all-in-one privacy solution":["Proton Unlimited è una soluzione completa per la privacy"],"Black Friday":["Black Friday"],"No ads. Privacy by default.":["Niente pubblicità. La prima regola è la privacy."],"People before profits":["Le persone prima dei profitti"],"Security through transparency":["Più sicurezza grazie alla trasparenza"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Le migliori offerte di Proton Mail per il ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["L'unico servizio di email al mondo supportato dalla community"]},"specialoffer:limited":{"${ hours } hour":["${ hours } ora","${ hours } ore"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Restano ${ hoursLeft }, ${ minutesLeft } e ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minuto","${ minutes } minuti"],"${ seconds } second":["${ seconds } secondo","${ seconds } secondi"],"Limited time offer":["Offerta a tempo limitato"]},"specialoffer:listitem":{"Create multiple addresses":["Crea indirizzi multipli"],"Hide-my-email aliases":["Alias hide-my-email"],"Quickly unsubscribe from newsletters":["Annulla rapidamente l'iscrizione alle newsletter"],"Use your own domain name":["Utilizza il tuo nome di dominio"]},"specialoffer:logos":{"As featured in":["Ne hanno parlato"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Scegli un'email cifrata per proteggere la tua privacy"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Offerta Black Friday di Proton Mail - sconti fino al 40%"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Per questo Black Friday ti offriamo fino al 40% di sconto sugli abbonamenti a Proton Mail. Scopri le straordinarie offerte sui piani di abbonamento alla nostra email dotata di crittografia end-to-end."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Offerta di Proton Mail per il Black Friday | Fino al 40% di sconto sulla nostra email sicura"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* Addebito di ${ TOTAL_SUM } per il primo anno"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["*Addebito di ${ TOTAL_SUM } per i primi 2 anni"],"30-day money-back guarantee":["Garanzia soddisfatti o rimborsati di 30 giorni"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Addebito di ${ TOTAL_SUM } per i primi 2 anni"],"Billed at ${ TOTAL_SUM } for the first year":["Addebito di ${ TOTAL_SUM } per il primo anno"],"You save ${ SAVE_SUM }":["Risparmi ${ SAVE_SUM }"]},"specialoffer:off":{"${ PERCENT_OFF } off":["−${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Adoro ProtonMail"],"My favorite email service":["Il mio servizio email preferito"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Grazie Proton perché ci proteggi nell'universo complicato di internet."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Ottieni quello per cui hai pagato. Nel caso di big tech, se non paghi niente, vieni usato. Ho smesso di usare Gmail e sono passata a @ProtonMail"]},"specialoffer:time":{"Days":["Giorni"],"Hours":["Ore"],"Min":["Min"]},"specialoffer:title":{"And much more":["E altro ancora"],"Safe from trackers":["Protezione dai tracker"],"Stay organized":["Tieni tutto in ordine"],"Black Friday email deals":["Offerte email del Black Friday"],"Don’t just take our word for it":["Non lo diciamo solo noi"],"Make your inbox yours":["Rendi la tua posta in arrivo davvero tua"],"Our story":["La nostra storia"],"Transfer your data from Google in one click":["Trasferisci i tuoi dati da Google con un solo clic"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Accedi a contenuti bloccati e naviga in modalità privata. Include oltre ${ TOTAL_VPN_SERVERS } server in più di ${ TOTAL_VPN_COUNTRIES } Paesi, possibilità di connettere fino a 10 dispositivi, accesso a servizi di streaming in tutto il mondo, anti-malware, ad-blocker e altro ancora."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Condividi facilmente il tuo calendario con familiari, amici o colleghi e visualizza calendari esterni."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Include il supporto per 1 dominio email personalizzato, 10 indirizzi email, 10 alias hide-my-email, condivisione del calendario e altro ancora."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Include il supporto per 3 domini email personalizzati, 15 indirizzi email, alias hide-my-email illimitati, condivisione del calendario e altro ancora."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Gestisci fino a 25 calendari, app per dispositivi mobili, protezione con la crittografia end-to-end, importazione del calendario da Google in un solo clic e altro ancora."]},"Status banner":{"Learn more":["Scopri di più"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Attenzione: stiamo riscontrando dei problemi con il servizio di ${ issues[0] }"],"We are experiencing issues with one or more services at the moment.":["Stiamo riscontrando dei problemi con uno o più servizi."