ProtonBlog

A couple of days ago, a video was circulated online that claimed Proton Mail is susceptible to a XSS (cross-site scripting) issue which raised some concerns among Proton Mail users. We want to clarify that this does not impact the current version of Proton Mail(new window).

XSS issue

Proton Mail is constantly making security improvements through our beta process and we appreciate all the assistance we have received from the community in helping us make Proton Mail better. The concept of encrypting on the client side is a relatively new one and comes with its own security challenges which we are working diligently to tackle.

The Proton Mail security team has reviewed the video and confirmed that this particular security issue is not present on the live version of Proton Mail. The video is showing an earlier development version of Proton Mail that was originally released on May 10, 2014 for limited testing, and is not used in the current production systems.

We are supportive of all efforts to improve the security of Proton Mail and appreciative of our security contributors. Security inquiries can always be directed to security@proton.me

Protect your privacy with Proton
Create a free account

Related articles

Google is one of the biggest obstacles to privacy. The Big Tech giant may offer quick access to information online, but it also controls vast amounts of your personal or business data. Recently, more people are becoming aware of the actual price you
What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f