all-in-one privacy solution":["Proton Unlimited tam kapsamlı bir gizlilik ve güvenlik çözümüdür"],"Black Friday":["Muhteşem Cuma"],"No ads. Privacy by default.":["Reklamsız. Privacy by default."],"People before profits":["İnsanlar paradan önce gelir"],"Security through transparency":["Şeffaflık ile güvenlik"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["En iyi Proton Mail ${ BLACK_FRIDAY } fırsatları"],"The world’s only community- supported email service":["Dünyanın tek topluluk tarafından desteklenen e-posta hizmeti"]},"specialoffer:limited":{"${ hours } hour":["${ hours } saat","${ hours } saat"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["${ hoursLeft } - ${ minutesLeft } - ${ secondsLeft } kaldı"],"${ minutes } minute":["${ minutes } dakika","${ minutes } dakika"],"${ seconds } second":["${ seconds } saniye","${ seconds } saniye"],"Limited time offer":["Sınırlı süreli teklif"]},"specialoffer:listitem":{"Create multiple addresses":["Birden adres oluşturun"],"Hide-my-email aliases":["Hide-my-email takma adları (e-posta adresi)"],"Quickly unsubscribe from newsletters":["Bülten aboneliğinden hızlı ayrılma"],"Use your own domain name":["Kendi etki alanınızı kullanın"]},"specialoffer:logos":{"As featured in":["Belirtildiği gibi"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Gizliliğinizi koruyan bir şifreli e-posta edinin"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Proton Mail Muhteşem Cuma İndirimleri - %40'a varan indirimler"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Bu Muhteşem Cuma'da Proton Mail aboneliklerinde %40'a varan indirimlerden faydalanın. Uçtan uca şifrelenmiş e-posta tarifelerimiz için muhteşem fırsatlardan yararlanın."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Proton Mail Muhteşem Cuma İndirimleri - Güvenli e-postada %40'a varan indirimler"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* İlk yıl için ${ TOTAL_SUM } üzerinden faturalandırılır"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["*ilk 2 yıl için ${ TOTAL_SUM } üzerinden faturalandırılır"],"30-day money-back guarantee":["30 günlük para iade garantisi"],"Billed at ${ TOTAL_SUM } for the first 2 years":["İlk 2 yıl için ${ TOTAL_SUM } üzerinden faturalandırılır"],"Billed at ${ TOTAL_SUM } for the first year":["İlk yıl için ${ TOTAL_SUM } üzerinden faturalandırılır"],"You save ${ SAVE_SUM }":["${ SAVE_SUM } tasarruf ediyorsunuz"]},"specialoffer:off":{"${ DISCOUNT } off":["${ DISCOUNT } indirim"],"${ PERCENT_OFF } off":["${ PERCENT_OFF } indirim"]},"specialoffer:testimonial":{"I love my ProtonMail":["ProtonMail'imi seviyorum"],"My favorite email service":["En sevdiğim e-posta hizmeti"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Hepimizi bu karışık internet evreninde güvende tuttuğun için teşekkürler Proton."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Ödediğinizin karşılığını alırsınız. Big Tech şirketleri söz konusu olduğunda, hiçbir şey ödememiyorsanız sizi kullanırlar. Gmail kullanmayı bıraktım ve @ProtonMail hizmetine geçtim"]},"specialoffer:time":{"Days":["Gün"],"Hours":["Saat"],"Min":["Dakika"]},"specialoffer:title":{"And much more":["Ve çok daha fazlası"],"Make your inbox yours":["Gelen kutunuzu kendize özel tutun"],"Safe from trackers":["İzleyicilerden güvende olun"],"Stay organized":["Düzenli kalın"],"Black Friday email deals":["Muhteşem Cuma e-posta fırsatları"],"Don’t just take our word for it":["Sırf bizden duymuş olmayın"],"Our story":["Öykümüz"],"Transfer your data from Google in one click":["Google'dan bilgilerinizi tek tıkla aktarın"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Yasaklı içeriklere erişin ve gizlice gezinin. ${ TOTAL_COUNTRIES } üzeri ülkede ${ TOTAL_SERVERS } üzerinde sunucu, 10 aygıta kadar bağlantı, dünya çapındaki yayın hizmetlerine erişim, kötü amaçlı yazılım ve reklam engelleyici, ve daha fazlasını içerir."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Takviminizi bir bağlantı aracılığıyla ailenizle, arkadaşlarınızla veya iş arkadaşlarınızla paylaşın ve başka takvimleri görüntüleyin."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["1 özel e-posta etki alanı, 10 e-posta adresi, 10 hide-my-email takma adı, takvim paylaşma ve daha fazlası için destek içerir."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["3 özel e-posta etki alanı, 15 e-posta adresi, sınırsız hide-my-email takma adı, takvim paylaşma ve daha fazlası için destek içerir."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["25'ye kadar takvim yönetin, mobil uygulamalar, uçtan uca şifreleme ile koruma, Google'dan tek tıkla aktarma ve daha fazlası."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["Şu anda Proton VPN hizmetiyle ilgili sorunlar yaşıyoruz"],"Learn more":["Ayrıntılı bilgi alın"]},"Status banner":{"Learn more":["Ayrıntılı bilgi alın"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Şu anda ${ issues[0] } hizmeti ile ilgili sorun yaşamaktayız, bilginize."],"We are experiencing issues with one or more services at the moment.":["Şu anda bir veya daha fazla hizmet ile ilgili sorun yaşamaktayız."]},"suggestions":{"Suggestions":["Öneriler"]},"Support":{"Sub category":["Alt kategori","Alt kategori"]},"Support article":{"${ readingTime } min":["${ readingTime } dakikalık","${ readingTime } dakikalık"],"Category":["Kategori","Kategori"],"Didn’t find what you were looking for?":["Aradığınızı bulamadınız mı?"],"General contact":["Genel iletişim"],"Get help":["Yardım alın"],"Legal contact":["Hukuki iletişim"],"Media contact":["Medya iletişimi"],"Partnerships contact":["Ortaklık iletişimi"],"Reading":["Okuma süresi"]},"Support categories":{"Browse Proton product support":["Proton ürün desteğine göz atın"]},"Support category":{"There is no article in this category yet.":["Bu kategoride henüz bir makale yok."]},"Support troubleshooting":{"--- Select ---":["--- Seç ---"],"App version":["Uygulama sürümü"],"Browser":["Tarayıcı"],"Check if this helps":["Yardımcı olabilecek bu cevaba bir göz atın"],"Choose a category for your question":["Sorunuz için bir kategori seçin"],"Choose a product":["Bir ürün seçin"],"Did this solve your issue ?":["Bu, sorununuzu çözdü mü?"],"Faster assistance is just a few clicks away — please make your selections":["Daha hızlı yardım birkaç tık uzağınızda, lütfen tercihlerinizi yapın"],"No, contact support":["Hayır, destekle iletişime geçin"],"Proton account":["Proton hesabı"],"Proton Bridge":["Proton Bridge"],"Proton Calendar":["Proton Calendar"],"Proton Drive":["Proton Drive"],"Proton for Business":["Proton for Business"],"Proton Mail":["Proton Mail"],"Proton Pass":["Proton Pass"],"Proton VPN":["Proton VPN"],"Thank you for your feedback":["Geri bildiriminiz için teşekkürler"],"Troubleshooting":["Sorun giderme"],"What can we help with ?":["Ne konuda yardımcı olabiliriz?"],"Yes":["Evet"]},"support_modal_search_query":{"Search query":["Sorgu ara"]},"support_search_button":{"Search":["Ara"]},"support_search_i_am_looking_for":{"I'm looking for":["Şunu arıyorum: -"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Daha hızlı bir çözüm için, lütfen sorunu Bridge uygulamasının Yardım > Bir sorun bildir kısmından bildiririn."],"Information":["Bilgi"]},"SupportForm:option":{"Account Security":["Hesap Güvenliği"],"Contacts":["Kişiler"],"Custom