ProtonMail or what is it really?

    Protonmail




    The history of ProtonMail , a secure webmail service that has already been written about a lot (including here ), began in the summer of 2013, when a group of scientists from CERN (European Organization for Nuclear Research) joined forces to improve the security situation. in the Internet. Their startup ProtonMail reached the 2014 MIT 100K semifinal . From this moment the very rapid development of the project began. It was this victory that served as a serious step in order to talk about them around the world.

    History of development


    On May 15, 2014, open beta testing began. But there were so many people who wanted to register that they had to close the registration and place a form for collecting applications for an account. It is planned to send registration invitations as server capacities increase.

    On June 17, the ProtonMail team launched a fundraising campaign to develop the project on indiegogo.com - https://www.indiegogo.com/projects/protonmail/.The goal of the campaign was to collect US $ 100,000, which will be used to purchase servers and allow the team to fully concentrate on developing the service. Letters were sent with a proposal to support them to all users who left a request for registration. In just a few days, the goal was achieved. At the time of this writing, US $ 231,088 has been collected (for the first 7 days). The main bonus in gratitude for the support of the project is the immediate access to the service.

    Accessing ProtonMail


    I was very interested to know what ProtonMail is all about. Unfortunately, I did not manage to get an account when the registration was open, and left a request. To get the cherished account, I gladly supported the guys through Indiegogo.

    After 6 hours, I received a message in my inbox with a link by which I activated my account. Registration took about a minute.

    Creating a ProtonMail Account


    To create an account, it is proposed to set two passwords: for access to the account and an email password.

    The password for access to the account is used on the side of the service for authorization, as many services on the Internet do, including those providing web-based mail. This password can be changed in the account settings.

    The mail password is not sent outside the user's computer and is used in the process of generating the key for encryption in the future. This password cannot be “restored”. If it is lost, then access to the contents of the mailbox will be lost along with it. Running a little ahead, it should be noted that changing this password is not possible, as discussed on the question-answer page.

    Can I change or reset my Mailbox password? No. Your MailBox Password is tied to all of your emails because it's used to encrypt all of your messages. If you were allowed to change this, then all of your current and past messages would be undecryptable and unreadable.

    The password for entering the account can be changed on the settings page in your account.

    To enter, you must first log in using the main password, and then enter the mail password, which will be used to decrypt the contents of the letters already right on your computer. This allows us to ensure the lack of access to the content of letters from the service and makes it physically impossible. It should be skeptical to note that this is “in theory” and “in practice” ...

    How does ProtonMail look and work?


    ProtonMail is exclusively webmail. There is no support for POP3 / IMAP / SMTP, since all cryptography is implemented on the side of the web browser in JavaScript.

    We go into the account and see a welcome message from the ProtonMail team. It briefly explains what information is encrypted, whether ProtonMail can be used to communicate with users of other email services (for example, Gmail or Hotmail).



    Of the highlights, it should be noted:
    • Messages between ProtonMail users are always and automatically encrypted.
    • Attached files are not encrypted, as indicated in the welcome letter, but they write that they plan to add this feature in the future.
    • Having the ability to send encrypted email to any recipient outside ProtonMail. In this case, the recipient receives a letter with a link, clicking on which he sees a proposal to enter a password to access the contents of the letter. This password is set by the sender before sending a letter from the ProtonMail service.
    • Ability to set the storage time of the letter. This feature is available by correspondence with other ProtonMail users and sending encrypted letters to third-party mail services (the recipient receives a link to read the letter on the ProtonMail website). After this time the letter is deleted.
    • The ability to receive letters from third-party services. In this case, the contents of the letters should be in clear text, as in the case of using regular webmail.

    Interface


    The basic options for formatting letters are supported: bold or italics, headers, lists, and the ability to edit letters directly in HTML.

    All letters are divided into folders: received, sent, and drafts. You can view only a selected letter. The display of the entire correspondence (in the form of a list) is absent.

    You can specify the recipients of a copy of the letter: CC (everyone sees who the copy was sent to) and BCC (other recipients do not see the recipients from this list in the copy list).


    Service cost


    The service is provided free of charge, but there are restrictions on the volume of stored letters (100 megabytes) and the monthly total number of letters (500 letters). It is planned to launch paid business accounts, which will have 1 gigabyte available for storing letters and there will be no restrictions on the number of letters. In the future, it is planned to add the ability to use your own domain for business accounts.

    Integration with other services and applications


    Integration with other services and applications is missing. All the functionality is implemented on the side of the web browser in JavaScript. There is no open API.

    Letter storage


    Received and sent letters between ProtonMail users are stored on the server in encrypted form. On the client side, nothing is cached or stored.

    If a letter is received in clear text from a third-party service, even after reading it, it still remains in clear text in Inbox.

    If the letter is sent to a third-party service in clear form, then it is stored in the folder with the sent letters immediately in encrypted form.

    There is no option to export letters to the archive for download.

