Proton Mail - Private & Add-free Mail

Published

March 25, 2025

Modified

March 25, 2025

Why Proton Mail?

Free mail services (like Gmail, etc.)…

Commercialization of user data (you are the product)
- …messages & attachments indexed by mail providers
- …tracking of users for behavioral analysis
Enables data marketing with advertisement industry…
- …advertisement is personalized to increase consumer spending
- …concerns over targeted ads and invasion of privacy

Mail is the anchor of a user profile.

What information is typically derived by online user tracking?

identity, address, email, phone, gender
age, income, spending budget
relationship to others
behavioral patterns, location
political beliefs
health conditions

For many people decision between convenience or prioritizes privacy and security in communication.

Questions to ask?

Switch to a privacy-focused, secure, ad-free email service like Proton Mail¹˒²

Alternatives to Proton Mail:

Mailbox.org (Germany)
Mailfence (Belgium)
Posteo (Germany)
Tuta (Germany)

User Protection

Thread Model³ …provide ‘good privacy’ for individuals

…protects messages from mass surveillance & data breaches
…respects data privacy …follows regulations (like GDPR⁴)
Does not protect against…
- …compromised client devices
- …man-in-the-middle attacks (for example by government organisations)
For reference …controversy around Proton Mail⁵

Tracking protection⁶ …remove email trackers by default

Phishing filters⁷

Proton Mail’s PhishGuard⁸ tries to prevent phishing attempts using…
…notifies the user to examine a mail more closely

Encryption⁹ — Mail body encrypted with PGP by default…

…offers no protection for users’ metadata (like mail subject, addresses, etc)
…private key is generated on the client side¹⁰ (protected by password)
…users are always end-to-end encrypted (only send/receiver can read a mail)
…exchange encrypted e-mails with off-site users¹¹ …with pre-shared password)
…zero-access encryption¹² on servers …therefore inaccessible to host

SPAM filter…

Todo

Jurisdiction & Infrastructure

Jurisdiction¹³…

…for-profit Swiss corporation Proton AG¹⁴
…owned by nonprofit Proton Foundation¹⁵
…neutral location outside of US, EU, and NATO jurisdiction
Proton Policy¹⁶ …describes data collected per user
- …legally obligated in Switzerland
- …mail metadata available to law enforcement (if requested)
- …no data is provided to third-parties as a business model

Data-centers…

…all infrastructure build by Proton (non cloud-based!)
…replication between Switzerland, Germany, Norway
…all data-centers run on green energy

Open Source — Proton uses open-source cryptography

…encryption methods transparent to the public
…experts can review/verify security strength of Proton system
Proton mail client application available on GitHub¹⁷
Deploy involved in OpenPGP¹⁸ standardisation & development

Prices & payment…

Free (single address, minimal storage)
Payed tiers …family & business plans
Payment methods (…unpaid invoices within 14 days)
- credit cards, PayPal, Bitcoin
- bank transfer with IBAN
- cash (physical mail to Switzerland)

Authentication & Recovery

No support for PassKeys¹⁹ (yet)

Two-factor authentication…

…six-digit code generated by a 2FA authenticator app
…registered smartphone
…physical security key

Account recovery…

…password is linked to your encryption key (reset prevents access to old data)
12-word recovery phrase
recovery mail address, phone number
recovery file or backup encryption key
trusted device-based recovery

Email Addresses

Mail aliases…

…users can create unlimited extra addresses
…additional free personal addresses (up to 10)
…unlimited +aliases (sub-email address) …automatically created on use
…hide-my-email aliases …randomly-generated email address that forwards emails to your main inbox

