Subject Line Encryption
As far back as 2018, Enigmail/Kleopatra/Thunderbird/GnuPG has been using the Memory Hole standard to include the subject line in the encrypted portion of the PGP message. ProtonMail has maintained that the use of PGP is what holds them back from encrypting the subject line, but that's not true. Enigmail puts a fake, filler subject line in the header and puts the real subject line text encrypted within the body. What's worse is ProtonMail arbitrarily blocks using Enigmail to encrypt an email with a different PGP key underneath the "normal" ProtonMail key. So not only does Proton not include this subject line feature, they go out of their way to prevent you from using it. I can literally encrypt more in Thunderbird with my Gmail account than I can with ProtonMail's Bridge. That's ridiculous. There is no reason for ProtonMail to dictate to me what I put in my emails. If I want to send a PGP-encrypted email to someone outside of ProtonMail using Thunderbird, that should be allowed. I thought the whole reason Proton gave for using PGP instead of something like Tutanota was to be more compatible with others' PGP encryption. Now they're really doing the exact opposite - worst of all worlds.
When will ProtonMail allow PGP/MIME encryption of the subject line in the same way as Enigmail? It's a huge difference between Proton and and competitors. Proton can do what Tutanota does without leaving PGP. Will ProtonMail at LEAST allow using Enigmail PGP encryption and then add Proton's encryption on top of it, if necessary, so that I can encrypt my subject line if I want? I want to stay with ProtonMail, but being four years behind on this and other things, like full encrypted search, calendar, fully encrypted contacts, etc. that Tutanota offers for a lower price makes it hard to justify. Can we at least get this part fixed? I know calendar is coming, even if the other things aren't.
Thanks for all you have done. I hope to see Proton continuing to grow - happy to be a paid supporter.

5 comments
-
GM commented
Meanwhile, a "notice" underlining that the subject field is unencrypted might help the less savvy user.
-
Anonymous commented
Please make the subject line encrypted for all PGP emails and for the Non-Protonmail users encrypted emails.
-
Henry commented
people will forget and therefore the subject which can give away lots of the email details will be send in a insecure way. This will fix this.
-
Anonymous commented
would like the subject to be encrypted also
-
Anonymous commented
Please use a generic subject name such as "Encrypted email from ProtonMail". Right now encrypted emails will leak the subject which is considered metadata.