ProtonMail

ProtonMail is an email service protected by encryption.

Screenshot of the service page, (2017)

Messages sent between ProtonMail users are automatically encrypted. Letters sent from ProtonMail to other mail services are encrypted at the request of the sender. Encoding uses open AES, RSA and OpenPGP technologies, as well as a password that both the sender and the recipient of the letter should know.

Mail uses an additional password, the loss of which destroys all the contents of the mailbox. When sending a message, the user can set a self-destruct timer for him - at least one hour, a maximum of four weeks.

For such advanced security measures, ProtonMail has been nicknamed "paranoid mail."

2024: Proton hands over police data

In mid-May 2024, it became known that the protected email service Proton transmits confidential information about users to law enforcement agencies. Thus, the platform actually only creates the illusion of security.

The project website says that the Proton service uses end-to-end encryption and zero-access encryption, so no one except the users themselves has access to the contents of emails and attachments. The free tariff is provided thanks to paid subscriptions that provide additional features and increased storage. All Proton services are said to be open source and verified by independent security experts.

𝓲

ProtonMail

According to The Register, the Proton platform gave the Spanish police information about the email address of one of its users. After receiving information from Proton, the police sent a request to Apple to provide information about the owner of its devices registered in Apple ID with the specified postal address. As a result, law enforcement officers were able to identify the person. Presumably, the investigation is related to terrorism. Proton, in turn, says that its hands are tied by anti-terrorism laws.

Proton has minimal user information, as evidenced by the fact that in this case, information obtained from Apple was used to identify a terrorist suspect. Proton provides privacy, not anonymity, by default, the postal platform said in a statement.

This is not the first such case. In 2021, the Proton service revealed the IP addresses of several of its French users at once - one of them was subsequently arrested.^[1]

2021: ProtonMail revealed the IP addresses of a number of its French users

ProtonMail has revealed the IP addresses of a number of its French users linked to the "green" movement Youth for Climate. This became known on September 6, 2021. The data was provided at the request of the French authorities, after which these users were arrested. At the same time, the developers previously claimed that ProtonMail does not collect IP addresses.

ProtonMail is owned by the company and Proton Technologies headquartered servers in. Switzerland

The creators of ProtonMail were forced to issue personal data of some of their users under pressure from the Swiss authorities. They provided information on several activists of the "green" movement Youth for Climate, which is fighting climate change, including global warming. Detailed information about this organization in open sources disappearing little.

According to SlashGear, these activists were instructed to organize some kind of "climate camp" in France in 2020 and 2021. For unknown reasons, the activities of these people attracted the attention of the French authorities. They initiated an investigation, which revealed that Youth for Climate members used ProtonMail to communicate with each other and coordinate their actions.

After identifying the fact that ProtonMail was used by activists of the movement, the French authorities sent an official request to provide them with personal data of these people directly to the Swiss authorities. For their part, they ordered Proton Technologies to disclose their IP addresses to the French side.

It is known that as a result of all the events, Youth for Climate participants who used the "paranoid mail" were under arrest. There was no data on what exactly was the reason for their detention, and how high their chances of being in prison were at the time of publication of the material.

The situation around ProtonMail is related to Swiss domestic laws increasing the level of control of the authorities over various organizations based in the country. In addition, Switzerland often has to do business with other sovereign countries. And, although Swiss courts often seek to reject requests from foreign governments for personal data, what happened to ProtonMail is one of such cases when they agreed to Europol's demands.

Andy Eun, head of ProtonMail, said that his service actually registers the IP addresses of users, but not all, but only "some." Which users belong to the category of "some," Andy Eun did not specify. He added only that the collection of this data is carried out at the request of the Swiss authorities, without informing when it all started, and how many IP addresses have accumulated in the database during this time.

Users who expressed their dissatisfaction with ProtonMail noted that the conditions for using the service did not say what data it collects about them. The source noted that ProtonMail has the opportunity to receive additional functions in exchange for several dollars a month - from $4 (292 rubles at the Central Bank exchange rate as of September 6, 2021) and up to $24 (1750 rubles). In other words, the service has a paid subscription, but even those users who pay it money, ProtonMail does not explain the smallest details of the privacy conditions.

