Tutorials

ProtonMail: Secure Dark Web Email


After SIGAINT unexpectedly shut themselves down in March of 2017, many dark web users scrambled to find a similar email provider with the level of privacy that SIGAINT offered. ProtonMail, a web-based encrypted email program, is a great alternative provider for those who may have been left in the dark after the shutdown of SIGAINT. It’s particularly useful if you’re an avid user of darknet markets (interested yet?).

SIGAINT, a now-defunct email service on Tor.

Where’s My Encrypted Email Service?

ProtonMail, originally just a free email service, now offers both free and premium (read: paid) accounts with extra features. Andy Yen, Jason Stockman, and Wei Yen founded it at the CERN research facility in 2013. At this time, it was an invite-only service (not unlike the early version of Gmail!), but in March 2016, its creators made it available to the public. Therefore, anyone can now create an account.

At present, it is not covered by the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic, a law regarding interception of private communications by the Swiss government (though this may change – be warned). ProtonMail uses end-to-end encryption to help ensure that messages are secured, and that they are not read by people other than the intended recipients (law enforcement in particular).

ProtonMail URL – Clearnet and Tor

NOTE: In order to log into your ProtonMail account on its Tor hidden service, you will have to enable scripts, because the ProtonMail site uses JavaScript. If this concerns you, then don’t use the Tor hidden service.

Account Creation and Login

 

Creating a ProtonMail account is not that much more difficult than creating one on any other email service. One of ProtonMail’s advantages, as opposed to other email services, is that it doesn’t ask for a large amount of personal information when you sign up. All you need is a username, password, and mailbox password (to decrypt your mailbox when you log in).

The mailbox password is not saved on ProtonMail’s server; therefore, they do not have access to it. In other words, you are the only one who has access to this password, so save it in a secure place!

While this may seem more difficult to remember, the plus side is that even those who run ProtonMail will not have access to your mailbox password. If, for instance, a federal agency demanded that ProtonMail hand over the confidential information of its users, they would not be able to decrypt your mailbox without that password. (So make sure your mailbox password is something not easily guessed, either.)

That aside, here are the basic steps to creating an account:

  1. Go to https://protonmail.com (or its Tor equivalent) and click Sign Up.
  2. Look over the pricing plans and pick the one that suits you.
  3. Enter any requested information, including your username (for example, [email protected]).
  4. Enter your login password and confirm.
  5. Enter your mailbox password and confirm. As referenced earlier, this password cannot be recovered, so make certain that you remember it!
  6. You have the option of entering a recovery email as well, in case you forget your password. However, this only works for your login password, and not your mailbox password.
  7. Click “Create an Account.”
  8. Verify that you’re human (and not a robot) via email, reCAPTCHA, or SMS. The simplest method is reCAPTCHA, because all you have to do is click on some images to prove that you’re not a spam bot, and then finish the creation process.
  9. Click “Complete Setup.”

After finishing the signup process, you will be automatically logged into your account. You will receive confirmation emails from ProtonMail that welcome you as a new user, in addition to some advice to get you started.

In order to log off, just click the “Log Out” button in the upper right-hand corner of the screen. To log back in, simply go to , https://mail.protonmail.com/login, type in your username and password again, and then enter your mailbox password. In case you forget your username and/or password, click the “Need Help?” link below the password entry field. A window should pop up that looks like this

As it says, you can then reset your password; get a reminder about your username; email the ProtonMail support team; or look up “Common Login Problems.” The last option is both an FAQ and a place where users can ask questions, if they aren’t covered in the FAQ. This can be helpful if there are technical problems.

Available Pricing Plans

ProtonMail offers three pricing plans: Free, Plus, and Visionary. Plus is available for € 5.00 per month, or € 48.00 per year. Visionary is available for € 30.00 per month, or € 288.00 per year. Each plan has its own features, which we will describe below. Obviously, the higher-priced plans have more features.

Free Account

  • 500.00 MB Storage
  • 1 Address
  • 150 Messages Per Day
  • 3 Folders / 20 Labels
  • Limited Support

ProtonMail Plus Plan

  • 5 GB Storage
  • 1 Custom Domain
  • 5 Addresses
  • 1000 Messages Per Day
  • 200 Folders / 200 Labels
  • Custom Email Filters
  • Support

ProtonMail Visionary Plan

  • 20 GB Storage
  • 10 Custom Domains
  • 50 Addresses
  • Unlimited Messages Per Day
  • Unlimited Labels
  • Priority Support

While it isn’t essential to use the paid plans, depending on your needs, you may want to upgrade if you end up using the service frequently.

