ProtonMail

ProtonMail is an email service protected by encryption.

Screenshot of the service page, (2017)

Messages sent between ProtonMail users are automatically encrypted. Letters sent from ProtonMail to other mail services are encrypted at the request of the sender. The encoding uses open AES, RSA and OpenPGP technologies, as well as a password that both the sender and the recipient of the letter must know.

Mail uses an additional password that loses all of the contents of the mailbox. When sending a message, the user can set a self-destruct timer for him - at least one hour, at most four weeks.

For such advanced security measures, ProtonMail was nicknamed "paranoid mail."

2021: ProtonMail has revealed the IP addresses of a number of its French users

ProtonMail revealed the IP addresses of a number of its French users associated with the "green" movement Youth for Climate. This became known on September 6, 2021. The data were provided at the request of the French authorities, after which these users were arrested. At the same time, the developers previously claimed that the ProtonMail does not collect IP addresses.

ProtonMail is owned by Proton Technologies, the main office and servers are located in Switzerland.

The creators of the ProtonMail were forced to issue personal data of some of their users under pressure from the Swiss authorities. They provided information about several activists of the Youth for Climate green movement, which is fighting climate change, including global warming. Detailed information about this organization in open sources disappearing little.

According to SlashGear, these activists were instructed to organize some kind of "climate camp" in France in 2020 and 2021. For unknown reasons, the activities of these people attracted the attention of the French authorities. They initiated an investigation, during which it turned out that Youth for Climate members used ProtonMail to communicate with each other and coordinate their actions.

After identifying the use of ProtonMail by activists of the movement, the French authorities sent an official request to provide them with personal data of these people directly to the Swiss authorities. They, for their part, ordered Proton Technologies to disclose their IP addresses to the French side.

It is known that as a result of all events, Youth for Climate participants who used the "paranoid mail" were arrested. There was no data on what exactly caused their detention, and how high their chances of being in prison were at the time of publication.

The situation around ProtonMail is related to Swiss domestic laws, which increase the level of control of the authorities over various organizations based in the country. Moreover, Switzerland often had to deal with other sovereign countries. And, although Swiss courts often seek to reject requests from foreign governments for the issuance of personal data, what happened to ProtonMail is one such case when they agreed with the requirements of Europol.

Andy Ian, the head of ProtonMail, said that his service actually registers the IP addresses of users, but not all, but only "some." What users belong to the category of "some," Andy Yen did not specify. He added only that these data are collected at the request of the Swiss authorities, without informing when it all began, and how many IP addresses have accumulated in the database during this time.

Users who expressed their dissatisfaction with the ProtonMail noted that in the conditions of using the service, it is not said what data it collects about them. The source noted that ProtonMail have the opportunity to receive additional functions in exchange for several dollars a month - from $4 (292 rubles at the Central Bank exchange rate on September 6, 2021) to $24 (1750 rubles). In other words, the service has a paid subscription, but even those users who pay him money do not ProtonMail explain the smallest details of the privacy terms.

If ProtonMail began to transfer the data of its French users to the authorities, then it is possible that the Russians may be in the same situation. Moreover, a similar precedent has already been created^[1].

2020: Blocking mail service in Russia

On January 29, 2020, it became known that Roskomnadzor began to block the protected postal service of ProtonMail in Russia. The decision to block was made by the Prosecutor General's Office of Russia, the agency's website said, on the basis of article 15.3 of the law "On Information."

As reported, domains www.protonmail.com and protonmail.com, according to the registry of prohibited sites, are blocked by domain and by. URL 33 IP addresses from the subnet 185.70.40.0/24 containing 256 addresses, and with them the entire subnet at the same address, were also blocked. Additionally, IP addresses 37.35.106.36 and 37.35.106.40 recorded as trusted mail addresses are blocked.

The reason for the blocking was the use of ProtonMail by attackers to send false messages about mass mines of objects in Russia in 2019 and 2020. At the same time, according to Roskomnadzor, the service has repeatedly "categorically refused" to provide the regulator with the information necessary to include it in the register of information dissemination organizers (ARI) on the Internet. In addition, the ProtonMail did not disclose information about the owners of mail addresses from which threatening messages were sent.

The ProtonMail service, according to the Federal Security Service (FSB) of Russia, was used by attackers to send messages about threats of explosions from January 24, 2020. Before that, they operated a StartMail service blocked in Russia from January 23, 2020.

Letters with information about mining came to the electronic mailboxes of ships in four constituent entities of Russia. They mentioned bombs in a total of 830 facilities - hospitals, transport, shopping centers, kindergartens, schools, etc. According to the FSB, all threats were false.

According to the department, the attackers used ProtonMail for similar purposes in 2019. Their mailings spoke about the threats of a terrorist attack in similar objects of social and transport infrastructure.

Blocking ProtonMail in January 2020 became the second in a row in the last 12 months. The first time this happened in March 2019 - the FSB blocked access to this mail for the same reason, for spreading false reports about the mining of public objects. An additional reason was the need to ensure the safety of the Winter Universiade, held in 2019 in Krasnodar.^[2]

2019

ProtonMail accused of user surveillance and law enforcement assistance

In mid-May, the head of the Swiss Center for Cybercrime, prosecutor Stefan Walder, made a presentation at a security conference. His performance was broadcast in real time on Twitter^[3] Swiss lawyer Martin^[4] was^[5].

