. It doesn’t contain the actual E-mail or its contents. And this data too is protected under the Swiss laws.
So even in worst case scenarios, the shared data isn’t particularly compromising. And the End-to-End encryption can’t be broken, not even if Proton, Trump, Aliens (not sure of them though) or your govt. wants so.
However this doesn’t make Protonmail a safe-heaven for criminal activities. If and when a monitoring-request is received for an account, Protonmail does comply. It will then monitor and/or retain the state of the account as far as possible provided there’s enough legal ground to do so.
Accounts when manually deleted by users are deleted instantly from the production servers. And within 14 days from the backup servers. All in all, Protonmail is the perfect Privacy and anonymity solution as long as you’re not involved in something explicitly illegal.
c. No IP Logs
Apart from the above two factors, another fact which makes it truly anonymous is that it doesn’t keep any IP logs, which Gmail and nearly every other mainstream E-mail provider has publicly accepted to logging.
Because it doesn’t keep any logs, again Protonmail doesn’t know where you’re from and hence your identity remains intact as there’s no log to be stolen or hacked into.
This has been one of the prime reasons, which pushed me towards scribbling this Protonmail review down; and why I personally think Protonmail is a great solution for anonymous E-mails.
Is Protonmail Secure?
It’s anonymous, yes; but is it secure enough? It needs to be, because if it’s only “anonymous” and not secure in that case your E-mails could be hacked and a lot of personal data leaked.
Fortunately, that doesn’t seem possible with Protonmail; here are the factors which help us establish its security:
a. End to End Encryption
One of the features which establish Protonmail as a secure E-mail provider is the fact that it’s encrypted end-to-end.
For the uninitiated, End-to-End encryption means the message is encrypted from your (sender’s) end, to the receiver’s. In other words, the E-mail is stored in an encrypted format when it’s on Protonmail servers, and only when the receiver reads it is it decrypted.
b. Protonmail Team Doesn’t Have Access to your Data
The data is encrypted not only for third-parties, but for Protonmail as well, meaning the company too can’t decrypt your E-mails even if it wanted to.
This isn’t the case with mainstream E-mail providers, they not only have access but also “read” your E-mails as has been proven and accepted by Gmail.
The Encryption key on Protonmail for the E-mails is stored client-side (on your side) and the team never has access to them and hence your E-mails are solely yours.
This also eliminates the risk of companies selling your data to third-parties which is common with most mainstream email providers which do so to “personalize ads” for the advertisers.
c. It’s Open Source
Protonmail is open-source, meaning the code and encryption algorithm being used by the company can be vetted by anyone with the knowledge to do so freely.
This ensures that there are no backdoors built, and the company is truly providing what it claims to, without any strings attached.
So, End to End encryption, coupled with the complete isolation of the data from any kind of third-party (including Protonmail) access and it being open-source do reinforce the fact that so far it does seem extremely secure as well as anonymous.
d. Self Destructing E-mails
One of the most innovative and privacy-reinforcing features which deserve a mention in this Protonmail review are its self-destructing E-mails.
The E-mails get deleted from the recipient’s inbox after a time which is pre-set by you before sending the E-mail.
What makes it even more special is, the self-destructing E-mails can be sent not only to Protonmail E-mails but also to general E-mails outside Protonmail, ensuring even if your recipient isn’t a Protonmail user, your privacy still remains intact.
e. SSL Encryption
Of course, the E-mails are already encrypted before sending them, but in addition to all that Protonmail also has implemented a SSL certificate as an extra layer of security.
It prevents third-parties from tampering with the webpage, or your browser session so that your data isn’t intercepted mid-way (via an attack such as “man in the middle”).
Additionally, they’ve also released SHA-1 and SHA-256 public keys for their SSL certificate public keys.
And the final nail that I can hammer in on this Protonmail review as far as security goes is that the SSL certificate is issued by a Swiss company, on which neither the US nor EU or any other govt. can exercise control or domination.
f. Advanced Encryption even for Non-Protonmail Users
E-mail is fundamentally a means of communication, and communication is generally two-way. Protonmail understands this, and the fact that not each of your contacts would be using Protonmail.
Unlike other secure E-mail services which are secure only within their own isolated platform, Protonmail guarantees security even when you send E-mails to non Protonmail users, one of the major feathers I can add to the cap of this Protonmail review.