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["Al momento abbiamo dei problemi con il servizio di Proton VPN"],"Learn more":["Scopri di più"]},"steps":{"Step":["Passaggio"]},"suggestions":{"Suggestions":["Suggerimenti"]},"Support":{"Sub category":["Sottocategoria","Sottocategorie"]},"Support article":{"${ readingTime } min":["${ readingTime } minuto","${ readingTime } minuti"],"Category":["Categoria","Categorie"],"Didn’t find what you were looking for?":["Non hai trovato quello che cercavi?"],"General contact":["Contatti generali"],"Get help":["Ottieni supporto"],"Legal contact":["Contatti legali"],"Media contact":["Contatti per la stampa"],"Partnerships contact":["Contatti per collaborazioni"],"Reading":["Lettura"]},"Support Form Platform option":{"VPN for Android TV":["VPN per Android TV"],"VPN for Apple TV":["VPN per Apple TV"],"VPN for Chromebook":["VPN per Chromebook"]},"Support troubleshooting":{"App version":["Versione dell'app"],"Browser":["Browser"],"Check if this helps":["Verifica se questo ti è utile"],"Choose a product":["Scegli un prodotto"],"Did this solve your issue?":["Ha risolto il tuo problema?"],"Faster assistance is just a few clicks away":["Ottieni assistenza più velocemente con pochi clic"],"How can we help?":["Come possiamo aiutarti?"],"No, contact support":["No, contatta il supporto"],"Please fill out one field after another":["Compila un campo dopo l'altro"],"Please make your selections":["Fai la tua selezione"],"Proton account":["Account Proton"],"Proton for Business":["Proton for Business"],"Thank you for your feedback":["Grazie per il feedback"],"What can we help with?":["In cosa possiamo esserti di aiuto?"],"Yes":["Sì"]},"support_modal_search_query":{"Search query":["Query di ricerca"]},"support_search_button":{"Search":["Cerca"]},"support_search_i_am_looking_for":{"I'm looking for":["Sto cercando"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Per una risoluzione più rapida, segnala il problema dall'app Bridge: Aiuto > Segnala un problema."],"Information":["Informazioni"]},"SupportForm:option":{"Account Security":["Sicurezza dell'account"],"Contacts":["Contatti"],"Custom email domain":["Dominio email personalizzato"],"Email delivery and Spam":["Consegna delle email e spam"],"Encryption":["Crittografia"],"Login and password":["Login e password"],"Merge aliases and accounts":["Unione di alias e account"],"Migrate to Proton":["Migrazione a Proton"],"Notifications":["Notifiche"],"Other":["Altro"],"Plans and billing":["Piani e fatturazione"],"Proton for Business":["Proton for Business"],"Sign up":["Iscrizione"],"Storage":["Archiviazione"],"Users, addresses, and identities":["Utenti, indirizzi e identità"]},"SupportForm:optionIntro":{"Select a topic":["Seleziona un argomento"]},"Testimonial":{"Awards":["Premi"],"Customers":["Clienti"],"Featured":["In evidenza"],"Go to testimonial source":["Vai alle testimonianze"],"Open source of award":["Apri la fonte del premio"],"Open source of quote":["Apri la fonte della citazione"],"Reviews":["Recensioni"],"Videos":["Video"],"Watch on TikTok":["Guarda su TikTok"],"Watch on YouTube":["Guarda su YouTube"]},"TestimonialCategory":{"Awards":["Premi"],"Customers":["Clienti"],"Featured":["In evidenza"],"Media":["Media"],"Reviews":["Recensioni"],"Videos":["Video"]},"Text":{"If you need help, check out our ${ supportLink }.":["Se ti serve assistenza dai un’occhiata alla nostra ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["La pagina che stai cercando potrebbe essere stata rimossa, o il link potrebbe essere vecchio."],"Your question may already have an answer in our knowledge base:":["La risposta alla tua domanda potrebbe essere già disponibile nella nostra base di conoscenza:"]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Accedi a contenuti bloccati e naviga in modalità privata. Include oltre ${ TOTAL_VPN_SERVERS } server in più di ${ TOTAL_VPN_COUNTRIES } Paesi, VPN ad altissima velocità, ${ TOTAL_VPN_CONNECTIONS } connessioni VPN, servizi di streaming in tutto il mondo, anti-malware, ad-blocker e altro ancora."]},"vpn_servers":{"Get Proton VPN Plus":["Scegli Proton VPN Plus"]},"wallet_signup_2024:Action":{"Get Proton Wallet":["Ottieni Proton Wallet"]},"wallet_signup_2024:Homepage hero product link title":{"Wallet":["Wallet"]},"wallet_signup_2024:Homepage product navigation bar":{"Wallet":["Wallet"]},"wallet_signup_2024:menu item":{"Bitcoin guide":["Guida Bitcoin"],"Proton Wallet news":["Novità di Proton Wallet"],"Proton Wallet support":["Supporto di Proton Wallet"]},"wallet_signup_2024:Pricing":{"Includes everything in Proton Unlimited and":["Include tutte le funzionalità di Proton Unlimited e"],"Limited availability":["Disponibilità limitata"],"The easiest way to securely own, send, and receive Bitcoin":["Il modo più semplice di possedere, inviare e ricevere Bitcoin in modo sicuro"]},"wallet_signup_2024:ProductRange":{"Discover Proton Wallet":["Scopri Proton Wallet"],"Store and transact Bitcoin privately with an encrypted self-custody wallet.":["Conserva ed esegui transazioni in Bitcoin in modo privato con un portafoglio a custodia autonoma crittografato."]},"wallet_signup_2024:wallet bitcoin":{"Learn about Bitcoin, the Internet's value network.":["Scopri il Bitcoin, la rete di valore di Internet."]},"wallet_signup_2024:wallet overview":{"Ensure you're always in control of your Bitcoin.":["Assicurati di avere sempre il controllo dei tuoi Bitcoin."]},"wallet_signup_2024:wallet security":{"The encrypted, open-source wallet that puts you in control.":["Il portafoglio crittografato e open source che ti dà il controllo."]}}},"base":"","cdn":{"url":"https://pmecdn.protonweb.com/","enabledForAssets":false,"enabledForImages":false},"unleashApi":"https://account.proton.me/api"};
window.frameworkContext = frameworkContext;
const context = frameworkContext.base === '' ? '' : `${frameworkContext.base}/`;
window.__toAssetUrl = (filename) => {
if (frameworkContext.cdn !== undefined && frameworkContext.cdn.enabledForAssets === true) {
return `${frameworkContext.cdn.url}${context}${filename}`;
} else {
return `/${context}${filename}`;
}
};
})();
The Proton community trusts our services to keep their information safe. We take that trust seriously, which is why we’re dedicated to working with the security research community to identify, verify, and resolve potential vulnerabilities.
