ProtonMail is a secure email service designed to protect your inbox and identity. So how exactly is ProtonMail different from a “normal” email provider like Gmail? And most importantly: is it time to make the switch?
What is ProtonMail?
While all major email services claim to respect your privacy, ProtonMail goes above and beyond in trying to protect you. This is what makes it different from big email providers like Google’s Gmail and Microsoft’s Outlook.com.
ProtonMail is one of the few so-called secure email providers that shun the traditional webmail of plentiful free storage space and integrated services in favor of greater privacy and security features. Unlike Gmail, you’ll have to pay to unlock many of these additional bells and whistles. Google profits from its free Gmail service by showing you ads, while ProtonMail has no ads.
Google and Microsoft use standard good security practices such as two-factor authentication and securing the connection between the browser and their servers. ProtonMail goes further, by not recording identifying information, by storing data on the server in a way that is useless for third parties and by better facilitating private conversations between users.
While ProtonMail looks like an update on Gmail, it does come with a few caveats. The free plan is limited, for example, it only offers 500MB of storage. Many of the features that make Gmail so useful aren’t possible in ProtonMail due to the emphasis on privacy and security. For example, it won’t automatically scan your email and add events to your calendar.
Deciding between a traditional provider like Google and a secure provider like ProtonMail is a case of weighing convenience and privacy. If you want an email service with all the convenience of Gmail, ProtonMail is not.
ProtonMail prioritizes data protection and secure messaging
ProtonMail encrypts all data on the server so that it is rendered useless to anyone who does not have the key to decrypt it. In the event of a security breach, data deleted from ProtonMail’s servers would be of no use. Not even ProtonMail can read your email.
This is not the case with standard webmail providers like Gmail, which only encrypts the data between your browser and its servers. Google will use artificial intelligence to “read” your email for services such as the Google Assistant to provide helpful suggestions at the right times. Gmail can tell what you are doing and when you are doing it based on the contents of your inbox, and this has become a feature many users rely on.
In addition to providing encryption on the server, ProtonMail also makes it easy to send encrypted messages between users. All communications between ProtonMail users are automatically end-to-end encrypted so that not even ProtonMail employees can read them. ProtonMail also facilitates the use of Pretty Good Privacy, or PGP, which allows you to “lock” the contents of emails so that only recipients with the key can open them.
ProtonMail even allows you to send password-protected, self-destructing messages to users of any webmail platform. Basically, this is a bit of a gimmick, since the recipient has to click a link to open the message, but it works pretty well and isn’t something Gmail or Outlook provide.
Using PGP within Gmail is possible but difficult, with browser extensions such as Mailvelope And FlowCrypt which make it easier to manage. Unlike ProtonMail, which explicitly supports the feature, working with PGP within Gmail is much less streamlined and bordering on useless on mobile devices.
ProtonMail’s servers are located in Switzerland
In addition to not being able to read emails stored on its servers, ProtonMail is based in Switzerland, where privacy laws are notoriously strict. This means that ProtonMail cannot be forced to hand over data to authorities in the United States. Switzerland is not a party to the intelligence sharing agreement Five Eyes which exists between the United States, Canada, Australia, the United Kingdom and New Zealand.
By comparison, Google is located in the United States and may be required by law to provide information about its users. (And in the US, emails are considered “abandoned” after 180 days, so the government can request them without a warrant.) This includes inbox content, metadata, IP addresses, and more. This information can then be shared with other members of the Five Eyes alliance.
Since Google stores data in an unencrypted format on its servers, no decryption keys are required to use it. The entire contents of your mailbox could be handed over to the authorities and used against you. If Google suffers a data breach and your data is disclosed, there is no safety net to prevent the use of that data.
In the case of Gmail, identifying information such as your IP address, real name, mobile number and the locations from which you are logged in are all stored along with the contents of your mailbox.
ProtonMail knows very little about you
ProtonMail does not require you to provide any identifying information to create an account. You just need to provide a username (the email address you will use) and a password. You can link a recovery email if you like, but it’s not necessary.
Furthermore, ProtonMail records very little about its users. No IP addresses are stored and tracking is not used to follow users from site to site. The metadata is deleted so that it is more difficult to link an email to a point of origin. ProtonMail tries to make you as anonymous as possible, although you should never assume complete anonymity online.
Google is the largest advertising company on the web. It is responsible for a huge amount of tracking that happens on the web. Tools like Google Analytics help website owners track traffic, while Google’s advertising arm monitors your use of the web to deliver “relevant” advertising that you are more likely to click on.
Google also operates many other popular services. User tracking eliminates the need to continue logging in when switching from Google Maps to YouTube or from Gmail to Google Drive.
ProtonMail is completely open source
ProtonMail is also open source. You can go to GitHub and download the code for the ProtonMail webmail application. You can deploy it on your own server if you know how, or just go through the code looking for bugs or potential security holes. ProtonMail also uses established open source encryption techniques including AES, RSA and OpenPGP.
Having an open source code base has two main advantages. The first is that the code can be verified by anyone. ProtonMail claims they do not include backdoor access for use by law enforcement or security agencies. Do not you believe it? Download the source code and check it out for yourself.
The other good thing about open source code is that anyone can try to break ProtonMail’s security. This crowdsourced approach to security exposes potential weaknesses in a way that closed-source applications don’t.
Google also uses open source technologies, but ultimately the Gmail code is closed. Closed-source code is not intrinsically insecure, but cannot be tested in the same way as open-source code.
Gmail sacrifices privacy for functionality
On the flip side, Gmail comes with a ton of features not seen in ProtonMail. Gmail can be used on virtually any device using virtually any mail app, including basic mail apps for iPhone and Android.
Due to the way ProtonMail handles encryption, you can’t connect your smartphone’s default mail app to your account and use it as is. To access ProtonMail on a mobile device, you will need to download the app for Android or iPhone or log in via the webmail interface.
Gmail is also completely free, with 15GB of space available for anyone who needs it. This space is shared with your other Google services, and you can buy more for a relatively low price. Google does not exclude the features behind paywalls (unless you are a business user). Free accounts get it all: enterprise-grade spam filters, optional experimental features, mail aliases, and more.
ProtonMail is rather limited in comparison. The free account is limited to 500MB of space and 150 messages per day. Free Gmail features, such as custom filters and an autoresponder, require a $ 4 / month premium account. Get three labels, three folders, and a single address for free (no custom domains).
This isn’t necessarily a bad thing, but decades of free webmail and massive space allocations have convinced many of us that email isn’t a service we should pay for.
Gmail is also deeply integrated with Google’s other services. The Google Assistant can check your inbox for relevant information about upcoming trips or purchases you’ve made. This allows for all kinds of interesting and genuinely useful AI-powered features.
ProtonMail is primarily an email service, although the company also provides a VPN service and has encrypted apps for file and calendar storage under development. There’s no shared cloud storage, no machine learning AI to prepare your boarding pass at the airport gate, and no search engine, map, or video hosting service.
Should you abandon Gmail for ProtonMail?
By now, you’ve probably already decided to switch to a secure email service like ProtonMail or stick with Gmail. In the end, there is no right answer. Most Google users will never see their data handed over to authorities, and many will gladly trade privacy for convenience.
But if you’re looking for an email service that does what it can to protect you, ProtonMail is a solid option.