Hello @ProtonMail!

Fabien

4 min read
Hello @ProtonMail!

In early October, I was able to attend the launch event of Tristan Nitot's book surveillance://. Tristan is the founder and former President of Mozilla Europe. His book is a collection of thoughts on how we are monitored throughout the Internet, why we shouldn't tolerate that anymore and how to reclaim some privacy.

Cover of surveillance:// book

Reading it made me realize how valuable the data I generate are. Like most people, I have a Google account that I mainly use for its email service, Gmail. The reasons I use Gmail are:

  • My emails are available from any computer in the world
  • The interface looks nice
  • I can search for old conversations and get relevant results
  • It offers plenty of storage space
  • I can create rules to filter emails server-side: regardless of which computer I use, my emails are automatically put in the right folder to avoid unnecessary clutter
  • It's free

By now, I'm sure you've heard the saying that goes "If you are not paying for it, you are the product"[1]. Using Gmail means among other things that you agree to have all your emails analyzed by algorithms to build a digital profile of yourself. Reading surveillance:// was the last straw: it was imperative to leave Gmail when sending/receiving important emails.

Fortunately some years ago, I did what all the cool kids did and bought my last name Internet domain to eventually setup a [email protected] email address. My registrar provided me with a basic email service: IMAP, some decent storage space and a RoundCube management interface. Okay-ish... but it didn't offer any server-side email filtering feature... and that was a huge impediment for me. As a matter of fact, I ended up creating that cool email address right after I got the domain... but seldom used it since.

In the same period I was trying to move away from Gmail, I heard about ProtonMail. This company advertised an email service along the following notions: Secure, Swiss, End-to-End Encryption, Zero knowledge. That sounded good, great even!

Knowing that Swiss folks make good chocolate and impressive watches, I figured it was worth trying it out. Seriously though, they got me at the Zero Knowledge part. Zero Knowledge means that ProtonMail doesn't have the ability to access my emails; their system is designed so that once an email is received, only the recipient can read it. So not only are the ProtonMail developers saying that they won't read your emails, they're saying above all that they cannot read your emails.

I signed up for a ProtonMail account and chose the ProtonMail Plus offer (48€/year) to be able to use my own domain. Setting up my domain with ProtonMail wasn't particularly easy even though I used a nice wizard to help setup everything. Some of the configuration syntax slightly differed between ProtonMail instructions and my DNS provider and because of the way DNS works, trying out multiple configuration values may take a while[2].
Once that was out of the way, the rest of my ProtonMail experience was very smooth: all the features from Gmail that matters to me are already supported! If you've been using your own email client for years now, there's once thing you may miss: IMAP/POP3/SMTP support. You may only access your emails through the ProtonMail web interface or the Android/iOS apps.

There's just one huge con on using ProtonMail: at the moment, it is not possible to backup your emails. There's an entry in their support KB that says this:

At this time, you are able to save individual emails by using the “Print” function found inside each email in your account.

Unfortunately we do not have a means to export your ProtonMail emails at this time. We plan on adding this functionality in the future.

The "print your emails to backup them" workaround is so impractical that it is basically a joke. Bottom line is: if the company suddenly goes out of business, there's no way to recover any messages stored on your account.
Seeing that ProtonMail web app is basically an Angular powered application making calls to private APIs, someone managed to write a tool allowing email export. I wanted to give it a go, but the instructions have you going through so many hoops to get your credentials in the right format that I decided not to bother[3].

It's been more than six months that I am using ProtonMail and I am otherwise very satisfied of the quality of service their team manages to provide. I'll end my post with two pieces of advice:

  • Feel free to give ProtonMail a go. They offer a free plan that comes with an @protonmail.com or @protonmail.ch address.
  • If you speak French and are not exactly convinced that taking back control of your own data is paramount, then by all means, get yourself a copy of Surveillance://. As the targeted audience of the book is not tech savvy people, reading it does not require any technical knowledge of how the Internet works.

Thanks for reading!

  1. Tristan Nitot often shares a funny story about that. Two pigs are chatting in a barn: "Don't you think we're living the dream here?! There's plenty of food, room and nobody charges us anything for that. Can you believe it??". In that story, both pigs are obviously not the farmer's customers and are ultimately going to be eaten by the actual customer... us, human beings! ↩︎

  2. For non-tech people: DNS is the equivalent of the yellow pages for domain names and IP addresses. Each DNS resolver keeps a copy of the answer to every requests handled for a certain amount of time, in order to avoid asking the authoritative DNS server the same question every time. So, during that time all changes made to the configuration of your domain will not be seen by these resolvers. This makes the trial & error configuration technique quite time consuming... ↩︎

  3. Do not despair, though: if IMAP/POP3 support comes before any backup feature, writing a user friendly tool to backup emails will be easy. ↩︎