Encryption is a tricky business. You’ll run into terms like TLS, zero-knowledge, and end-to-end encryption, which have discrete meanings with important differences. Proton Mail, one of the most secure and best email services, provides multiple options for maintaining privacy. Some are activated by default in certain circumstances. To help you get the most from the platform, we explain common terms, how they apply to Proton Mail, and the steps to ensure your messages are safe from prying eyes.



Related

Why I ditched Gmail for Proton Mail

Two decades of Gmail was enough for me, thanks


The important encryption basics

Always start with properly defined terms

A generic security lock showing digital encryption with a blue background

Source: Pixabay

Encryption revolves around simple concepts that have esoteric-sounding names. Understanding what each means is the first step to trusting a platform and taking privacy and security into your own hands. Here are the basic terms to remember:


  • Encryption algorithm: An equation that encodes a plaintext message so that only intended parties can read it. Broad examples include ECC, RSA, and AES. Each has different pros, cons, use cases, and subtypes.
  • Symmetric and asymmetric encryption: Symmetric encryption uses a single key to encode and decode. Most email services use it. In symmetric encryption, the server holds the keys and can decode your on-server emails. Asymmetric encryption requires two keys, typically public and private keys, and is more secure.
  • Public and private keys: A key is a high-complexity password that tells a program how to encode or decode data and make it unreadable to parties without the relevant key. A public key encrypts a message you send to someone. The recipient uses a private key to decode an encrypted message.
  • PGP (Pretty Good Privacy): A program that uses encryption keys to encode data and keep it secret from anyone without said keys. It’s been around since 1991. The latest versions leverage the open source-verified OpenGPG standard. It’s considered uncrackable as long as the private keys remain private.
  • TLS encryption: Transport Layer Security indicates a message is encrypted while in transit to and from a server. It does not guarantee that the server and its operators lack access to the message. TLS-encrypted messages can be stored in message servers in plain text, meaning anyone with server access can read the contents.
  • End-to-end encryption: This descriptor indicates a message is encrypted by the sender, decrypted by the recipient, and unreadable by any entity at any point in between. Look for E2EE when you want complete privacy in messaging.
  • Zero-knowledge encryption: ZK describes messages encrypted to reveal information on a need-to-know basis. It’s context-dependent and not pertinent to most consumer uses. If a consumer-level application (for example, a popular email service) heavily advertises this term, it’s probably being misapplied. Most people don’t need to worry about zero-knowledge encryption.
  • Message signing: A digitally signed message uses your private key to prove that you sent the message. A recipient uses your public key to decrypt the signature and view that proof. It’s an integral part of ensuring you’re communicating with the entities you think you are.


Related

How to send encrypted and confidential emails on Gmail

Maximize your privacy while using Gmail

What types of encryption does Proton Mail offer?

Between Proton Mail users

All messages sent between Proton Mail users use E2EE by default. No one at Proton can read or decode these messages. All you need to do to use E2EE encryption when emailing other Proton Mail is send an email.

Password protection between Proton Mail and other email service users

Messages you receive are encrypted when they reach Proton servers but may be readable before that point. When a sent message leaves the Proton platform, it could be vulnerable to interception on other services.

Related

How to use Proton VPN’s browser extension

Browse privately and securely


The easiest way to ensure private communication is with Proton Mail’s built-in Password-protected Emails feature. It uses the open source, uncrackable OpenGPG protocol. To password-protect emails, click the External encryption lock icon in the lower-left corner of the New Message entry box. Enter a secure password and an optional password hint, then click the Set encryption button. The recipient enters the password upon receiving the message and is taken to a Proton Mail portal where they can decrypt and read its contents.

WhatsApp encourages users to backup their chat histories using end-to-end encryption.

Share the password via another secure platform to ensure complete security. Signal, Session, and Threema are three popular messaging services based on open source E2EE. WhatsApp uses a variant of the Curve25519 algorithm that the Signal Protocol uses, but WhatsApp’s implementation is closed source and could theoretically introduce server-level backdoors. Similarly, Telegram hasn’t provided evidence of complete end-to-end encryption, including server-side inaccessibility, although its in-transit message security has been thoroughly verified.


Related

Telegram was never ‘privacy-focused,’ but it had a lot of people fooled

Nobody’s watching you, anyway. Maybe

Sending PGP-encrypted messages between any email service

Proton Mail allows you to include the public key needed to decrypt any PGP-encrypted messages you send. However, to use PGP, the sender and recipient must use a separate program to encrypt and decrypt messages. Many mail services, including popular ones like Gmail and security-focused outlets like Tuta, don’t support PGP messaging.

Sending PGP-encrypted messages with Proton Mail is as easy as any service, but it takes extra steps to set up. It also comes with caveats and potential pitfalls, including lacking support for mobile web portals or third-party clients like Thunderbird.

Proton Mail’s integrated password protection feature is as secure as custom PGP encryption and signing, and it’s easier to use. The difference comes from a few restrictions, like a limitation to five replies from non-Proton users in a password-protected chain.


Related

Android security patches don’t matter as much as you think

You’re not that screwed when they stop

Keeping email communications safe and secure

Attention to detail is your friend

The weakest link in any privacy chain comes from the people who operate it. Small, seemingly inconsequential mistakes can weaken or nullify the most powerful encryption methods. Using Proton Mail doesn’t automatically ensure all your communications are 100% private. No service can do that, and be wary of any which claim it can.

Proton Mail provides multiple means of ensuring secrecy when you need it most. As long as you understand the technology and process, it isn’t difficult to maintain fully encrypted email chains that keep you, your movements, your belongings, and your intellectual property safe from prying eyes. You can also protect your privacy when browsing the web by using one of the best VPNs.

By Everett