It uses symmetric encryption to send these E-mails, which means your recipient receives a link, clicking on which opens the E-mail if they provide a passphrase (password) along with it, and the sender sets this password and shares it with the recipient.
This makes sure that even if the recipients’ account is compromised, people it’s not intended for can’t read the E-mail.
g. 2-Factor Authentication
“Password is the least secure part of your security”. Any E-mail provider which doesn’t provide 2-FA is extremely easy to break into, well fortunately Protonmail does.
Protonmail supports 2-FA via OTP, which you can receive via a number of apps which include:
Whenever you login, a 6 digit code is shown on these apps which you’ve installed, it’s this code which you need to enter along with your password in order to login.
So in a nutshell, considering all the features so far discussed pertaining to the platform being secure, in my opinion, I do believe it’s secure-enough and can be trusted.
Nuclear Protection, Literally
When it comes to Physical security too Protonmail hasn’t compromised a bit and hence houses their Datacenter in an underground bunker which is more than 1K.m underground above which lie solid, granite rocks and the bunker can quite literally s
When it comes to Physical security too Protonmail hasn’t compromised a bit and hence houses their Datacenter in an underground bunker which is more than 1K.m underground above which lie solid, granite rocks and the bunker can quite literally survive a Nuclear attack!
Warrant Canary and Transparency Report
Transparency is key in the business that Protonmail is in. Pertaining to the same, it has a “Transparency report” which details when and how it complies to any legal data requests.
Moreover, it also maintains an updated Warrant Canary. It’s a list of all the requests the company receives from law enforcement agencies for user data. The date, as well as response from the Protonmail side too is documented.
What makes Protonmail secure is, due to its Swiss jurisdiction majority of these requests are knocked off even before they reach Protonmail by the Swiss govt. A table-view details the total orders the company receives from Swiss authorities, foreign authorities, number of contested and orders it complies with.
So we’ve established some facts regarding its anonymity and security, now let’s get down to registration; which is the first step to actually using Protonmail.
Note that Protonmail is essentially a free platform, although it also has paid packages which we will discuss later.
The registration is fairly simple, once you’re on the registration page you’ll need to fill out some very basic (nothing personal) details, which include your preferred E-mail ID which you can choose between @Protonmail.com, @pm.me or @Protonmail.ch
And then your password, optionally you can also set a recovery E-mail which would let you recover your account should you lose it.
So minimal data is required, and there’s zero privacy intrusion, that’s what we’re looking for isn’t it?
Protonmail User Interface
User interface matters, a lot; that’s so because even if a platform or program such as Protonmail has the best of the features it’s useless if it can’t be used easily or by people who aren’t as tech-savvy.
Considering all the talk about encryption and security, you may feel like you’ll need to be Mr. Robot in order to use Protonmail, fortunately that’s not so.
If you’ve used any other E-mail provider before, or even if you haven’t I’m sure you won’t be lost, all the options and buttons are pretty well-placed, easy to understand and work with. Here’s what the user-interface looks like.
As you can see from the above screenshot, the dashboard is divided into three sections, the left sidebar, the top-bar, and the centre screen.
In a way, it’s similar to that of Gmail, the left sidebar is practically your navigation bar using which you can move to different sections such as the Inbox, thrash, sent etc. Although it also houses the advanced settings which we will discuss later.
The top bar isn’t something you’ll need to use often, it simply has more back-end features such as Upgrade, report bug or move to your accounts section.
Then there’s a second top-bar just below the top-bar and it holds simple quick buttons for “delete”, “move to folder”, “mark as read” etc.
As for the centre screen, it shows you your E-mails, just like every other E-mail provider on the globe, the same holds true for this Protonmail review as well.
So as you might have gathered by now, just because it’s anonymous and secure, doesn’t mean you’ll need to learn E-mailing all over again, it’s pretty much Gmail, without the strings!
As far as this Protonmail review goes, I’ll rate its user-interface a 5/5 cause hey, why shouldn’t we?
Protonmail Advanced Settings
As this is a Protonmail review, I aim to leave no stone unturned, and well its advanced settings are a pretty big one.
The advanced settings can be reached either by clicking “Settings” from the top-bar, or by clicking “folders/labels” from the left-sidebar.
Here’s what the settings dashboard looks like:
A lot of options? I know, but simply “quantity” doesn’t determine quality so let me walk you through what exactly is being offered and how effective it truly is.
The first option you see is “Account”, this is where you get to check your account’s most basic information, such as your E-mail ID, your display name (which you can also change from here), your Signature etc.
You also can set/change your recovery E-mail ID from this section, and can turn on or off “password reset” and daily notifications. Even these settings have been laid out in a very easy-to-understand manner, another 5-star gatherer for this Protonmail review.
b. Custom Filters
The next option of our interest is its “Filter”, it lets you create your own filters, with your own rules and terms so that if a subject/sender/attachments contain any specific words, do not contain some words, begin with some specific words etc. they’re automatically moved to a folder you create for them.
In the above screenshot, I’ve created a folder called “Spam filter”, and if I receive E-mails with the subject “buy or sell” the E-mails are auto moved to that folder. It’s one of the best ways to keep spam at bay, so far, I’m impressed.
c. Auto Replies
Something that most mainstream E-mail providers do not offer, auto-replies. To be honest, it’s not extremely advanced, but it does let you set auto-replies for fixed durations.
For e.g. if you’re on a vacation and can’t check your E-mail, you can set the auto-replies to let your senders’ know of the same and as its expiry time is pre-set you don’t have to worry about turning the auto-replies off either.
d. Multiple Users
Protonmail also lets you create “sub-emails accounts” which you can assign to your teammates, family and friends on your own custom domain (meaning it doesn’t have to be @Protonmail.com).
It has a hierarchical structure, so there’s one primary administrators with god-like powers, then there’s the administrator(s) and then the normal users.
It comes in handy when you need good encryption and security not for just one individual but for your whole company or team.
Protonmail is also available on mobile devices including iOS and Android so you don’t need a computer or laptop in order to use the service.
Most of the features are exactly the same as with the computer version of Protonmail. The security too is identical and you won’t be compromising in the least if you get the mobile versions.
Although the user-interface does differ (obviously) along with some additional options for the mobile so let me just walk you through it.
Protonmail App User Interface
As you can see, the interface is extremely simplistic, there’s the menu buttons on the top-left corner of the screen, a search icon along with a “compose mail” icon on the top –right corner.
The rest of the screen holds your E-mails. Again, as discussed earlier in this Protonmail review, the interface still holds its simplicity and ease of use even on the mobile version.
Custom Swipe Settings
Just like auto—filters, which we discussed earlier in this Protonmail review, Its mobile version also includes a “swipe” feature.
You can customize the consequences of you swiping left or right. For e.g. you can set the messages swiped right to be moved to spam, achieve, marked as read etc.
Prevent Taking Screenshots
This is one of the advanced features which is worth being mentioned in this Protonmail review. When enabled from the settings of the Protonmail mobile version, it doesn’t allow the recipient to take a screenshot of your E-mails.
Although there are some additional settings such as enabling/disabling notifications, snooze time, swipe settings etc. they can be figured out easily without an explanation.
I believe we’ve covered just about every feature that there is to Protonmail. There’s just one last section without which no privacy on the globe is complete.
Use a VPN
Protonmail is secure, anonymous, privacy-respecting; yes. But why not take another step forward and fortify your anonymity even further?
That’s what you can do with a VPN like NordVPN; A VPN basically masks your real IP address, and provides you with a secondary IP address which can’t be linked back to you.
This makes sure that even if there’s some leak or loophole on Protonmail (which has never before happened) and even if someone gets a hold of your IP address, it doesn’t leak back to you.
Also, a VPN protects you from direct hacking attempts, and encrypts your traffic anyway so that means not just your E-mails but your overall internet connection is protected.
Use PGP Encryption
PGP encryption is one of the simplest, yet most effective and secure ways to encrypt your communications.
It’s not mandatory with Protonmail as your E-mails are already encrypted, but if you encrypt your mails further that just means Fort-Knox like security for you.
Here’s a complete, detailed guide on what PGP is and how to use it.
3 Highly Customizable Protonmail Premium Plans
It’s natural to think of something so extraordinary to cost you money, well that’s not entirely true with Protonmail.
Protonmail is primarily free and open-source, so you can start using it without paying a single penny. The free plan allows one E-mail ID, 1 user, 500 mb storage and 150 messages/day.
