ProtonBlog(new window)

Today, we are making the Proton Sentinel high-security program available to anyone who wants the highest level of account security protection and support.

If you are subscribed to a Proton Visionary, Lifetime, Family, Unlimited, Business, or Pass Plus plan, you can go to account.proton.me and enable Proton Sentinel in Settings → All settings → Account → Security and Privacy.

The growth of the Proton ecosystem

When we first launched Proton Mail in 2014, we were asked if Proton was a privacy company or a security company. The biggest benefit for Proton users was the seamless end-to-end and zero-access encryption, which prevented even us, the service provider, from looking at our users’ email content. This made us confident that we were at least a pioneering privacy company(new window) fighting against internet surveillance. However, with just a few employees and servers, we knew there was a long way to go before we could also become a pioneering security company.

Nine years later, Proton is now a much more capable organization operating several widely-used internet services. Since our start as a crowdfunded project, we have steadily grown every year since 2014 and invested all our resources into building a private and secure ecosystem. The Proton ecosystem now consists of the following products:

The need for advanced protection

As the Proton ecosystem grew and more people used our services as digital safe havens, Proton Accounts became more attractive as targets for hackers and bad actors. While Proton’s encryption helps reduce some security risks, it is not enough to keep accounts secure. For example, if an attacker gets your Proton Account password, they could log in, read all your encrypted data, and even change your password to lock you out.

Even though Proton has not had any data loss, leaks, or breaches, attackers can potentially get your password by phishing you(new window) or trying leaked passwords from other services in the hope that you may have re-used passwords. This was a major threat, especially for accounts without two-factor authentication, and we had to carefully help many users recover their compromised accounts.

Risks like these were why, in addition to easy-to-use encryption, a lot of other pieces had to be built for Proton to be a reliable security company that users can trust and depend on for their most important communications. This is why under the hood of all Proton products and mostly invisible to our 100 million users, we have been investing heavily in fighting bad actors and securing Proton accounts and infrastructure.

Of Proton’s nearly 500 employees, over 10% have been dedicated to building these anti-abuse and security solutions(new window). As engineers, we were driven to innovate and didn’t want to just rely on legacy systems from third-party vendors. Instead, we decided to build scalable systems from the ground up that would run on our servers in Proton data centers, ensuring our complete control over our data security. We knew that over time, these custom systems would allow our top engineers and analysts to quickly iterate and improve our defenses after each attack, eventually becoming better than anything on the market.

We now employ global teams across three continents dedicated to managing these sophisticated solutions that combine human intellect with machine learning to protect all Proton users around the clock. Some results of our investments include:

  • Our custom spam filtering system, which is at least 60% more accurate than popular systems like SpamAssassin and catches millions of dangerous phishing emails every month.
  • The Proton VPN NetShield Ad-blocker(new window) feature, which in addition to blocking ads, can also prevent users from visiting the over 1 million phishing and malware-infested websites on its blocklists.
  • Our unique account protection system, which thwarts millions of attacker login attempts every month and has reduced compromised accounts by 80%.
  • Our custom traffic protection system, which mitigates hundreds of massive DDoS and brute force attacks each year.

Introducing the Proton Sentinel program

Today, we are launching Proton Sentinel, a high-security program that will allow our teams and systems to better protect users who need the most security. This program was motivated by our years of experience serving high-profile people and organizations from around the world. Some of our most security-demanding users include journalists from the largest publications, governments of several countries, leaders of international peace organizations, heads of major religions, and members of parliaments. Accounts such as these have a high risk of being attacked by criminals or state-backed hackers. We are now ready to provide the same level of advanced protection and support that we reserved for these VIPs to any Proton user that wants it through the Proton Sentinel program.

Users who enable Proton Sentinel will enjoy benefits such as:

  • Advanced protection that will be more likely to detect and challenge suspicious events such as login attempts.
  • Suspicious events will be escalated 24/7 to security analysts who will review the assessments made by our automated systems, providing a level of security that’s only possible by combining AI with human expertise.
  • Support requests related to account security will automatically escalate to trained security specialists.

The Proton Sentinel program distinguishes itself from other enhanced protection programs by going beyond strengthening the default protections (Proton’s defaults are already very secure). Proton Sentinel surpasses everything that has come before due to the human element. 

Accounts enrolled in the Proton Sentinel program are not just monitored 24/7 by software but also by teams of security analysts who are experts at detecting infiltration and account takeover attempts. This provides protection and support that greatly exceeds what is possible via automated systems alone.

Finally, we believe users are the ultimate guardians of their security, so Proton Sentinel users will see more account security alerts and information for self-monitoring. Important events in security logs, such as logins and account changes, will have a new column called Protection, showing any defensive actions our systems took. There will also be other useful information, such as the operating system and device that triggered the event.

Security logs of an account protected by Proton Sentinel from three suspicious login attempts.

How to enable the Proton Sentinel program

The Proton Sentinel program is not for everyone — it likely surpasses most people’s threat model. Additionally, if you share your account with other people and haven’t enabled two-factor authentication, you may not want to join the Sentinel program, as it will increase your chance of being challenged during logins.

Due to the expensive resources required to operate advanced account protection and support, the Proton Sentinel program is limited to the bundled plans with premium access to the whole Proton ecosystem: Proton Unlimited, Family, and Business, along with legacy Lifetime and Visionary accounts. We also offer it with our Proton Pass Plus plan so you can use it to protect your password manager account and, by extension, your passwords, which are some of your most sensitive data.

If you are a high-profile public figure, deal with sensitive data, or might be a target for cyberattacks, you can go to account.proton.me and enable Proton Sentinel in Settings → All settings → Account → Security and Privacy.

You can also learn more about Proton Sentinel in our Support section.

If you have more questions about Proton Sentinel or account security in general, please contact our Support team.

If your team or organization needs the highest level of privacy and security and would like to migrate to Proton, please contact our Sales team.

Protect your privacy with Proton
Create a free account

Related articles

At Proton, we have always been highly disciplined, focusing on how to best sustain our mission over time. This job is incredibly difficult. Everything we create always takes longer and is more complex than it would be if we did it without focusing on
is icloud keychain safe
If you’re on any Apple device, you’re familiar with the iCloud Keychain, the Apple password manager. It’s a handy tool that stores passwords for you and helps you manage your logins.  For a program that stores all your most sensitive data in one pla
We recently announced that Proton Pass now supports passkeys for everyone across all devices. Universal compatibility is a unique approach to implementing passkeys, unfortunately. Even though passkeys were developed by the FIDO Alliance and the Worl
How to upload and share private video
Your private videos are for your eyes only. However, not all cloud storage services are good at storing videos securely, let alone privately. In this article we explain what you can do to keep file sharing companies from having access to the videos y
Many email services, citing security reasons, require a phone number for identity verification. This creates an unfortunate paradox in which you must give up a highly sensitive piece of personal data to Big Tech. But there are simple ways to create
Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta