Today, we are making the Proton Sentinel high-security program available to anyone who wants the highest level of account security protection and support.
If you are subscribed to a Proton Visionary, Lifetime, Family, Unlimited, or Business plan, you can go to account.proton.me and enable Proton Sentinel in Settings → All settings → Account → Security and Privacy.
The growth of the Proton ecosystem
When we first launched Proton Mail in 2014, we were asked if Proton was a privacy company or a security company. The biggest benefit for Proton users was the seamless end-to-end and zero-access encryption, which prevented even us, the service provider, from looking at our users’ email content. This made us confident that we were at least a pioneering privacy company fighting against internet surveillance. However, with just a few employees and servers, we knew there was a long way to go before we could also become a pioneering security company.
Nine years later, Proton is now a much more capable organization operating several widely-used internet services. Since our start as a crowdfunded project, we have steadily grown every year since 2014 and invested all our resources into building a private and secure ecosystem. The Proton ecosystem now consists of the following products:
- Proton Mail and Proton Calendar are the go-to encrypted alternatives to Gmail.
- Proton VPN is top ranked among all VPN services(new window), and its generous free version is the first choice for millions of people in oppressive regimes who need internet freedom but can’t pay.
- Proton Drive provides easy-to-use encrypted file storage and sharing.
- Proton Pass innovatively combines email aliases with password management to protect your identity on the internet.
The need for advanced protection
As the Proton ecosystem grew and more people used our services as digital safe havens, Proton Accounts became more attractive as targets for hackers and bad actors. While Proton’s encryption helps reduce some security risks, it is not enough to keep accounts secure. For example, if an attacker gets your Proton Account password, they could log in, read all your encrypted data, and even change your password to lock you out.
Even though Proton has not had any data loss, leaks, or breaches, attackers can potentially get your password by phishing you or trying leaked passwords from other services in the hope that you may have re-used passwords. This was a major threat, especially for accounts without two-factor authentication, and we had to carefully help many users recover their compromised accounts.
Risks like these were why, in addition to easy-to-use encryption, a lot of other pieces had to be built for Proton to be a reliable security company that users can trust and depend on for their most important communications. This is why under the hood of all Proton products and mostly invisible to our 100 million users, we have been investing heavily in fighting bad actors and securing Proton accounts and infrastructure.
Of Proton’s nearly 500 employees, over 10% have been dedicated to building these anti-abuse and security solutions. As engineers, we were driven to innovate and didn’t want to just rely on legacy systems from third-party vendors. Instead, we decided to build scalable systems from the ground up that would run on our servers in Proton data centers, ensuring our complete control over our data security. We knew that over time, these custom systems would allow our top engineers and analysts to quickly iterate and improve our defenses after each attack, eventually becoming better than anything on the market.
We now employ global teams across three continents dedicated to managing these sophisticated solutions that combine human intellect with machine learning to protect all Proton users around the clock. Some results of our investments include:
- Our custom spam filtering system, which is at least 60% more accurate than popular systems like SpamAssassin and catches millions of dangerous phishing emails every month.
- The Proton VPN NetShield Ad-blocker(new window) feature, which in addition to blocking ads, can also prevent users from visiting the over 1 million phishing and malware-infested websites on its blocklists.
- Our unique account protection system, which thwarts millions of attacker login attempts every month and has reduced compromised accounts by 80%.
- Our custom traffic protection system, which mitigates hundreds of massive DDoS and brute force attacks each year.
Introducing the Proton Sentinel program
Today, we are launching Proton Sentinel, a high-security program that will allow our teams and systems to better protect users who need the most security. This program was motivated by our years of experience serving high-profile people and organizations from around the world. Some of our most security-demanding users include journalists from the largest publications, governments of several countries, leaders of international peace organizations, heads of major religions, and members of parliaments. Accounts such as these have a high risk of being attacked by criminals or state-backed hackers. We are now ready to provide the same level of advanced protection and support that we reserved for these VIPs to any Proton user that wants it through the Proton Sentinel program.
Users who enable Proton Sentinel will enjoy benefits such as:
- Advanced protection that will be more likely to detect and challenge suspicious events such as login attempts.
- Suspicious events will be escalated 24/7 to security analysts who will review the assessments made by our automated systems, providing a level of security that’s only possible by combining AI with human expertise.
- Support requests related to account security will automatically escalate to trained security specialists.
The Proton Sentinel program distinguishes itself from other enhanced protection programs by going beyond strengthening the default protections (Proton’s defaults are already very secure). Proton Sentinel surpasses everything that has come before due to the human element.
Accounts enrolled in the Proton Sentinel program are not just monitored 24/7 by software but also by teams of security analysts who are experts at detecting infiltration and account takeover attempts. This provides protection and support that greatly exceeds what is possible via automated systems alone.
Finally, we believe users are the ultimate guardians of their security, so Proton Sentinel users will see more account security alerts and information for self-monitoring. Important events in security logs, such as logins and account changes, will have a new column called Protection, showing any defensive actions our systems took. There will also be other useful information, such as the operating system and device that triggered the event.
How to enable the Proton Sentinel program
The Proton Sentinel program is not for everyone — it likely surpasses most people’s threat model. Additionally, if you share your account with other people and haven’t enabled two-factor authentication, you may not want to join the Sentinel program, as it will increase your chance of being challenged during logins.
Due to the expensive resources required to operate advanced account protection and support, the Proton Sentinel program is limited to the bundled plans with premium access to the whole Proton ecosystem: Proton Unlimited, Family, and Business, along with legacy Lifetime and Visionary accounts.
If you are a high-profile public figure, deal with sensitive data, or might be a target for cyberattacks, you can go to account.proton.me and enable Proton Sentinel in Settings → All settings → Account → Security and Privacy.
You can also learn more about Proton Sentinel in our Support section.
If you have more questions about Proton Sentinel or account security in general, please contact our Support team.
If your team or organization needs the highest level of privacy and security and would like to migrate to Proton, please contact our Sales team.