Although if you need more space, and some extra features in that case you can go for their paid plans, which are:
- Plus plan – 1 user / 5GB Storage / 5 Addresses /1 custom domain for $4/month.
- Professional – 1 user / 5 Addresses each user / 2 custom domains for $6.25/month.
- Visionary – 6 Users / 20GB Storage / 50 Addresses / 10 custom domains.
Note that these plans are highly customizable, for e.g. on the Plus plan, you can keep everything as is being offered but maybe just increase the storage to 10 GB, or take 3 custom domains instead of 1 and so on. The pricing instantly updates itself once you make your changes, this is one of my favorite features that I’m mentioning in this Protonmail review because it gives you the power to choose, you don’t need the more expensive plan for just one single feature and rather can just include it on your cheaper plan!
The company earlier allowed fully customizing plans according to your needs, unfortunately that’s not possible anymore. The features/resources for each plan are now pre-defined and you just have to choose one or the other.
Additionally, you may notice that the “Bitcoin” payment mode isn’t available on the checkout page. That’s because in order to make payments via Bitcoin, you must first create a normal account and then upgrade it. BTC payments are only available for existing accounts, not on the first-signup page.
Protonmail Hacked? Busting the Myth
Around November 2018, a person spread a Pastebin link claiming to have hacked Protonmail, and demanded a ransom in return. Here’s the archived link of the now-deleted Pastebin page.
The self-alleged hacker even promised a sum of USD $20.00 in BTC to everyone who shared the link:
If you’ve read the pastebin message, and/or the giveaway thread the entire thing seems quite pretentious. What on Earth is even “Opsec situation“? The guy/group clearly seems to be inspired from movies.
Although Protonmail soon cleared the air stating clearly that there’s no evidence proving the hack was anything more than a hoax.
In another instance, A Swiss lawyer Martin Steiger claimed that Protonmail “voluntarily” was assisting Swiss authorities for real-time surveillance.
Protonmail again states that they were simply misquoted and misunderstood. They made it clear that Protonmail is required by Swiss laws to assist in case of “Criminal cases” whenever ordered directly from Courts or Prosecutors. The company further added that as they use End to End encryption, the messages can’t be decrypted even by the company even if it wanted to.
The last (major) alleged-hack too was busted as the company made it clear that some very specific individuals, who happen to be Investigative journalists for Bellingcat were targeted. The hack was not against “Protonmail“.
So all in all, the company wasn’t hacked and all the reports of Protonmail being hacked are just misinterpretations, confused reports or just deliberate negative-marketing for the company by some.
Protonmail vs. Gmail which is better?
Is Protonmail better than Gmail?
If you’ve read this far on this Protonmail review, that’s a question you’re bound to have.
If you still aren’t sure how it’s better than Gmail, let me clear that doubt.
- Gmail reads your e-mails, Protonmail doesn’t (can’t).
- Gmail isn’t End-to-End encrypted, Protonmail is.
- Gmail’s “self-destructing emails” aren’t very “secure”. They’re susceptible to the MITM attack. Moreover, they aren’t deleted from your “sent” folder. And additionally, you can only send those to other Gmail users. Protonmail has none of these limitations.
- Protonmail is based in Switzerland, Gmail is based in the U.S.
- Protonmail is open-source, guaranteeing no backdoors; Gmail is owned by Google, arguably one of the most privacy-breaching companies on the planet.
- Protonmail doesn’t trace/track your IP address and other activities. Google/Gmail does, and very extensively.
- Gmail, being owned by Google, can track you across multiple platforms, including third-party websites where you’ve logged in using your Gmail account. Protonmail doesn’t offer those features, a small inconvenience for the exponentially more privacy.
In a sentence- “Yes, Protonmail is a lot more private, anonymous and privacy-respecting than Gmail has ever been, and probably will ever be”.
So finally, after going through all the options and features that it provides, my verdict is Protonmail is without doubt one of the best anonymous E-mail services available in the industry.
It’s truly anonymous and secure unlike the others out there which simply claim to be so. Additionally, it’s free for the most part while providing you with the option of letting you buy additional space and features if you need them.
Do let me know your verdict on this Protonmail review and what you think of the platform after you use the Protonmail login and check it out for yourselves.