“We're past the point where citizens are entirely dependent on governments to defend our privacy, we don't have to ask for our privacy, we can take it back” Edward Snowden, Reset the Net.
“Security and privacy are fundamental human rights which should be guaranteed for all.” ProtonMail Statement
Most people probably do not need a secure email service. But there are some people who do. This includes attorneys exchanging confidential information with their clients, doctors and nurses exchanging information with their patients, businesses exchanging important information with their staff and customers, journalists exchanging confidential information with whistleblowers and political groups who may want to organize without the constant surveillance of the government. In this article, we will explain why a free email service called ProtonMail is the best solution for these special groups. We will then explain how to set up your own free ProtonMail account.
Before setting up a cloud hosting VPS account, you should first get a business related email address. Gmail accounts are not very secure as they do not provide true end to end encryption. We have already seen how to use Hestia to create custom business email accounts. But these are generally used to send out mass newsletters. For sharing sensitive data, you should also have a very secure business email account. This means end to end encryption. The best free service that offers end to end encryption is called ProtonMail.com (which also provides a free Virtual Private Network (VPN). Here is a link to their Home page: https://protonmail.com/
ProtonMail has three versions, an app for Android or Apple and a web version. Proton uses end to end encryption – including attachments – on all three versions. Unlike other secure email services, ProtonMail is very easy to set up and use.
How ProtonMail end to end encryption works
“We encrypt the data on the browser before it comes to the server. By the time the data comes to the server it’s already encrypted, so if someone comes to us and says we’d like to read the emails of this person, all we can say is we have the encrypted data but we’re sorry we don’t have the encryption key and we can’t give you the encryption key. We’ve basically separated the message that’s encrypted apart from the key – all the encryption takes place on your computer instead of our servers, so there’s no way for us to see the original message. One of the key things we want to do is control our servers and make sure all the servers are in Switzerland which will increase privacy because Switzerland doesn’t do things like seize servers or tape conversations.”
How to sign up for a ProtonMail account
Enter the username you would like to have. The initial account is for the email address (your name) at protonmail.com. We will switch to the protonmail.ch ending after we create our account because this version of proton mail is more secure than protonmail.com. To create your account, type in a Login Password twice and an optional recovery email address (which can be another personal protonmail account).
Then click CREATE ACCOUNT at the bottom of the screen. There will be a three-second account creation screen followed by a Captcha screen. You can alternately have them send a confirmation email to another email account. When the account is finished, this screen will appear:
There is a tutorial at the bottom of the page. Click Next Tip. You can change the appearance at Settings Appearance. You can add and remove labels and folders. You can tell if an incoming email is end-to-end encrypted by whether there is a purple lock next to it:
If you don't have friends on ProtonMail yet to benefit from end-to-end encryption, ProtonMail still provides extra security and privacy. For all non-end-to-end encrypted emails, the message bodies and attachments are still stored encrypted so that only you, with the correct mailbox password, can decrypt them.
Click on the Welcome to the Future of email to read it. Then read the other two Protonmail emails. Then select and delete all three.
Can I use this with my friends who use Gmail?
Yes! However, the messages they send to you will not be end-to-end encrypted. You can send messages to outside users as well. For outgoing messages to non-ProtonMail users, the default is unencrypted emails, which are sent just like any other email.
PM → PM (end-to-end encrypted)
Gmail → PM (not end-to-end encrypted, stored encrypted)
PM → Gmail (not end-to-end encrypted by default, can be encrypted)
You can send a friend using Gmail an end-to-end encrypted message by selecting the lock icon in the lower left corner of the composer window. You will be prompted to set a message password to encrypt the message - this is the password you give to your friend through another channel. When your friend receives your encrypted email, they can simply click on a link in the email, enter the password to decrypt the message, and then reply to you end-to-end encrypted! On the other hand, messages exchanged between ProtonMail users are automatically encrypted without requiring passwords for individual messages, so invite your friends to also use ProtonMail!
Click on Settings
The Settings screen has 15 different pages all accessed from the side menu.
On the Account page, scroll down and uncheck the Proton Beta box, the Proton Newsletter box and the Proton Features box.
On the Folders/Labels page, click Add Folder. Then add a folder called Business and another folder called Personal.
Then click Appearance. Change the Appearance from Column to Row. Then click Back to Mail.
What is Message Expiration?
With ProtonMail, you have more control of your data. For ProtonMail to ProtonMail emails, you can set how long you want an email to exist after it is sent using the timer icon in the composer window. After the expiration time has elapsed, it is automatically deleted forever. If you are sending to an outside user however, this feature only works if you encrypt the message. Keep in mind that one can forward an expiring email to keep permanent copies of it.
