Author: InvisibleUser Team
Categories: Communication Privacy
In this article, we will finally reveal the most secure encrypted email providers. They will help you avoid email-specific risks and prevent that popular email providers like Gmail spy on you. An encrypted email account is one of the most important things for communicating safely in the digital world. Keep your private emails private and never use Gmail and Outlook! If you would like to know why these two are a privacy disaster, you can find more information on that in our article “”Secure Email Communication Overview”.
ProtonMail is an open-source email provider developed by CERN researchers in Geneva, Switzerland. It is a fairly new provider that started its public email service in 2016. Registration is anonymous and you get 500MB of free storage or 5GB for 5€/month. It offers client-side encryption.
To communicate securely, it is best when both you and your contact use ProtonMail. In this case, the email you send is encrypted on you device, directly in the web client, running in your browser. The cryptographically secured content of the email is then sent to your recipients inbox on ProtonMail’s servers where it is decrypted. This is called end-to-end encryption. More details can be found on the ProtonMail website.
As stated above, this only works if both of you are using ProtonMail. Luckily, the developers have implemented a smart system to make the encrypted email function available, even if you send an email to people without a ProtonMail account. In this case, you can alternatively send a password encrypted email. You contact will receive a link to a temporary ProtonMail account and can decrypt the message with a password you have exchanged with him/her before. The reply will also be end-to-end encrypted.
ProtonMail offers clients for iOS and Android as well as a web version for PC. The web app can optionally be secured with 2-factor authentication. If you enable it, you will need your password and also a PIN that is sent to your phone to log in.
The web client, as well as all encryption technologies of the back end software are fully open-source. ProtonMail use exclusively open-source technologies and the Linux operating system in their data centres.
The encryption is based on the AES-256 standard and uses public and private keys that are generated when you create your account. These keys are saved in encrypted form on ProtonMail servers, which means that ProtonMail cannot access the cleartext of your emails. That is the case, because the keys need your password to be decrypted and used and ProtonMail does not have it. ProtonMail employs a combination of symmetrical and asymmetrical encryption, symmetrical encryption is the only option they have when encrypting emails for non-users with a password (source).
Optionally, you can set two separate passwords, one to log in and one for decrypting your mailbox for extra security.
ProtonMail can be used as web app on protonmail.com or be integrated into an email client like Thunderbird, Mailspring, Apple Mail and Outlook. The latter two are closed-source and not recommended for privacy. Since everything is encrypted, the client cannot read the emails. Therefore, you first need to install the ProtonMail Bridge software, which is only available with a paid subscription.
More information on the exact workings of ProtonMail’s encrypted email systems can be found on Wikipedia and security specifications are published on the ProtonMail website. In the comments section, ProtonMail also explain why they do not provide the server software source code. The (business) security whitepaper can be found here.
In 2015 ProtonMail servers were hit by 2 DDoS attacks. They took place from 3rd to 7th November. Due to ProtonMail’s security measures, no cleartext from encrypted emails and no personal data was stolen (source). The only result was that ProtonMail was temporarily unavailable.
The first DDoS attack came from a know hacker group called Armada Collective who demanded 15 bitcoins (US$16,000 at the time) to stop the attack. ProtonMail paid eventually, because the attack was also affecting other companies that use the same data center and their ISP.
The first attack then stopped. The suspicious thing about the second attack was that this one was not executed by the Armada Collective. ProtonMail asked them and they denied and did not ask for more money.
Also, the attackers never contacted ProtonMail and did not demand any money. It appears that, based on the capabilities of the second attacker, a group of state-sponsored agents were behind it.
This illustrates how good ProtonMail is for privacy advocates, when oppressive governments DDoS the service to take it down, because they cannot intercept the encrypted email communication of its users. Since then ProtonMail has built new data centres as mirrors to keep the service up if such attacks should reoccur.
The section of the Protonmail Wikipedia article that describes the incident was removed to make the article “more neutral in tone”, but you can still find the original here and see how it was changed in this diff. The reason for removing the information concerning government hackers was apparently that it was never proven and only the opinion of Protonmail. We disagree, since we think that an experienced IT security provider like Protonmail is able to decide whether they were hit by an individual hacker, a large botnet or a gigantic server farm that can only belong to a state’s cyber warfare arsenal.
Another important fact is that Google tried to suppress search result for ProtonMail. They did not want people to find out about the service.
ProtonMail does not readily cooperate with law enforcement, as stated in their article “Information for Law Enforcement Authorities”.
Tutanota is made in Germany and is an encrypted email provider very similar to ProtonMail. It is equal to ProtonMail in regards to privacy and end-to-end encryption. Tutanota was launched in 2011, which makes it 5 years older than ProtonMail. It offers 1GB of free storage, which is twice the amount you get with ProtonMail.
There are apps for iOS and Android available and a web application for PC. The mobile apps can be downloaded from F-Droid, the Google Play Store and the App Store.
Tutanota lets you securely log in with 2-factor authentication. This encrypted email provider uses the AES-128 and RSA-2048 encryption standards, so it employs a combination of a symmetrical and an asymmetrical algorithms, which is also true for ProtonMail. The client software is open-source on all platforms. That is a difference to ProtonMail, their mobile apps are closed-source. The server code is unfortunately not open-source, just like with ProtonMail.
Emails sent between users are encrypted automatically. If you send an email to someone that is not using Tutanota, that person receives a link to a temporary Tutanota account where they can enter a password you exchanged with the recipient before and decrypt the email. The reply will also be end-to-end encrypted.
Tutanota additionally offer an encrypted zero-knowledge calendar. This makes it an ideal alternative to popular, but unfortunately anti-privacy services like Outlook Calendar and Google Calendar. The calendar is integrated into the Tutanota app and therefore also available for iOS and Android as well as on the web. Especially for companies, this is a very much needed feature.
Sometimes, you do not need to have a permanent communication channel and therefore do not want to sign up for an encrypted email account. In this case, one-time use or “throwaway” email addresses can be useful. We at InvisibleUser create those all the time if we are registering on a website with an email address and do not want the company to see our real email.
Yandex, the Russian Google competitor, lets you set up an email account anonymously. The service does not encrypt your emails, but it can still be useful. Yandex Mail enables you to quickly and easily set up a throwaway email account for single use. This might be helpful to you, which is why we include it in this guide. You should not think of Yandex as a long-term solution. It just comes in handy if you want to set up an email alias in under 2 minutes. It is also fairly private, since you only need to type in your name, which can be false, a user name and a password.
ProtonMail and Tutanota are especially recommended, because they are so-called zero-knowledge email providers. That means that the ProtonMail and Tutatnota developers or operators cannot access your emails. They never receive a cleartext copy of your password, which is necessary for decrypting you private key that can then decrypt you emails.
Therefore, law enforcement or hackers cannot access your emails either, because the two providers will not be able to help them. A minor disadvantage of that is that your emails are lost if you lose your password. Your account can still be used, but you will not be able to decrypt emails received before you forgot your password.
When deciding wheter you go for ProtonMail or Tutanota, ProtonMail has the added benefit of being located in Switzerland. That means much stricter privacy laws and they are not even allowed to give information to law enforcement from other countries. This cannot be said about Germany, where Tutanota is registered.
We really hope that ProtonMail and Tutanota never get shut down. This already happened to the Texas-based encrypted email provider Lavabit, who crumbled under pressure from the NSA and the US government. Lavabit appears to be online again, but who knows what happened to the service with all that NSA interference.