This is a challenging question to answer, but it is also a fair one, so we wanted to share our views about this in a blog post. In general, we strive to make our service require as little trust as possible. We encrypt data in a way that does not allow us to decrypt it(neues Fenster), we collect as little information as possible during user registration, and we accept Bitcoin and cash payments. We take these steps because it protects our users’ data and reduces the chance of any data being exposed. That being said, there is always going to be a certain level of trust required, even though we are an encrypted email service.
We should also state the fact that there is no such thing as 100% security or 100% trust because security is the sum of many parts. For example, are you sure an attacker has not placed a backdoor in your operating system and browser and is not secretly saving your keystrokes? Can you trust the integrity of your phone or computer hardware? Comprehensive security requires more than just trusting Proton Mail, as there are also a wide range of threats we can’t protect you against (like a compromise on your device). With all this in mind, here are our thoughts on why Proton Mail is worthy of your trust.
Why is Proton Mail trustworthy
The question of trust relies heavily on people. This is true even when it comes to software, since at the end of the day, code is written by people. From this perspective, we can analyze trust from a couple angles.
Transparency
As a company, we are committed to the highest levels of transparency so you know exactly who you are trusting. Our key employees(neues Fenster) and their backgrounds are public knowledge. Where we are based, the address of our headquarters, our company statutes, and even our directors are all a matter of public record and available for inspection at the Swiss commercial register(neues Fenster). Proton Mail’s initial financing through crowdfunding is also publicly documented(neues Fenster), along with the identities of many of our initial 10,000 financial backers. But we go even further than that. We also meticulously document and publish information on all the law enforcement requests(neues Fenster) that we receive.
Transparency also extends to our communications. We have a published threat model(neues Fenster) for our services that explains what we can and can’t protect against, and also a very clear privacy policy(neues Fenster). Furthermore, important updates are regularly posted on our blog and disseminated to the Proton community. We also engage in daily conversations with the Proton community on Reddit(neues Fenster), Twitter(neues Fenster), and other platforms(neues Fenster).
In other words, you know who runs the company, where we run it from, how we run it, what data we have, how we interact with law enforcement, and much more. We have maintained this level of transparency even as Proton has grown.
Open source and audited
We have been committed to open source since day one(neues Fenster). The Proton Mail web app(neues Fenster), iOS app(neues Fenster), Android app(neues Fenster), and all of our Proton VPN apps(neues Fenster) are already open source. This year, we plan on making our Bridge and Import-Export apps open source as well. Being open source means independent parties have audited our apps’ code and that anyone can verify it whenever they like.
This dedication to open source extends to our encryption. Since 2016, Proton Mail has maintained OpenPGPjs(neues Fenster), which is used by hundreds of projects and millions of users. It is one of the world’s most widely used open source encryption libraries. We also maintain GopenPGP(neues Fenster), which is an easy-to-use golang PGP library. The fact that hundreds of people have checked our work and actively use it in their own work gives users a unique opportunity to verify our service.
Business model
Proton has only one business: privacy. Proton also derives almost all of its income from a single source, and that is our user community. Thus, even if you take the most cynical view, from a purely self-interested financial standpoint, the Proton team has no incentive to betray user privacy and trust. Doing so would instantly destroy the company and community that we have dedicated our lives to building. In this sense, our interests and our community’s interests are fully aligned, and all of our incentives (financial or otherwise) drive us toward protecting user privacy.
Competence
An essential aspect of evaluating the trustworthiness of a service is to ask whether the people building the software are competent enough to do their jobs properly. This is important because most software compromises and vulnerabilities are caused by mistakes. While there is no conclusive way to prove competence, there are a number of factors that can be considered.
We also have a long history of successfully implementing sophisticated cryptosystems(neues Fenster). Recently, we added a new security feature to our iOS app, the AppKey Protection System(neues Fenster). When a user activates FaceID, TouchID, or PIN protection on the Proton Mail iOS app, it protects your Proton data with an extra layer of encryption against forensic searches, stalkerware, and certain types of malware. We have deployed strong authentication in Proton Mail and prevented man-in-the-middle attacks with advanced features such as Address Verification(neues Fenster). This technical expertise has allowed us to keep Proton Mail reliable and secure over many years.