ProtonMail Platforms

Because ProtonMail is web-based, you won’t have to install any extra software. As explained in the tutorial, go to their site and sign up, or access your existing account. With the free account (as stated), you can only have one of these, but the paid accounts allow you to have far more. You can access your account from anywhere, including your mobile device, which is definitely a convenient feature.

ProtonMail offers apps for Android and iOS devices as well. To download the Android app, go to ProtonMail – Google Play, or for the iOS app, go to ProtonMail – iTunes Store.

ProtonMail User Interface

ProtonMail has a very simple and intuitive interface, which is not unlike many other popular email programs. On the login page, the field where you enter your sign-in details is displayed front and center, so there shouldn’t be any confusion.

Once you’re viewing your mailbox, as you can see in the screenshot, the layout is quite simple as well. To the left, you have your various folders (Inbox, Drafts, Sent, Starred, Archive, Spam, and Trash). “All Mail” displays all of your messages, unfiltered, including spam. Above these is the Compose button, which you use to create a new message.

If you click on a message in your Inbox, it appears to the right of your list of messages (in the field above where it says “0 conversations selected.”)

One critique we have regarding the user interface is with ProtonMail’s mobile site. When composing a message on the mobile interface, the text would frequently get cut off. Plus, instead of moving to a new line when one was finished, the text would continue on the same line until you hit “Enter.” All in all, this is a minor critique, but it just made the mobile site more difficult to use than the standard site. In this instance, it may be better to use the mobile app than the site.

Sending and Receiving Email

Obviously, you can send email to both ProtonMail and non-ProtonMail users with this service. Nonetheless, one aspect you may not be familiar with is the encryption. Emails to other ProtonMail users are automatically encrypted, but emails to outside users are not. In this case, you need to choose to encrypt the message in order for it to be sent securely.

You will be asked to enter a password that the recipient will use to unlock your message. Thus, you’ll need to communicate the password to them via some other method, so that only the intended recipient will be able to read the message (be careful about this!). Here are the basic instructions for sending an email with ProtonMail; if this is being sent to another ProtonMail user, leave out the encryption steps.

  1. Click on Compose Mail.
  2. Type in the recipient’s email address in the “To” field.
  3. Enter the subject of the message in the “Subject” field.
  4. Type in your message in the body section, as usual. If sending to another ProtonMail user, hit send. If you’re sending to an outside user, continue below.
  5. Click the “Encryption” button in the lower left corner of the email window, next to the “Expiration” button.
  6. Enter the password that you wish the recipient to use to decrypt the message.
  7. Confirm the password.
  8. Enter a password hint (optional).
  9. Click set, and then click Send.

As it says above, messages that you send to users outside of ProtonMail expire in 28 days, unless you specify a shorter expiration time. Just make sure that your recipient is aware of all the security information.

One security issue that ProtonMail has (or has had in the past, at least) is that when you send a message to another ProtonMail user, it can be difficult to tell if the message is being encrypted to the correct public key, because ProtonMail distributes the keys to users. This means that ProtonMail could, in theory, distribute its own keys to users, which would allow them to spy on the messages, i.e. they could be vulnerable to man-in-the-middle (MITM) attacks.

Fortunately, they have been addressing these concerns in more recent versions.

Pros and Cons

Pros

  • Reasonably secure option for sending encrypted messages
  • Simple to learn
  • Free account offered
  • Mobile app is available
  • Paid plans offer useful extra features

Cons

  • Does not offer two-factor authentication (2FA) or the option to export PGP key
  • Mobile site has coding issues
  • Mailbox password cannot be reset if lost
  • Limited support when using a free account
  • Vulnerable to certain types of attacks
Privacy Features
User Experience
Support
Reliability
Final Thoughts

ProtonMail is a very good secure email service, though it has some limitations, particularly in its free version. Messages sent to other ProtonMail users are automatically encrypted, and there are useful options to do the same when sending to other services. Unfortunately, it has had some security flaws in the past, but developers are trying to address these. Still, overall it works well for such purposes,

Overall Score 4.5
Readers Rating
0 votes
0

Leave a Comment

Your email address will not be published. Required fields are marked *