Privacy-oriented email service ProtonMail has decided to take their security measures a step further by announcing the release of their new Tor hidden service.
This ProtonMail onion site is the much-awaited gateway for users who prefer to connect to their already encrypted accounts through Tor, the much more secure platform.
When asked why they decided to push in this direction, ProtonMail founder and CEO Andy Yen spoke about the increasing censorship and government surveillance carried on most of the users of the service.
He divulged that the move was a counter-measure of sorts to prevent governments from censoring access to the site and hackers from performing man-in-the-middle attacks on the ProtonMail connections.
Spawned in 2014 following the infamous Edward Snowden revelations, ProtonMail is the brainchild of CERN and MIT scientists who felt the need to address the allegations of mass surveillance that were brought out by Snowden’s report.
Prior to their move to use Tor as an additional layer of security for their users, ProtonMail relied on client-side encryption to keep third parties from accessing its users’ communications.
While this translated to much more secure email communications, it also meant that ProtonMail never had the luxury of plaintext content.
A Haven for Citizens Searching for Privacy
ProtonMail has acted as a place of refuge for many citizens who have felt the need to protect their communications from the government.
The encrypted email service looks formidable especially when paired with the rock-solid privacy laws of Switzerland.
This is a reputation that has come with its fair share of challenges to the encrypted email service, specifically in the form of massive DDoS attacks purportedly from its nation-state enemies.
Despite aggressive acts such as this, the ProtonMail user base has grown exponentially, with a notable spike in sign-ups witnessed immediately following Donald Trump’s election to the position of President of the United States last year in November.
Enhanced Privacy for ProtonMail Users
Their new onion site can be found at https://protonirockerxow.onion, the second notable HTTPS .onion site we have seen since Facebook took the initiative to create a .onion site for users who felt the need for more privacy—a successful move in many ways since over 1 million users have since accessed their accounts using Tor—two years ago.
Yen listed off the perks of adding Tor to their arsenal of security measures, noting that it will hide its users’ IP addresses in addition to anonymizing ProtonMail connections
While some of the ProtonMail developers can’t help but notice the redundancy of using an HTTPS .onion site, it was more or less their only option since ProtonMail was only able to acquire their certificate from DigiCert.
Yen listed this as a perk too, however, saying that enforcing the HTTPS by default would keep the ProtonMail users safe if the Tor service was ever hacked.
Alternatively, Tor would prevent its users’ accounts from getting compromised if the HTTPS was ever compromised—a reasonable possibility given that most of the trusted Certificate Authorities could be under the direct control of governments, especially in high-risk countries.
To increase anonymity further use TOR as this page suggests.
He also mentioned that the site’s new layout is more resistant to phishing attacks.
A More “Human Readable Hash” for ProtonMail’s New URL
ProtonMail also mentioned that it had used up a considerable amount of CPU time to generate encryption keys in the millions, which it then used to make a hash that was more “human readable.
” Yen still advises the ProtonMail users to be extra cautious and to make sure to double-check the site’s credentials (including the SSL certificate for Proton Technologies AG) before signing up or logging into their accounts.
Due to the relative newness of the site, users may have varying experiences or not have access to the site at all.
However, the ProtonMail CEO advises the privacy-hungry users of ProtonMail to use the new onion site from now henceforth.