Protonmail is good if you correpond with other protonmail users and don't want to mess with or learn anything about PGP. The web and mobile apps look the best of any other service. Encrypts small file attachments. Minimal PGP support. Mail is encrypted, secured in a datacenter under a mountain in Switzerland, unaffected by the EU or NSA.

Encrypted but Unfinished PGP

I've been using Protonmail for awhile and I'm still waiting for them to finish it. It's usable but their PGP encryption is only halfway finished as of this writing. PGP encrypted messages can only be received. Send someone your public key and they are able to encrypt emails to you. But you're unable to respond with PGP. You can use Protonmail's web client to send an email. A link is in the email to the encrypted Protonmail message. Not horrible, but they promised full PGP. My biggest issue right now is they control the Private Key. You can't change the passphrase even if there was one, which no one knows for sure.

Coolness Factor

For some reason it's everyone's favorite. It looks good, has mobile apps, has 2fa or dual passwords to get in if you want additional login security. Protonmail was crowd funded by a group of scientists at the CERN facility in Switzerland. The CEO has a cool TED Talk and it's encrypted email used by journalists and activists and the name is cool. It is freemium, the free versions are small and okay, but if you're going to use it everyday, you probably want to go Premium, Euro, CHF and USD, Paypal, but no bitcoin.

They survived one of the biggest DDOS attacks in history which shutdown ISP's and datacenters around Europe, so someone doesn't like their idea of encrypted email for everyone.

Summary

I don't trust any service that has absolute control over the Private keys and / or uses the same login password as the private key. A short passphrase can be brute-forced, but at least it's another step .

Protonmail looks very clean and the colors (which you can't change) look great and I'm sure it's secure in place and in transit, but PGP is the gold standard and to communicate securely with people who don't subscribe to Protonmail, PGP support is needed.

Protonmail is good for the masses that don't care about PGP or the technical details about encryption. They are beginning to get their PGP together, but it's only halfway and it's taking them forever while they develope their VPN product.

Next Post