Ecosystem

Additional Features — Address book, calender, file storage

ProtonVPN²⁰

Footnotes

The CEO of PROTON answers YOUR questions!, YoutTube
https://www.youtube.com/watch?v=Dp7ght2fMR4 ↩︎
Proton Mail
https://proton.me/mail
https://www.reddit.com/r/ProtonMail ↩︎
The Proton Mail Threat Model, Proton Blog
https://proton.me/blog/protonmail-threat-model ↩︎
GDPR compliance is easier with encrypted email, Proton https://proton.me/business/gdpr ↩︎
References about a Proton Mail controversy
https://proton.me/blog/cryptographic-architecture-response
https://www.youtube.com/watch?v=AhdJzjC7Leo
https://encryp.ch/blog/disturbing-facts-about-protonmail
https://brian.carnell.com/articles/2021/the-truth-about-the-truth-about-protonmail/↩︎
Tracking protection, Proton Documentation
https://proton.me/support/email-tracker-protection ↩︎
What is phishing and how to prevent phishing attacks?, Proton Blog
https://proton.me/blog/what-is-phishing ↩︎
What are DMARC, DKIM, and SPF?, Cloudflare Documentation
https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf ↩︎
What is end-to-end encryption and how does it work?, Proton Blog
https://proton.me/blog/what-is-end-to-end-encryption ↩︎
How is the private key stored?, Proton Documentation
https://proton.me/support/how-is-the-private-key-stored ↩︎
How to send Password-protected Emails in Proton Mail, Proton Documentation
https://proton.me/support/password-protected-emails ↩︎
What is zero-access encryption and why is it important for security?, Proton Blog
https://proton.me/blog/zero-access-encryption ↩︎
Five Eyes, Nine Eyes, 14 Eyes, 2025/01
https://cyberinsider.com/5-eyes-9-eyes-14-eyes ↩︎
Proton AG, Wikipedia
https://en.wikipedia.org/wiki/Proton_AG ↩︎
Proton Foundation
https://proton.me/blog/proton-non-profit-foundation ↩︎
Privacy Policy, Proton Documentation
https://proton.me/legal/privacy ↩︎
Proton Mail, GitHub
https://github.com/ProtonMail ↩︎
OpenPGP Project
https://www.openpgp.org ↩︎
Passkeys, FIDO Alliance
https://fidoalliance.org/passkeys/↩︎
Proton VPN
https://en.wikipedia.org/wiki/Proton_VPN
https://github.com/ProtonVPN
https://protonvpn.com/↩︎