email domain":["Özel e-posta etki alanı"],"Email delivery and Spam":["E-posta iletimi ve istenmeyen e-postalar"],"Encryption":["Şifreleme"],"Login and password":["Oturum ve şifre"],"Merge aliases and accounts":["Takma adları (e-posta adresi) ve hesapları birleştir"],"Migrate to Proton":["Proton üzerine aktarım"],"Notifications":["Bildirimler"],"Other":["Diğer"],"Plans and billing":["Tarifeler ve faturalandırma"],"Proton for Business":["Proton for Business"],"Sign up":["Hesap açma"],"Storage":["Depolama"],"Users, addresses, and identities":["Kullanıcılar, adresler ve kimlikler"]},"SupportForm:optionIntro":{"Select a topic":["Bir konu seç"]},"swiss_baseed_feature":{"Swiss based":["İsviçre merkezli"]},"Testimonial":{"Awards":["Ödüller"],"Customers":["Müşteriler"],"Featured":["Öne Çıkanlar"],"Go to testimonial source":["Müşteri görüşünün kaynağına git"],"Reviews":["İncelemeler"],"Videos":["Videolar"]},"Text":{"Find the plan that's right for you":["Size uygun tarifeyi bulun"],"If you need help, check out our ${ supportLink }.":["Yardıma ihtiyacınız varsa ${ supportLink } ziyaret edebilirsiniz."],"The page you’re looking for might have been removed, or it could be an\nold link.":["Aradığınız sayfa kaldırılmış veya eski bir\nbağlantı olabilir."]},"Title":{"On this page":["Bu sayfada"],"Related articles":["İlgili makaleler"],"Share ${ thisPage }":["${ thisPage } paylaşın"],"Thank you!":["Teşekkürler!"],"this page":["Bu sayfayı"]},"Tooltip":{"More information":["Daha fazla bilgi"]},"tooltip_calendar":{"Create up to 20 custom & shareable encrypted calendars. On top of that, add up to 5 calendars from friends, family, colleagues, and organizations.":["20'ye varan özel ve paylaşılabilir şifrelenmiş takvim oluşturun. Üstelik arkadaşlarınızdan, ailenizden, iş arkadaşlarınızdan ve kuruluşlardan 5'e kadar takvim ekleyin."]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Yasaklı içeriklere erişin ve gizlice gezinin. ${ TOTAL_COUNTRIES } üzeri ülkede ${ TOTAL_SERVERS } üzerinde sunucu, en yüksek VPN hızını, ${ TOTAL_VPN_CONNECTIONS } VPN bağlantısı, dünya çapındaki yayın hizmetlerini, kötü amaçlı yazılım ve reklam engelleyici, ve daha fazlasını içerir."],"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, 10 VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Yasaklı içeriklere erişin ve gizlice gezinin. ${ TOTAL_COUNTRIES } üzeri ülkede ${ TOTAL_SERVERS } üzerinde sunucu, en yüksek VPN hızını, 10 VPN bağlantısı, dünya çapındaki yayın hizmetlerini, kötü amaçlı yazılım ve reklam engelleyici, ve daha fazlasını içerir."]},"version_history_label":{"Version history":["Sürüm geçmişi"]},"version_history_tooltip":{"Store up to ${ versionHistoryNumber } versions of each file for up to ${ years } years":["Her dosyanın ${ versionHistoryNumber } sürümünü ${ years } yıla kadar tutun"]},"vpn_features_link":{"View VPN plans":["VPN tarifelerini görüntüle"]},"vpn_features_useCase":{"Access blocked content and browse privately":["Yasaklı içeriklere erişin ve gizlice gezinin"]}}},"unleashApi":"https://account.proton.me/api"};
// We need to import data (the framework context) from the server
// This Astro feature with define:vars works well but creates an inline script
// So we can't directly import the initFramework helper, we have to store the context
window.frameworkContext = frameworkContext;
})();
Proton Mail Bridge is a desktop application that runs in the background on your computer and encrypts and decrypts your mail as it enters and leaves your device. It allows for full integration of your Proton Mail account with email clients like Microsoft Outlook, Mozilla Thunderbird, and Apple Mail.
