Proton

UPDATE 11 October 2021: We are now using Let’s Encrypt(nieuw venster) as the Certificate Authority that verifies the SSL certificates used to secure the Proton Mail and Proton VPN web sites. For more information on this, and for instructions on how to check the validity of our certificate, please see Proton Mail’s TLS/SSL Certificate.

Proton Mail is all about privacy and we want to do our best to protect everyone’s data and communication. When accessing proton.me, the transmission of information between your browsers and our servers in Switzerland is always encrypted and protected by HTTPS(nieuw venster). While this is not the same as the end-to-end encryption concept of PGP, it is nevertheless important for protecting you from man-in-the-middle attacks and other forms of communication eavesdropping.

For HTTPS, each website has a SSL certificate that is verified by a trusted certificate authority. The certificate authority that vouches for Proton Mail is QuoVadis Trustlink Schweiz AG(nieuw venster), which is a subsidiary of the Swiss postal service. A modern browser should automatically check the validity of the certificate of a HTTPS protected website and alert you if it detects something untrustworthy. For the uber security conscious users who want to manually check, the SHA1 hash/fingerprint/thumbprint of our certificate is:

0C 13 D9 0D 85 8A B7 8D 14 5E 9C 59 5B FE 2D 2E 3D 67 86 51

The fingerprint for app.proton.me is:

95 20 1C 7D 7D 3D BE E4 4E EF AB 93 00 A1 E3 45 F5 AB A8 59

If this matches what you see in your browser, then you know you are communicating with the real Proton Mail website and using the correct public key to encrypt your sensitive information and only Proton Mail can decrypt it.

You can check it in Chrome as follows:

Click on the lock button in front of the URL.

Go to Connection and click on Certificate Information.

In Details, show All and verify the Thumbprint matches the one above (make sure you are looking at the certificate for proton.me, not QuoVadis Trustlink Schweiz AG(nieuw venster) ).

You can check it in Firefox as follows:

Click on the lock button in front of the URL and click on More Information.

Go to Security and click on View Certificate.

In General, verify the SHA1 Fingerprint matches the one above (make sure you are looking at the certificate for proton.me, not QuoVadis Trustlink Schweiz AG(nieuw venster)).

We will continue to improve our security protocols and roll out more security features as we scale up. Thanks for all the interest and help from the community!

Sign up and get a free encrypted email account from Proton Mail.

Gerelateerde artikelen

An encryption lock breaking
en
Apple turned off its end-to-end encryption in the UK in response to a government notice. We look at what this means and how people in the UK can protect their data.
Image showing Google, Apple, and Meta as apps that allow surveillance
en
Big Tech companies - Apple, Google, and Meta - have built a mass surveillance machine that the government can easily tap into.
Proton symbol for protecting user privacy after Apple disabled ADP in the UK
en
Apple dropped ADP for UK users, leaving data unprotected by end-to-end encryption. See why E2EE matters and how to keep your data safe.
The cover image for a Proton Pass blog about how to find your saved passwords on Android, which shows a phone screen, an Android icon, and three password fields
en
If you're using an Android device, here's how you can find the saved passwords on your phone and how Proton Pass can help you organize them more securely.
Email verification: How to check whether an email address is legit
en
Find out how to verify an email address to ensure it’s legitimate, protect your communications, and avoid scams or phishing attempts.
The cover image for a Proton Pass blog announcing that single sign-on is now available, the image shows a sign in screen on top of the Proton Pass logo
en
Our business password manager with Single Sign-On (SSO) can help keep your company secure and save employees time.