If you’re a security researcher, you can help make Proton services safer, get recognized as a security contributor, and potentially earn a reward. And you’ll be a part of building a better internet where privacy is the default.
Bug bounty program scope and rules
Before you submit a vulnerability to the Proton Bug Bounty Program, you should read the following documents:
Our vulnerability disclosure policy describes the program’s accepted testing methods.
Our safe harbor policy explains what tests and actions are protected from liability when you report vulnerabilities to the Proton Bug Bounty Program
We explain which vulnerabilities qualify for our bug bounty program and how they are judged in greater detail below.
You can submit vulnerability reports by email at security@proton.me. You can submit reports using plaintext, rich text, or HTML.
If you don’t use Proton Mail, we encourage you to encrypt your submissions using our PGP public key.
Judging
Our bug bounty adjudication panel consists of Proton Security and Engineering team members. This panel makes all final decisions regarding bounty awards, and participants must agree to respect the final decision made by the judges. The judges take into consideration the following factors:
The severity of the submission and how it may impact the scope, confidentiality, integrity, or availability of our services.
Whether human interaction or device privileges are required.
The quality of the submission: We prefer proof of concepts that include code or pseudocode that clearly demonstrate the vulnerability being reported.
The likelihood of the scenario reported being used in an exploit.
Whether the scenario was previously reported or publicly known. Only the first submission of a vulnerability will be considered for a bounty award.
Software security industry standards and best practices.
Qualifying vulnerabilities
Any design or implementation issue that substantially affects the confidentiality or integrity of user data will likely be considered within our bug bounty program’s scope. This includes, but is not limited to:
Web applications
Cross-site scripting
Cross-site request forgery
Mixed-content scripts
Authentication or authorization flaws
Server-side code execution bugs
REST API vulnerabilities
Server
SMTP exploits (open relays, etc.)
Unauthorized shell access
Unauthorized API access
Privilege escalation
Mobile
Authentication or authorization flaws
Server-side code execution bugs
Mobile local data security breach (without rooting)
Qualifying improvements
Sometimes we award bounties for suggestions that don’t fall into any of the listed categories. This is determined on a case-by-case basis and is completely at the discretion of our bug bounty adjudication panel. These improvements can include:
Mail or web server configuration improvements
Firewall configurations
Improved DoS and DDoS safeguards
Path and information disclosures
Proton Mail blog or support page issues (such as unpatched WordPress or plugin vulnerabilities)
Non-qualifying vulnerabilities
Flaws impacting out-of-date browsers
Security issues outside the scope of Proton Mail’s mission
Phishing or social engineering attacks
Bugs requiring exceedingly unlikely user interactions
WordPress bugs (but please report those to WordPress)
Out of date software (for a variety of reasons, we do not always run the most recent software versions, but we do run software that is fully patched)
Reward amounts
We reward security research that stays within the guidelines of the program. The size of the bounty we pay is determined on a case-by-case basis by our bug bounty adjudication panel. The amount they award is largely guided by the severity of the issue reported.
Maximum bounty: $10,000
Minor server and web app vulnerabilities that do not compromise user data: $50
Low severity vulnerabilities that leak Personal information such as IP address: $50
Moderate severity vulnerabilities that may result in disclosure of personal secrets $200
Vulnerabilities that can lead to data corruption: $200
Vulnerabilities that can lead to the disclosure of encrypted user data: $1,000+
Questions?
Questions regarding this policy may be sent to security@proton.me. Proton encourages security researchers to contact us for clarification on any element of this policy.
Please contact us if you are unsure if a specific test method is inconsistent with or unaddressed by this policy before you begin testing. We also invite security researchers to contact us with suggestions for improving this policy.