If ProtonMail began to transfer the data of its French users to the authorities, then it is possible that Russians may find themselves in the same situation. Moreover, a similar precedent has already been created^[2].

2020: Blocking of postal service in Russia

On January 29, 2020, it became known that Roskomnadzor began blocking the protected ProtonMail mail service in Russia. The decision to block was made by the Prosecutor General's Office of Russia, according to the agency's website, on the basis of Article 15.3 of the Law "On Information."

As reported, domains www.protonmail.com and protonmail.com, according to the registry of prohibited sites, are blocked by domain and by. URL IP 33 addresses from the 185.70.40.0/24 subnet containing 256 addresses, and with them the entire subnet at the same address, were also blocked. Additionally, IP addresses 37.35.106.36 and 37.35.106.40 recorded as trusted addresses for sending mail are blocked.

The reason for the blocking was the use of ProtonMail by cybercriminals to send false messages about mass mining of objects in Russia in 2019 and 2020. At the same time, Roskomnadzor claims, the service has repeatedly "categorically refused" to provide the regulator with the information necessary to include it in the register of organizers of information dissemination (ARI) on the Internet. In addition, ProtonMail did not disclose information about the owners of mail addresses from which threatening messages were sent.

The ProtonMail service, according to the Federal Security Service (FSB) of Russia, was used by cybercriminals to send messages about bomb threats from January 24, 2020. Before that, they operated the StartMail service, blocked in Russia from January 23, 2020.

Letters with information about mining were received by electronic mailboxes of ships in four constituent entities of Russia. They spoke about the laid bombs in a total of 830 objects hospitals-,, transport shopping centers, kindergartens, schools, etc. According to the FSB, all threats were false.

According to the department, the attackers used ProtonMail for similar purposes in 2019. Their mailings spoke about the threats of a terrorist attack in similar objects of social and transport infrastructure.

The blocking of ProtonMail in January 2020 was the second in a row in the last 12 months. For the first time, this happened in March 2019 - the FSB blocked access to this mail for the same reason for spreading false reports about the mining of public facilities. An additional reason was the need to ensure the safety of the Winter Universiade, which took place in 2019 in Krasnodar.^[3]

2019

ProtonMail accused of spying on users and helping law enforcement agencies

In mid-May, the head of the Swiss Center for Cybercrime, prosecutor Stefan Walder, made a report at a security conference. His live speech was broadcast on Twitter^[4] Swiss lawyer Martin^[5].

According to Steiger's tweets, during his speech, Walder explicitly stated that ProtonMail voluntarily offers its help to the authorities and voluntarily monitors its users almost in real time, without requiring a warrant from a federal court. As a result, Steiger published^[6] in his blog, where he spoke in detail about exactly how IT companies should act (in accordance with Swiss law) in matters of cooperation with authorities.

And although ProtonMail is a secure service with end-to-end encryption and the administration cannot know the actual content of customer emails, developers still have access to metadata. Referring to the practice of the US National Security Agency, Steiger noted that metadata can also be extremely valuable for law enforcement agencies and special services.

Steiger emphasizes that ProtonMail is based in Switzerland and uses this as a marketing advantage, citing strict Swiss privacy laws. But in fact, the service is subject to local laws, and according to Walder, allegedly voluntarily helps law enforcement agencies.

GopenPGP Cryptographic Library Release

On May 16, 2019, it became known that the developers of ProtonMail secure mail announced the release of the GopenPGP^[7] cryptographic library].

Previously ProtonMail , they took over support for the popular library enciphering email based on JavaScript OpenPGP.js; The company brought a lot of interesting things to the project, and also ensured an independent audit of the library's security.

GopenPGP is another ProtonMail project: a combination of a high-level OpenPGP library and a fork in the golang cryptographic library with support for elliptical cryptography.

We launched this project to simplify the task for developers of mobile and dextic applications who want to use OpenPGP in their applications, says ProtonMail.