According to Steiger's tweets, during the speech, Walder explicitly stated that the company ProtonMail voluntarily offers its help to the authorities and voluntarily monitors its users in almost real time, without requiring a warrant from the federal court. As a result, Steiger published the post^[6] in his blog, where he spoke in detail about exactly how IT companies should act (in accordance with Swiss law) in cooperation with authorities.

And although ProtonMail is a secure service with end-to-end encryption and the administration cannot know the actual content of client emails, developers still have access to metadata. Referring to the practice of the US National Security Agency, Steiger noted that metadata can also be extremely valuable for law enforcement agencies and special services.

Steiger emphasizes that ProtonMail is based in Switzerland and uses this as a marketing advantage, citing strict Swiss privacy laws. But in fact, at the same time, the service obeys local laws, and according to Walder, allegedly voluntarily helps law enforcement agencies.

Release of cryptographic library GopenPGP

On May 16, 2019, it became known that the developers of secure mail ProtonMail announced the release of the cryptographic library GopenPGP^[7].

Previously ProtonMail , they took on the support of a popular library enciphering e-mail based on JavaScript OpenPGP.js; the company brought a lot of interesting things to the project, and also ensured an independent audit of the security of the library.

GopenPGP is another project ProtonMail: a combination of a high-level library OpenPGP and a fork of the cryptographic library golang with support for elliptical cryptography.

We launched this project to simplify the task for developers of mobile and dextope applications who want to use OpenPGP in their applications, the ProtonMail message says.

The library is already used in its own mobile applications ProtonMail under iOS and Android, as well as in several of their paid solutions (Bridge, Import-Export).

In addition, GopenPGP opens the way to the discovery of sources of mobile and desktop applications. ProtonMail Web application sources were published back in 2015.

Security audit was GopenPGP carried out by SEC Consult. Oleg Galushkin commented on the audit:

The task of the experts was to make sure that the encryption library was devoid of vulnerabilities that would compromise secure correspondence. GopenPGP is intended for mobile applications and does not involve the use of complex and demanding encryption tools. The more important it was that the reliability of the library was not in doubt, 'said Oleg Galushkin, director of information security at SEC Consult Services, a Russian subsidiary of SEC Consult

The audit, however, identified two high-risk and medium-risk vulnerabilities.

The first allowed to replace the technical header, which gave the attacker the opportunity to make the victim believe that the signature was generated using a message algorithm different from the one that was actually used. That is, it actually created the possibility of replacing the contents of the letter.

The second vulnerability allowed the use of too short (i.e. weak) RSA encryption keys, which reduced the reliability of encryption.

Both problems were fixed by the developers of the ProtonMail.

A technical description of the security audit is available from the^[8] link].

Protonmail blocked in Russia

Russian users have problems accessing the Protonmail encrypted email system. A message about this appeared on the blog of Techmedia, on the platform Habr.com. At the same time, in the list of resources to which Roskomnadzor blocks access, there are no Protonmail servers^[9].

Protonmail is designed to exchange messages without the possibility of interception by third parties. When sending messages inside Protonmail, the service provides enciphering messages by exchanging keys between the users themselves, as a result of which the service itself does not see the content of messages.

E-mail on the Internet is forwarded using SMTP. In order to understand which server you want to send a letter to, special MX records are created in the DNS system (responsible for matching domains and IP addresses).

2018: Mysterious hacker announces hacking of super-secure "paranoid mail"

An unknown hacker published a statement on the Pastebin resource in November 2018 that he managed to hack into secure ProtonMail mail and steal a significant number of letters and user data. He demanded a "small fee" from the company, threatening otherwise to publish or sell the data. The ransom should be transferred to the attacker before November 23, 2018^[10]

ProtonMail stated in response that the service was not hacked and the allegations of the unknown have no basis. The company writes that it checked its systems, but did not find traces of the attack.

Data Composition

The hacker posted his message under the pseudonym AmFearLiathMor. According to him, he managed to introduce a backdoor into the ProtonMail system, which allowed him to steal user correspondence for several months, as well as get data such as their names, IP addresses, address books, etc.

According to the hacker, in his hands there was information of incredible importance, such as the correspondence of contractors of military departments, which contains evidence of their violation of the Geneva Convention. AmFearLiathMor also mentions data on the actions of underwater drones in the Pacific Ocean, information on possible violations of international agreements on Antarctica, etc. All this he refers to the so-called first data group.

The second group includes correspondence, proving the tendency of some dignitaries in business and the public sector to pedophilia. According to the hacker, he has the full names of these people and a first-person description of their crimes. The hypertrophied importance of the allegedly stolen information was another reason why the ProtonMail considered the hack to be fiction.

2017: Ability to log into mail via anonymous Tor network

In January 2017, CNews wrote that ProtonMail allowed users to enter mail through an anonymous Tor network. Specifically for this, the site protonirockerxow.onion was launched, where you can get through the Tor browser.

According to co-founder ProtonMail Andy Yen, this opportunity should help users ProtonMail circumvent state web censorship and Internet blocking by intelligence agencies of various countries at the provider level.

2016: Launch of full version and mobile application ProtonMail

A full-fledged version of the mail and mobile application was launched in March 2016^[11].

2013: Creating a service ProtonMail

The service was created in 2013 by employees of the European Organization for Nuclear Research (CERN). Servers are ProtonMail located in Switzerland, where strict privacy laws apply.

Notes