--- title: Proton Mail - Private & Add-free Mail date: 2025/03/25 date-modified: 2025/03/25 --- # Why Proton Mail? Free mail services (like Gmail, etc.)… - **Commercialization of user data** (you are the product) - …messages & attachments indexed by mail providers - …tracking of users for behavioral analysis - Enables data marketing with advertisement industry… - …advertisement is personalized to increase consumer spending - …**concerns over targeted ads and invasion of privacy** Mail is the anchor of a user profile. What information is typically derived by online user tracking? - identity, address, email, phone, gender - age, income, spending budget - relationship to others - behavioral patterns, location - political beliefs - health conditions For many people decision between convenience or prioritizes privacy and security in communication. # Questions to ask? Switch to a **privacy-focused, secure, ad-free email service** like Proton Mail[^8Lq6A]˒[^0A6aC] [^0A6aC]: Proton Mail <https://proton.me/mail> <https://www.reddit.com/r/ProtonMail> [^8Lq6A]: The CEO of PROTON answers YOUR questions!, YoutTube <https://www.youtube.com/watch?v=Dp7ght2fMR4> Alternatives to Proton Mail: - [Mailbox.org](https://mailbox.org) (Germany) - [Mailfence](https://mailfence.com/) (Belgium) - [Posteo](https://posteo.de) (Germany) - [Tuta](https://tuta.com) (Germany) ## User Protection **Thread Model**[^REJIP] …provide ‘good privacy’ for individuals [^REJIP]: The Proton Mail Threat Model, Proton Blog <https://proton.me/blog/protonmail-threat-model> - …protects messages from mass surveillance & data breaches - …respects data privacy …follows regulations (like GDPR[^bfH1B]) - Does not protect against… - …compromised client devices - …man-in-the-middle attacks (for example by government organisations) - _For reference …controversy around Proton Mail[^AAjpJ]_ [^bfH1B]: GDPR compliance is easier with encrypted email, Proton <https://proton.me/business/gdpr> [^AAjpJ]: References about a Proton Mail controversy <https://proton.me/blog/cryptographic-architecture-response> <https://www.youtube.com/watch?v=AhdJzjC7Leo> <https://encryp.ch/blog/disturbing-facts-about-protonmail> <https://brian.carnell.com/articles/2021/the-truth-about-the-truth-about-protonmail/> **Tracking protection**[^LZVrr] …remove email trackers by default [^LZVrr]: Tracking protection, Proton Documentation <https://proton.me/support/email-tracker-protection> **Phishing filters**[^XDRpT] [^XDRpT]: What is phishing and how to prevent phishing attacks?, Proton Blog <https://proton.me/blog/what-is-phishing> - Proton Mail’s PhishGuard[^sh8QT] tries to prevent phishing attempts using… - …notifies the user to examine a mail more closely [^sh8QT]: What are DMARC, DKIM, and SPF?, Cloudflare Documentation <https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf> **Encryption**[^p20HV] — Mail body encrypted with PGP by default… - …offers no protection for users’ metadata (like mail subject, addresses, etc) - …private key is generated on the client side[^QeW8c] (protected by password) - …users are always end-to-end encrypted (only send/receiver can read a mail) - …exchange encrypted e-mails with off-site users[^jxLD0] …with pre-shared password) - …zero-access encryption[^sn9bC] on servers …therefore inaccessible to host [^p20HV]: What is end-to-end encryption and how does it work?, Proton Blog <https://proton.me/blog/what-is-end-to-end-encryption> [^sn9bC]: What is zero-access encryption and why is it important for security?, Proton Blog <https://proton.me/blog/zero-access-encryption> [^QeW8c]: How is the private key stored?, Proton Documentation <https://proton.me/support/how-is-the-private-key-stored> [^jxLD0]: How to send Password-protected Emails in Proton Mail, Proton Documentation <https://proton.me/support/password-protected-emails> **SPAM filter**… Todo ## Jurisdiction & Infrastructure **Jurisdiction**[^AAbea]… - …for-profit Swiss corporation Proton AG[^2NLSp] - …owned by nonprofit Proton Foundation[^TSwvb] - …neutral location outside of US, EU, and NATO jurisdiction - **Proton Policy**[^vtYAG] …describes data collected per user - …[legally obligated in Switzerland](https://proton.me/blog/switzerland) - …mail metadata available to law enforcement (if requested) - …no data is provided to third-parties as a business model [^vtYAG]: Privacy Policy, Proton Documentation <https://proton.me/legal/privacy> **Data-centers**… - …all infrastructure build by Proton (non cloud-based!) - …replication between Switzerland, Germany, Norway - …all data-centers run on green energy **Open Source** — Proton uses open-source cryptography - …encryption methods transparent to the public - …experts can review/verify security strength of Proton system - Proton mail client application available on GitHub[^XU4YJ] - Deploy involved in OpenPGP[^YRi6a] standardisation & development [^XU4YJ]: Proton Mail, GitHub <https://github.com/ProtonMail> [^YRi6a]: OpenPGP Project <https://www.openpgp.org> **Prices & payment**… - Free (single address, minimal storage) - Payed tiers …family & business plans - [Payment methods](https://proton.me/support/payment-options) (…unpaid invoices within 14 days) - credit cards, PayPal, Bitcoin - bank transfer with IBAN - cash (physical mail to Switzerland) ## Authentication & Recovery No support for PassKeys[^75EzY] (yet) [^75EzY]: Passkeys, FIDO Alliance <https://fidoalliance.org/passkeys/> Two-factor authentication… - …six-digit code generated by a 2FA authenticator app - …registered smartphone - …physical security key **Account recovery**… - …password is linked to your encryption key (reset prevents access to old data) - 12-word recovery phrase - recovery mail address, phone number - recovery file or backup encryption key - trusted [device-based recovery](https://proton.me/support/device-data-recovery) ## Email Addresses [**Mail aliases**](https://proton.me/support/creating-aliases)… - …users can create unlimited extra addresses - …additional free personal addresses (up to 10) - …unlimited [+aliases](https://proton.me/support/creating-aliases) (sub-email address) …automatically created on use - …hide-my-email aliases …randomly-generated email address that forwards emails to your main inbox ## Ecosystem Additional Features — Address book, calender, file storage - ProtonVPN[^wHYLw] [^AAbea]: Five Eyes, Nine Eyes, 14 Eyes, 2025/01 <https://cyberinsider.com/5-eyes-9-eyes-14-eyes> [^2NLSp]: Proton AG, Wikipedia <https://en.wikipedia.org/wiki/Proton_AG> [^wHYLw]: Proton VPN <https://en.wikipedia.org/wiki/Proton_VPN> <https://github.com/ProtonVPN> <https://protonvpn.com/> [^TSwvb]: Proton Foundation <https://proton.me/blog/proton-non-profit-foundation>