The library is already used in ProtonMail's own mobile applications for iOS and Android, as well as in several of their paid solutions (Bridge, Import-Export).

In addition, GopenPGP paves the way for the opening of the source of ProtonMail mobile and desktop applications. The sources of the web application were published back in 2015.

The security audit of GopenPGP was handled by SEC Consult. Oleg Galushkin commented on the audit:

The task of the experts was to make sure that the encryption library was devoid of vulnerabilities that would compromise secure correspondence. GopenPGP is designed for mobile applications and does not involve the use of complex and resource-intensive encryption tools. It was all the more important that the reliability of the library was not in doubt, 'said Oleg Galushkin, Director of Information Security at SEC Consult Services, a Russian subsidiary of SEC Consult '

During the audit, however, two vulnerabilities with high and medium threat degrees were identified.

The first allowed you to replace the technical header, which gave the attacker the opportunity to make the victim believe that the signature was generated using a message algorithm other than the one that was actually used. That is, in fact, it created the possibility of replacing the contents of the letter.

The second vulnerability allowed the possibility of using too short (i.e. weak) RSA encryption keys, which reduced the reliability of encryption.

Both problems were fixed by ProtonMail developers.

A technical description of the security audit is available from the^[8] link].

Protonmail blocked in Russia

Russian users are experiencing problems accessing the Protonmail encrypted email system. A message about this appeared on the blog of Techmedia, on the platform Habr.com. At the same time, in the list of resources to which Roskomnadzor blocks access, there are no Protonmail servers^[9].

Protonmail is designed to exchange messages without the ability to intercept by third parties. When sending messages inside Protonmail, the service provides encryption of messages by exchanging keys between the users themselves, as a result of which the service itself does not see the contents of the messages.

Email on the Internet is sent via SMTP. In order to understand which server needs to send a letter to, special MX records are created in the DNS system (responsible for the correspondence of domains and IP addresses).

2018: Mystery hacker claims breach of ultra-secure'paranoid mail'

An unknown hacker published a statement on Pastebin in November 2018 that he managed to hack ProtonMail's secure mail and steal a significant amount of letters and user data. He demanded a "small reward" from the company, threatening to otherwise publish or sell the data. The ransom must be handed over to the attacker by November 23, 2018^[10]

ProtonMail said in response that the service was not hacked and the allegations of the unknown were unfounded. The company writes that it checked its systems, but found no traces of the attack.

Data composition

The hacker posted his message under the pseudonym AmFearLiathMor. According to him, he managed to introduce a backdoor into the ProtonMail system, which allowed him to steal user correspondence for several months, as well as obtain data such as their names, IP addresses, recipient books, etc.

According to the hacker, information of incredible importance, such as correspondence between contractors of military departments, which contains evidence of their violation of the Geneva Convention, was in his hands. AmFearLiathMor also mentions data on the actions of underwater drones in the Pacific Ocean, information on a possible violation of international agreements on Antarctica, etc. All this he refers to the so-called first group of data.

The second group includes correspondence proving the tendency of some dignitaries in business and the public sector to pedophilia. According to the hacker, he has the full names of these people and a description of their first-person crimes. The hypertrophied importance of the allegedly stolen information was another reason why ProtonMail considered the hack a fiction.

2017: Ability to log in to mail via the anonymous Tor network

In January 2017, CNews wrote that ProtonMail allowed users to enter mail through the anonymous Tor network. Especially for this, the protonirockerxow.onion website was launched, which can be accessed through the Tor browser.

According to ProtonMail co-founder Andy Yen, this feature should help ProtonMail users bypass state web censorship and blocking Internet by special services in various countries at the level. providers

2016: Launch of the full version and mobile application ProtonMail

ProtonMail launched a full^[11] mail and a mobile application in March 2016].

2013: Creation of ProtonMail service

The service was created in 2013 by employees of the European Organization for Nuclear Research (CERN). ProtonMail servers are located in Switzerland, where tough privacy laws apply.

Notes