Editor’s note: This article is the third in a series focusing on the best encrypted apps and services available. Content has been provided by an anonymous security and privacy professional. Readers are encouraged to verify this information on their own.

ProtonMail

ProtonMail was founded by CERN and MIT scientists after the Snowden leak. Their goal was to create an encrypted email service that is just as easy to use as an unencrypted one. ProtonMail is partly open source, with the browser-based JavaScript encryption being accessible simply by using a browser’s “view source” tool. It was originally audited by CERN’s computer security staff, and later by outside professionals donating their time, who also got access to the back-end code. ProtonMail has been attempting to become completely open source for a long time (unedited code would not be flattering), but resources are limited. However, they do maintain an open source library.

ProtonMail gives free accounts an address and 500mb of storage, with additional storage, alias addresses, and other features purchasable piecemeal or bundled. Paid users can also download emails to an IMAP and/or SMTP-supporting application, via the ProtonMail Bridge application. ProtonMail is based in Switzerland. (one of the perks of working at CERN, along with the lunchroom being a captive audience of top engineers. Though they once drew criticism for sharing metadata with law enforcement in a kidnapping case in which a court order was inevitable but had not yet been issued.) Timers for ephemeral emails are set in hourly increments, with the longest delay being four weeks, set using drop-down menus for weeks, days, and hours. Out of network encrypted email can only be ephemeral (that is, they become impossible to decrypt), defaulting to four weeks—I don’t know what’s the purpose, but it hasn’t caused any problems.

 

ProtonMail is HIPAA compliant, which doesn’t mean it has met a higher security bar than the others, but it’s good if you want or need to show due diligence for business purposes. Non-free features of ProtonMail can also be bundled with a non-free tier of ProtonVPN at a discount. (Note: If a VPN is free, rather than having a free tier, it’s spying on you—at best.) Subscriptions start at one user, 5GB of storage, 5 addresses, 1000 messages/day, and 200 folders/labels for 5 USD, euro, or CHF per month or 48 USD, euro, or CHF per year. For businesses with up to 50 email users, a ProtonMail “Professional” subscription can be purchased that has additional features. ProtonMail is popular among the privacy and security community (it’s used by some of the experts I link to at the bottom and Restore The Fourth, among others), because the company supports privacy-related causes, is slowly creating a suite of privacy tools, and was early to market. ProtonMail is also the only email provider in this review with ephemeral messaging, which isn’t a hugely important feature, but I think is good to have.

ProtonMail flaws (but not deal-breakers):