How to use ProtonMail on mobile devices or mail clients?
ProtonMail can be accessed from most updated browsers, including those on mobile devices. POP/IMAP for mail clients is only available for paid accounts.
What is protonmail.ch vs. protonmail.com?
We will next go to the Settings page to pick up a more secure email alias.
In the lower right corner are your two options. Drag the dot ch option up to make it the default option.
Forward Gmail to Proton Mail
To forward email from your old Gmail account to your new ProtonMail account, go to your Gmail account and click on Settings, then click on Forwarding. Then click Add a Forward Address. Enter your ProtonMail email address you want all email from your Gmail address to be forwarded to. Then click Next. Click Proceed. Next go to your normal email address and follow the confirmation steps.
How to Import Your Email Contacts to ProtonMail
Next, we will import our Contacts from our Gmail account by clicking on Contacts in the top menu.
Before we upload our Gmail Contacts, we need to create a Gmail Contacts CSV file. Open a new browser window and go to your Gmail account. In the upper left corner, click on the word Gmail. Then click on the word Contacts. This will show how many email addresses are in your account. Delete any email addresses you no longer want in your email contacts list by clicking on the three dots to the right of an unwanted contact to show “More Actions” - then click Delete. After you have cleaned up your Gmail contacts, in the upper left corner of the screen, click on More. Then click Export. The following window may appear:
Click Go to Old Contacts. Then click the More button at the top of the screen. Then click Export.
Change the selection to Outlook CSV. Then click Export. This will place a CSV Contacts file in your home computer's Downloads folder called contacts.csv. Once you have your Gmail Account CSV file in your computer Downloads folder, go back to the browser window with your Photon email account and click on Upload Contacts in the upper right corner of the screen:
Click your cursor inside of this box. Then go to your Downloads folder and click on contacts.csv to select this file. Wait one minute for the following screen to appear:
Then click Upload. After the Contacts are uploaded, you can click on Contacts to add to or delete from them.
Other Proton Mail Settings
Click on the Appearance tab. If you want the Composer Window to be maximized by default, then click Maximized. Then click Save. If you want email images to be shown by default then click Show. Then click Save.
Send Your First Test Email
To send your first test email, click Compose in the upper left corner to compose your first proton email. Then click the Encryption button at the bottom of the page.
Put in a password for this message and a hint. Then click Set. The Encryption button at the bottom of the screen will turn blue.
Next click on the Expiration Time button.
Shorten the time so that this message will self destruct in 24 hours or less. Then click Set. The Expiration time will also turn blue. Finally, click on Attachments. Then attach a top secret document. It will be shown at the bottom of the screen and now all three buttons are blue. Click Send in the lower right corner of the screen. Then click on the Sent button in the left side menu. Hover over the clock icon to the right of this email and you will see a count down clock showing how much time is left until this email self destructs. Next, let's see what is it like to receive this email. Go to the email account you sent this encrypted email to:
Click View Secure Message:
To open this email, the receiver will need to enter a password which you and they have agreed to in advance. How you get this password to this person securely is best done in person or through some secure phone line or video line. For now, enter the password to open this test email.
Click on the Attachment File to open it.
You can open the file or save the file. For now, we will click Cancel. Then click Reply to reply to this secure email. The reply will actually be secure, so you can let the person know that you received the top secret document:
Then click Reply to send this email. Then go back to your Proton Mail in box.
The purple lock by the email (or a purple border to the left of the email) indicates that the email was sent securely.
Test Comparing Proton Mail to Google Gmail
We can use a free tool called Privacy Badger to determine if any web page has tracking devices. Here is Privacy Badge on a Gmail account page:
Google has at least two trackers monitoring and recording our emails. Here is Privacy Badger on a ProtonMail page:
ProtonMail does not track us. Thus, they have no logs of our emails. To log out, click on your name in the upper right corner of the screen and click Log Out. Here is the URL for the Log In screen: https://protonmail.com/login
You can see that Proton Mail is a very simple system that does not require any knowledge of encryption keys. The only real problem is that it does not work with email managers such as Thunderbird unless you have a paid account. If you work in a profession that requires being able to send secure emails, this is a wonderfully easy solution. You will need to remember the passwords you create which should be different for different people. You can create your own table of passwords or you can use any of several free password managers.
In our next article, we will review how to connect our custom business email address with our Thunderbird mail client.