This document discusses how Bridge handles sensitive information, describes its potential attack vectors, and explains the security features that mitigate these attacks. (Note: This security model applies to the Bridge application for Linux, macOS, and Windows.)
This security model is technical in nature, but was written in plain language so that the average user can understand the important takeaways. You can also read more about what Proton Mail is and is not designed to protect you from in the Proton Mail threat model(new window).
As part of normal, day-to-day operations, Bridge must handle different types of data with varying levels of sensitivity. This data includes (but is not limited to):
User credentials and an access token for authentication with the Proton servers
Public and private keys for sending and reading messages
Encrypted messages, attachments, and metadata
We explain how Bridge secures this sensitive data in greater detail below.
Your passwords never leave your machine Users log in to Bridge, which in turn authenticates with the Proton Mail API using the Secure Remote Password protocol(new window). This authentication process ensures a user’s password never leaves their machine, and it generates an access token and a refresh token.
The access token is relatively short-lived and is used to authenticate any subsequent API requests; it is stored in the device’s memory. The refresh token is used to generate new access tokens and is stored securely in the operating system’s keychain (Windows Credentials Manager, macOS Keychain, or pass/gnome-keyring on Linux). The user’s hashed and salted mailbox password (used to decrypt their PGP keys) and Bridge password (used to connect an email client to Bridge) are also held in the operating system’s keychain.
Ensuring a secure connection to Proton servers Bridge communicates with the Proton Mail API over an encrypted TLS connection. It additionally employs TLS certificate public key pinning to ensure it only connects to trusted Proton Mail servers. If Bridge receives an untrusted public key, it will assume an unknown intermediary is pretending to be a Proton server and immediately warn the user.
Bridge never stores or shares a user’s PGP keys After the user logs in, Bridge downloads their encrypted, private PGP keys from the Proton servers and unlocks them. These keys are held in the device’s memory, never on disk. Whenever a user turns off their device, they wipe its memory. This makes it unlikely an attacker will be able to obtain a copy of a user’s PGP keys, even if they steal the user’s device. These keys are also never shared with other applications on your device and stay within Bridge’s memory space.
Bridge does not store decrypted message data When an IMAP client requests a message body or attachment, it is downloaded from the Proton servers as an encrypted PGP message, decrypted locally, and then transmitted to the IMAP client. Similar to the user’s PGP keys, Bridge does not permanently store any message bodies or attachments to disk, further reducing the amount of sensitive data available on the device.
Attack mitigation
Here we describe the potential attack vectors of Bridge and how we mitigate these attacks.
Reducing the threat of a MITM attack
As described, Bridge employs TLS certificate pinning, which mitigates the risk of a network-level man-in-the-middle (MITM) attack.
Furthermore, the content of messages sent from Bridge to Proton Mail users or external recipients using PGP has an additional layer of protection thanks to end-to-end encryption. This means Bridge encrypts the user’s message before it leaves their device. The message remains encrypted until it reaches the recipient’s device, which decrypts it. This prevents any third party, including Proton Mail, from accessing the content of a user’s message. Messages sent this way remain inaccessible because a user’s mailbox password never leaves their device and, thus, is never transmitted to an attacker.
Secure updates
Bridge on Windows and macOS includes a feature that allows it to self-update. The update process has additional safeguards in place to verify that only trusted versions of Bridge that are created and signed by Proton Mail are installed.
Bridge recommended use cases
Bridge is a unique tool when compared to the other Proton Mail apps. As such, there are specific cases in which it would be more practical and useful than other Proton Mail apps.
Below are some examples of recommended use cases for Bridge:
Offline editing If you find yourself without a stable Internet connection, you can use your favorite email client with Bridge to download emails while you do have good Internet access and then process them offline later. Most email clients will automatically send and receive your drafts once you are back online.