    Search


    Search by letters searches by the name of the sender, the subject of the letter and the text of letters that are stored in clear text. Let me remind you that in the open form only letters received from third-party services are stored (in unencrypted form).

    Encryption Key Storage


    The private key is stored on the service servers, but is protected by your mail password. This is required in order to be able to use various devices (and / or web browsers) to access ProtonMail mail. On the client’s web browser side, the Local Storage key is not saved.

    There is no ability to import / export a key.

    Technical implementation


    The basis of the service was the OpenPGPjs library . For the duration of the working session, the mail password is stored in a completely open form (without obfuscation) in Session Storage .

    The service uses asymmetric encryption (an encryption system using public keys), implemented on the side of the user's web browser in JavaScript.

    There is a detailed article on Wikipedia about encryption using public keys , but, unfortunately, it is pretty hard to read for the average user without special technical knowledge.

    Security


    About the safety of such decisions on the user’s side, when the program code is issued by the service with every call, you can find a lot of discussions and articles on the Internet. For example, an article in English http://matasano.com/articles/javascript-cryptography/ from Matasano security.

    A brief summary of all discussions and available materials is that at any time the service can give out a modified program code (for example, at the request of law enforcement agencies), which will send them the user's email password.

    The ProtonMail team emphasizes that they are located in Switzerland, where, as they write, I cannot legally oblige them to install a backdoor. The full text of their explanation is available at https://protonmail.ch/blog/switzerland/. But this is “in theory”, and “in practice” so far there are no widely known public precedents.

    In any case, the ability to change the program code at any time from the side of the service is a very serious drawback, since these changes can be targeted at specific users. In the case when cryptography is implemented in a software product or generally at the operating system level, such updates aimed at specific users are much less likely and much harder to implement. Although, as you know, there are no 100% safe solutions, we must strive for the highest possible level of security necessary in this situation.

    Browser-side executable Javascript may be susceptible to XSS attacks. In the case of ProtonMail, like any other webmail, you can send a specially crafted email bypassing the built-in protection against XSS attacks and execute malicious code that will gain access to the user's mail password or simply intercept the decrypted message content.

    ProtonMail relies on the js-xss library for protection against XSS attacks . But in addition to filtering the contents of the letter, there are also service mail headers, which can be similarly formed in a special way when sending letters from third-party services to the ProtonMail user. And all ProtonMail accounts have the ability to receive a letter from third-party services and you cannot ban it in your account settings.

    In early June, a vulnerability was found in the ProtonMail service, which allowed arbitrary unsuspecting user to execute arbitrary JavaScript code on the computer and gain full access to his mailbox.

    This vulnerability was found by Mike Cardwell, as reported by the ProtonMail team. After fixing the vulnerability, he posted information about it on ycombinator.com . ProtonMail posted his name in the list of thanks on his website - https://protonmail.ch/blog/protonmail-security-contributors/ , which confirms this fact.

    Now this ProtonMail security problem has already been fixed, but how many other such opportunities for hackers are fraught with the implementation of cryptography on the browser side in JavaScript?

    Similar projects


    Mailpile is an open source project that is actively developing, it is a web-based email client (similarly ProtonMail works in a JavaScript web browser), which should make cryptography accessible to users without special technical skills.

    Separately, it should be noted the unique opportunity of this project - support for a full-fledged search for encrypted messages. At https://www.mailpile.is/faq/ they write that the index is being created, and the contents of the index are stored in the form of hashes.

    Not specified, these are ordinary MD5 / SHA hashes or MAC. In the case of ordinary hashes, this search solution can be extremely unsafe due to the ability to determine which keyword appears in the encrypted text by counting the hashes of words in the dictionary. Safety is very dependent on the implementation of this method.

    Lavaboom is a secure webmail service similar to ProtonMail. Cryptography is implemented in JavaScript, the code is executed in a web browser.

    Scramble is open source, implemented on the basis of OpenPGPjs (similar to ProtonMail), but a relatively young project is not developing so rapidly. I indicated it on this list to give a more complete picture of the available services on the market.

    Openmailbox- encryption is implemented using the OpenPGP plugin for the Roundcube web client web project. The private key is saved in the Local Storage browser.

    Unseen - uses its own implementation, there is a text messaging service and voice calls. There are clients for mobile platforms and desktops.

    Unseen is also used by Roundcube with the OpenPGP plugin.
    From desktop clients I watched the version for Ubuntu and Mac. These are native wrapper applications that have a “website” embedded inside.

    What to do?


    Using a separate application for working with mail (mail client), using well-known cryptography implementations and a number of special security restrictions (for example, the inability to receive mail from third-party resources to minimize the number of possible attacks) are the best solution.

    Anyone who can implement the use of cryptography with public keys in an accessible (easy) form for ordinary ordinary users using well-known email clients (Apple Mail, Microsoft Outlook, email clients built into mobile OS and others) will win the love of users and will certainly become the most successful service!

    UPD: Thank you very much for the comments on the article and the questions! Complemented the article.

    Also popular now: