Proton

Today, we are making the Proton Sentinel high-security program available to anyone who wants the highest level of account security protection and support.

If you are subscribed to a Proton Visionary, Lifetime, Family, Unlimited, Business, or Pass Plus plan, you can go to account.proton.me and enable Proton Sentinel in Settings → All settings → Account → Security and Privacy.

The growth of the Proton ecosystem

When we first launched Proton Mail in 2014, we were asked if Proton was a privacy company or a security company. The biggest benefit for Proton users was the seamless end-to-end and zero-access encryption, which prevented even us, the service provider, from looking at our users’ email content. This made us confident that we were at least a pioneering privacy company fighting against internet surveillance. However, with just a few employees and servers, we knew there was a long way to go before we could also become a pioneering security company.

Nine years later, Proton is now a much more capable organization operating several widely-used internet services. Since our start as a crowdfunded project, we have steadily grown every year since 2014 and invested all our resources into building a private and secure ecosystem. The Proton ecosystem now consists of the following products:

The need for advanced protection

As the Proton ecosystem grew and more people used our services as digital safe havens, Proton Accounts became more attractive as targets for hackers and bad actors. While Proton’s encryption helps reduce some security risks, it is not enough to keep accounts secure. For example, if an attacker gets your Proton Account password, they could log in, read all your encrypted data, and even change your password to lock you out.

Even though Proton has not had any data loss, leaks, or breaches, attackers can potentially get your password by phishing you or trying leaked passwords from other services in the hope that you may have re-used passwords. This was a major threat, especially for accounts without two-factor authentication, and we had to carefully help many users recover their compromised accounts.

Risks like these were why, in addition to easy-to-use encryption, a lot of other pieces had to be built for Proton to be a reliable security company that users can trust and depend on for their most important communications. This is why under the hood of all Proton products and mostly invisible to our 100 million users, we have been investing heavily in fighting bad actors and securing Proton accounts and infrastructure.

Of Proton’s nearly 500 employees, over 10% have been dedicated to building these anti-abuse and security solutions. As engineers, we were driven to innovate and didn’t want to just rely on legacy systems from third-party vendors. Instead, we decided to build scalable systems from the ground up that would run on our servers in Proton data centers, ensuring our complete control over our data security. We knew that over time, these custom systems would allow our top engineers and analysts to quickly iterate and improve our defenses after each attack, eventually becoming better than anything on the market.

We now employ global teams across three continents dedicated to managing these sophisticated solutions that combine human intellect with machine learning to protect all Proton users around the clock. Some results of our investments include:

  • Our custom spam filtering system, which is at least 60% more accurate than popular systems like SpamAssassin and catches millions of dangerous phishing emails every month.
  • The Proton VPN NetShield Ad-blocker(new window) feature, which in addition to blocking ads, can also prevent users from visiting the over 1 million phishing and malware-infested websites on its blocklists.
  • Our unique account protection system, which thwarts millions of attacker login attempts every month and has reduced compromised accounts by 80%.
  • Our custom traffic protection system, which mitigates hundreds of massive DDoS and brute force attacks each year.

Introducing the Proton Sentinel program

Today, we are launching Proton Sentinel, a high-security program that will allow our teams and systems to better protect users who need the most security. This program was motivated by our years of experience serving high-profile people and organizations from around the world. Some of our most security-demanding users include journalists from the largest publications, governments of several countries, leaders of international peace organizations, heads of major religions, and members of parliaments. Accounts such as these have a high risk of being attacked by criminals or state-backed hackers. We are now ready to provide the same level of advanced protection and support that we reserved for these VIPs to any Proton user that wants it through the Proton Sentinel program.

Users who enable Proton Sentinel will enjoy benefits such as:

  • Advanced protection that will be more likely to detect and challenge suspicious events such as login attempts.
  • Suspicious events will be escalated 24/7 to security analysts who will review the assessments made by our automated systems, providing a level of security that’s only possible by combining AI with human expertise.
  • Support requests related to account security will automatically escalate to trained security specialists.

The Proton Sentinel program distinguishes itself from other enhanced protection programs by going beyond strengthening the default protections (Proton’s defaults are already very secure). Proton Sentinel surpasses everything that has come before due to the human element. 

Accounts enrolled in the Proton Sentinel program are not just monitored 24/7 by software but also by teams of security analysts who are experts at detecting infiltration and account takeover attempts. This provides protection and support that greatly exceeds what is possible via automated systems alone.

Finally, we believe users are the ultimate guardians of their security, so Proton Sentinel users will see more account security alerts and information for self-monitoring. Important events in security logs, such as logins and account changes, will have a new column called Protection, showing any defensive actions our systems took. There will also be other useful information, such as the operating system and device that triggered the event.

Security logs of an account protected by Proton Sentinel from three suspicious login attempts.

How to enable the Proton Sentinel program

The Proton Sentinel program is not for everyone — it likely surpasses most people’s threat model. Additionally, if you share your account with other people and haven’t enabled two-factor authentication, you may not want to join the Sentinel program, as it will increase your chance of being challenged during logins.

Due to the expensive resources required to operate advanced account protection and support, the Proton Sentinel program is limited to the bundled plans with premium access to the whole Proton ecosystem: Proton Unlimited, Family, and Business, along with legacy Lifetime and Visionary accounts. We also offer it with our Proton Pass Plus plan so you can use it to protect your password manager account and, by extension, your passwords, which are some of your most sensitive data.

If you are a high-profile public figure, deal with sensitive data, or might be a target for cyberattacks, you can go to account.proton.me and enable Proton Sentinel in Settings → All settings → Account → Security and Privacy.

You can also learn more about Proton Sentinel in our Support section.

If you have more questions about Proton Sentinel or account security in general, please contact our Support team.

If your team or organization needs the highest level of privacy and security and would like to migrate to Proton, please contact our Sales team.

Protect your privacy with Proton
Create a free account

Related articles

People and companies are generally subject to the laws of the country and city where they are located, and those laws can change when they move to a new place. However, the situation becomes more complicated when considering data, which can be subjec
Your online data is no longer just used for ads but also for training AI. Google uses publicly available information to train its AI models, raising concerns over whether AI is even compatible with data protection laws. People are worried companies
iPhone stores passwords in iCloud Keychain, Apple’s built-in password manager. It’s convenient but has some drawbacks. A major issue is that it doesn’t work well with other platforms, making it hard for Apple users to use their passwords and passkeys
There are many reasons you may need to share passwords, bank details, and other highly sensitive information. But we noticed that many people do this via messaging apps or other methods that put your data at risk. In response to the needs of our com
Large language models (LLMs) trained on public datasets can serve a wide range of purposes, from composing blog posts to programming. However, their true potential lies in contextualization, achieved by either fine-tuning the model or enriching its p
is Google Docs secure
Your online data is incredibly valuable, particularly to companies like Google that use it to make money through ads. This, along with Google’s numerous privacy violations, has led many to question the safety of their information and find alternative