Over the past year, we’ve had a number of people ask us about our approach to Open Source software. The reality is that the most critical parts of Proton Mail have actually been open source from day one. This is not something that we have made a special effort to point out, and as a result it is not widely known.
All of the source code can be downloaded and viewed here:
https://github.com/openpgpjs/openpgpjs(new window)
In addition to using the OpenPGPjs library, our developers have also audited the library and we regularly contribute our fixes and improvements. In the past few months, we have also made extensive overhauls to the library in order to resolve a couple of major performance bottlenecks and when these changes are completed, we will be making a major OpenPGPjs release which we will detail in a future blog post.
ProtonMail’s approach to open source revolves around two core philosophies.
1. Standards Compliant
We believe in compatibility and interoperability. Thus, Proton Mail’s encryption complies fully with the OpenPGP standard. This brings a number of benefits. Because we are using an open standard, you as the user can know exactly how we are applying end-to-end encryption to secure your emails. In the future, we will be adding to Proton Mail the ability to import and export PGP keys. By complying with OpenPGP, it will be possible to do things like, download Proton Mail messages and decrypt them locally using your own PGP software.
2. Peer Review
As former scientists from CERN, MIT, and elsewhere, we are firm believers in the peer review process. Open source without peer review is just not sufficient. Because of this, we are committed to helping foster and maintain a strong community around OpenPGPjs. Today, OpenPGPjs has become the most well known Javascript PGP library with by far the largest user community. This translates to many developers from around the world reviewing and auditing the code with us to ensure that it is free of security flaws. Simply put, no other JS PGP library has undergone the same level of peer review.
The Future
We are committed to keeping Proton Mail’s cryptography open source for the long run. As time goes by, we will be continuing to open source more and more software packages as they mature. Recently, we completed the first native OpenPGP libraries for both iOS and Android which will be launched in our upcoming encrypted email mobile apps. These native libraries will allow for unparalleled performance and the best possible user experience for secure email on mobile. We look forward to continuing to support open source on mobile and beyond.
Sign up and get a free encrypted email account from Proton Mail.
