How can we improve ProtonMail?

Encryption of all metadata

If Protonmail is to be serious about privacy, I don't understand why all metadata isn't kept solely in encrypted form. I just signed up for Scryptmail and any data is kept in encrypted form, unreadable for any third party.

I don't see why it would be necessary to keep for instance the senders or subject titles in encrypted form when Protonmail doesn't support POP3 or IMAP.

The problem is that otherwise e-mail is inherently insecure, because if for instance a governmental entity wants to see your account, while they won't have access to the content of your e-mails, they can see what you're talking about (through the subjects), and most of all who you are talking to. So they can just go to the providers of the people you're talking to, and obtain all your info via proxy.

I think if Protonmail doesn't become a true zero knowledge service then it provides more or less a false sense of security.

3,291 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Olivier shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

We have given this quite a bit of thought, but at the present moment, it is not clear the advantages would outweigh the disadvantages.

The biggest problem is search. Encrypting all metadata would break metadata search entirely on the web client as there is still no efficient way to handle search of encrypted data within a browser.

Secondly, metadata encryption’s value from a privacy standpoint is also somewhat dubious. Because we ultimately must deliver the message to the recipient, we must know who the recipient is. At the current time, there still isn’t any proven and viable way to work around this.

Metadata encryption is an area of continued research for us, and when the opportunity arises and the technology for doing this matures, we will definitely implement it in ProtonMail.

28 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...
  • Farid Hajji commented  ·   ·  Flag as inappropriate

    "Encrypting all metadata would break metadata search entirely on the web client as there is still no efficient way to handle search of encrypted data within a browser."

    To people reading here, they are probably talking about FHE (fully homomorphic encryption) performance. Basically, they would need to search in encrypted data without decrypting it first, because if they could decrypt it, there would be no point in encrypting it in the first place.

    Performing operations (such as searching) on encrypted data without decrypting it first may seem paradoxical, but is indeed possible, if you use something called fully homomorphic encryption (FHE).

    Mid 2017, FHE was still pretty slow, and running search on encrypted data was still way out of reach, especially for mobile devices (think: even a fully charged battery won't be enough to perform the required calculations for even a single search). That's why seach in encrypted data was impractical at this point.

    However, two years later in mid 2019, FHE performance improved significantly and is really starting to become practial. Check out the talk by Daniele Micciancio at EUROCRYPT 2019 a few days ago:

    https://www.youtube.com/watch?v=TySXpV86958

    As FHE matures, we may hope to see affordable search in encrypted data in the years to come.

  • Jackie commented  ·   ·  Flag as inappropriate

    I just subscribed to ProtonMail Plus since I'm pleased to support your cryptography research. Your company has brought awareness to the general public that unencrypted email is not secure, and made PGP encryption accessible to a non-technical audience (sending from ProtonMail to ProtonMail addresses) - and for this I will be forever grateful.

    However I was a little bit disappointed that metadata such as email subject lines is not encrypted, since the subject lines, sender, and recipient were readable in plain-text after I recovered my password using a backup email address, despite the loss of the original encryption key. Metadata reveals more about one's communications than one might initially realize, and is the underpinning of most "dragnet" bulk surveillance programs.

    Please consider implementing client-side encryption/decryption of metadata going forward into the future. With the growing computing power of most client devices nowadays (including mobile devices), decryption of metadata on-the-fly to facilitate features such as full-text search should be achievable. The small degradation in performance is a small price to pay for more complete privacy.

    Thank you in advance for the consideration, from a ProtonMail Plus user!

  • Suggestion commented  ·   ·  Flag as inappropriate

    Why not put the search on us, with a note that it is resource-consuming? I think Tutanota guys pretty much got the right idea, they have the search turned of by default, and when you want to search, they show a pop-up saying that the search is consuming device resources; something like "Use at your own risk" x)
    Another approach might be to leave it as an option, thus leave the current implementation as default, and also have some checkbox in the settings saying "Encrypt metadata (ALERT: resource-consuming e-mail search will be done on client-side)"

  • Aiah commented  ·   ·  Flag as inappropriate

    I very strongly agree with Oliver (June 12, 2015) who wrote that without encrypting metadata a mail service is not effectively private. I used to be a premium (paying) member of Protonmail because I wrongly assumed that both mail body & metadata were encrypted. Once I learned otherwise, I started treating my PM account like my Gmail account, assuming that if someone wanted badly enough to read my correspondences with my legal clients they could. Sadly (for my relationship with PM), now I have a paid subscription with another email provider that guarantees metadata encryption (also). If PM enhances its product, I'd happily subscribe once more.

  • Snape commented  ·   ·  Flag as inappropriate

    @Peter

    Wheres the fox hat? I log into Tutanota and see just the same old interface. Nothing like that blog post, which also mentions nothing on when this will all be available.

  • SinCabeza commented  ·   ·  Flag as inappropriate

    Yes search is the problem. The sole(?) reason why Tutanota doesn't have search where protonmail does; in that case Tutanota encrypts everything and so searches nothing.

    BUT but but, I hear something coming out of research from some academics in India; news of the possibility of searching over encrypted data *without* having to first decrypt. All theory once but now proven? Now if that becomes possible what an interesting world that will be; Will protonmail become redundant? Will Google go bankrupt?

  • K. Lindstrom commented  ·   ·  Flag as inappropriate

    If metadata is a privacy issue,would it not be much better to load a Veracrypt file onto an OwnCloud server in Switzerland or Norway and share the access link and encryption keys with the intended correspondent? That way no metadata is even generated or needed. You just append your new message to your shared correspondence file and let the recipient know to look at the file via Protonmail or an anonymous riseup.net email. I think Protonmail should offer cloud file storage with Veracrypt functionality built in. That would be a major contribution towards security and anonymity

  • Anonymous commented  ·   ·  Flag as inappropriate

    Consider making encrypted metadata opt-in, and advise people if they opt-in they will lose the search funtions.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Search is already NOT working - if you can't find anything than ... privacy must be a balanced thing, unless you are a super terrorist or something.

    As we speak, I have only an account for testing with a few mails, and I can't search the body for something so having hundred of payments without the ability to search for specific words and such is a no way for me.

  • wary commented  ·   ·  Flag as inappropriate

    I have to say that since Protonmail has taken this stance on metadata and since they recently came out in favor of Net Neutrality I am seriously thinking that they me be a form of controlled opposition. They lull clients into thinking they are using a secure medium only to be blatantly supporting the spying government agencies through passively continuing to provide them with metadata and acting as a megaphone for invasive government control over the internet. I, for one, am going to start using Scryptmail as they encrypt everything and Sergie doesn't seem to be a USGOV shill.

  • buggy commented  ·   ·  Flag as inappropriate

    Yeah, this is serious issue if you care about privacy.

    It's the elephant in the room right now.

    Why isn't metadata being encrypted?

    Is protonmail working on things like calendar integration and a dozen other features while ignoring this major privacy issue?

  • n/a commented  ·   ·  Flag as inappropriate

    Why are you NOT encrypting subject lines -Tutanota does.

  • n/a commented  ·   ·  Flag as inappropriate

    Why does Protonmail not encrypt meta data? It should and quickly.

  • Pop commented  ·   ·  Flag as inappropriate

    Encrypted metadata is THE thing that ProtonMail is lacking.

    Along with a way to ensure that the client hasn't been tampered with. (Having it be loaded from the server every time, all the time, is not ideal)

← Previous 1

Feedback and Knowledge Base