This, in turn, has led to Proton being trusted by many users with heightened security needs. In addition to businesses large and small and tens of millions of people all around the world, our users include:
- The investigative journalist group Bellingcat(neues Fenster), which has been repeatedly targeted by state-sponsored Russian hackers;
- Government officials(neues Fenster) handling sensitive data;
- The international nonprofit organization Reporters Without Borders(neues Fenster), which trains journalists to use Proton Mail to protect their sources.
- Proton Mail is the tool recommended by the United Nations(neues Fenster) for documenting human rights abuses.
- Protest groups across the political spectrum, including HKMaps, whose app has been used by the Hong Kong protesters to organize.
Vetted by trusted third parties
While transparency and competence form a strong foundation for trust, you don’t have to take our word for it. We routinely subject our work to external security audits(neues Fenster) and peer review, and we routinely publish audit results.
Furthermore, as the recipient of innovation grants from the Swiss government and the European Union, Proton AG has been thoroughly checked and vetted by the European Commission. (These grants do not give any control to the grant agencies, nor obligate us in any way. Learn more here.) Proton has also partnered with Mozilla (the makers of the Firefox browser) who has thoroughly checked Proton VPN(neues Fenster).
The fact that trusted third parties have assessed both Proton Mail and Proton VPN provides a further guarantee that we live up to our word.
Legal guarantees
Proton is based in Switzerland, a country with strong privacy protections, and outside of the 14 eyes surveillance network(neues Fenster). Under Swiss law, we are only permitted to reveal user data if served with a binding legal order from the Swiss government. This means we are prohibited from sharing your data with anybody else, even if a foreign government asks us for it. Sharing data without a legal order is a criminal offense under Article 271 of the Swiss Criminal Code.
Because we also have offices in the EU and serve EU users, we are obligated to comply with the EU’s General Data Protection Regulation(neues Fenster) (GDPR). Under the GDPR, breaching user privacy can lead to fines of up to €20 million. This legal accountability also ensures that we respect user privacy and adhere strictly to our advertised privacy policy.
Track record
Proton Mail has been under the glare of public scrutiny from the very beginning, and our story is a matter of public record. Proton Mail’s creation by scientists who met at CERN (the European Organization for Nuclear Research) is well documented, including on the CERN website(neues Fenster). The scientific background of our leadership team can be easily verified by looking at our academic careers(neues Fenster) and scientific(neues Fenster) publications(neues Fenster).
We don’t simply talk about privacy; we have taken action time and time again. Some examples of this include:
- Training journalists at the Second Asian Investigative Journalism Conference(neues Fenster).
- Developing (and open sourcing) OpenPGPjs and GopenPGP to make encryption widespread.
- Giving technical talks(neues Fenster) about building privacy.
- Helping to force a nationwide referendum(neues Fenster) on Swiss surveillance laws(neues Fenster), even though Proton Mail was unaffected due to our encryption.
- Explaining our mission to build a more private Internet to millions of people worldwide at TedGlobal 2014(neues Fenster).
- Speaking at a United Nations conference(neues Fenster) about combating terrorism while protecting human rights online.
- Working with Reporters Without Borders to support a scholarship program for journalists.
- Providing funding for the largest independent news outlet in Belarus(neues Fenster).
- Standing up for the rights of our users by calling out government abuses in Kazakhstan(neues Fenster), harmful legislation in Australia(neues Fenster), and face surveillance in Massachusetts(neues Fenster).
Through the course of this work, many people have had the chance to meet us, get to know us, and confirm what we stand for.
Our commitment
As a company, we care deeply about our users and making the world a better place. For us, privacy and security are deeply held core beliefs that come before profits, and this drives our engagement with our community.
We are also grateful for your support. Proton’s mission is to make privacy accessible to all of the world’s citizens, and your continued support makes this mission possible. Together, we are a community of tens of millions who all share the same vision of a better Internet.
We know that trust is not given, but it must be earned, and we are committed to doing what is right to be worthy of your trust.
Best Regards,
The Proton Mail Team
Sign up and get a free secure email(neues Fenster) account from Proton Mail.
We also provide a free VPN service(neues Fenster) to protect your privacy.
Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(neues Fenster). Thank you for your support.