Offline backups of your emails are required If you need to have offline copies of your messages for whatever reason, Bridge is the easiest way to accomplish this. The Bridge app enables your IMAP/SMTP client to do this automatically if you choose to do so.
Add Proton Mail security to already known email clients If you or your staff do not feel confident learning how to use a new email service, Bridge lets you add Proton Mail encryption to your messages while continuing to use your favorite IMAP/SMTP email client. These clients include Outlook, Thunderbird, and Apple Mail, all applications that many people are familiar with. This means that once you set up Bridge, using it does not require any new training.
Bridge security model scope
No application is 100% secure, and no piece of software can protect its user against every potential threat. Proton Mail Bridge is engineered to provide additional protection to its users’ data, but certain conditions are outside of the scope of the security model.
User device security We assume users run the Bridge app in a safe environment. For instance, we assume that Bridge program files are installed to a location where normal (non-admin) users have no write privileges. Furthermore, we expect the user’s device to be free of any malicious software (keyloggers, screen recorders, memory scanners, etc.) that could access the device’s data in memory or on disk. Bridge, unfortunately, cannot secure your data if your device is already compromised.
Additionally, we assume that the IMAP/SMTP ports that the email client connects to are not exposed beyond the device that Bridge is running on. The Bridge application ignores all connections that do not originate from the localhost, and we assume the user will not attempt to circumvent this.
Bridge installer security We assume that the user securely downloaded the Bridge installer from our server (the server should present a valid and expected SSL certificate). For Windows and macOS, the operating system inspects the signatures on the installer file automatically before installation. It then displays the results to the user, which we assume they properly verify. We recommend Linux users refer to our support article on Verifying the Proton Mail Bridge package(new window) for instructions. If you download the Bridge application from an unauthorized source, we cannot guarantee the safety of the installer.
Our recommendations for keeping your device secure
We have invested heavily in the security of our Bridge app. You can help maximize the security of your own device by taking a few simple measures:
Encrypt your device’s hard drive. Windows(new window) and macOS(new window) devices all have built-in encryption systems, but you have to turn them on. Once you have encrypted your drive, write down your recovery code and store it in a secure place.
Enable your operating system’s antivirus protection, if available.
Ensure your network ports are secured by a firewall to prevent outside machines from connecting to them.
Do not install untrusted programs on your device. This includes unknown open source versions of Bridge. Downloading Bridge directly from Proton Mail(new window) is the safest option.
Do not open links or download attachments from untrusted senders.
Conclusion
Our first priority is always our users’ security. Our goal is to make it easy for anyone to protect their privacy by creating tools that apply advanced cryptography to their messages automatically. The Bridge tool was designed to add additional security to already existing IMAP/SMTP email clients. By keeping your device secure, you can use these email clients and still take charge of your data. Thank you for your support!
Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support.
E-postalarınızı güvenli hale getirin, gizliliğinizi koruyun
WeTransfer is a popular service used by millions worldwide to send large files.
You may have wondered if it’s safe or whether you should use it to share
sensitive files. We answer these questions below and present a WeTransfer
alternative that may su
Dictionary attacks are a common method hackers use to try to crack passwords and
break into online accounts.
While these attacks may be effective against people with poor account security,
it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online
service, you provide it with personal information that’s valuable to hackers,
such as email addresses, passwords, phone numbers, and more. Unfortunately, many
online services f
Secure, seamless communication is the foundation of every business. As more
organizations secure their data with Proton, we’ve dramatically expanded our
ecosystem with new products and services, from our password manager to Dark Web
Monitoring for cr
On the subject of cybersecurity, one term that often comes up is brute force
attack. A brute force attack is any attack that doesn’t rely on finesse, but
instead uses raw computing power to crack security or even the underlying
encryption.
In this a
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as
the legal justification allowing federal agencies like the NSA, CIA, and FBI to
perform warrantless wiretaps, which sweep up the data of hundreds of thousands
of US citi