As far back as 2018, Enigmail/Kleopatra/Thunderbird/GnuPG has been using the Memory Hole standard to include the subject line in the encrypted portion of the PGP message. ProtonMail has maintained that the use of PGP is what holds them back from encrypting the subject line, but that's not true. Enigmail puts a fake, filler subject line in the header and puts the real subject line text encrypted within the body.

When will ProtonMail allow PGP/MIME encryption of the subject line in this way? It's a huge difference between Proton and Tutanota and other competitors. I want to stay with ProtonMail, but being four years behind on this and other things, like full encrypted search, calendar, fully encrypted contacts, etc. that Tutanota offers for a lower prices makes it hard to justify. Can we at least get encrypted subject with this PGP/MIME standardized feature?

Thanks for all you have done. I hope to see Proton continuing to grow - happy to be a paid supporter.

Why just offer searchless option and limited search with minimal metadata and normal search. For limited user just need to accept responsibility to manage emails without search or limited search.

Searchable metadata could be just SMTP envelope fields, recipient and sender fields and timestamp of send/receive. Everything in DATA segment should be stored only in encrypted if user wants. There can obviously be duplicate data between but that should be accepted.

Main usage for metadata is also sorting. This is why I see sent/received time usable addition.

"Encrypting all metadata would break metadata search entirely on the web client as there is still no efficient way to handle search of encrypted data within a browser."

To people reading here, they are probably talking about FHE (fully homomorphic encryption) performance. Basically, they would need to search in encrypted data without decrypting it first, because if they could decrypt it, there would be no point in encrypting it in the first place.

Performing operations (such as searching) on encrypted data without decrypting it first may seem paradoxical, but is indeed possible, if you use something called fully homomorphic encryption (FHE).

Mid 2017, FHE was still pretty slow, and running search on encrypted data was still way out of reach, especially for mobile devices (think: even a fully charged battery won't be enough to perform the required calculations for even a single search). That's why seach in encrypted data was impractical at this point.

However, two years later in mid 2019, FHE performance improved significantly and is really starting to become practial. Check out the talk by Daniele Micciancio at EUROCRYPT 2019 a few days ago:

https://www.youtube.com/watch?v=TySXpV86958

As FHE matures, we may hope to see affordable search in encrypted data in the years to come.

Protonmail should encrypt the whole format of the email not just the content, The contact, subject line and attachments should be encrypted as well as its implemented in the tuatanota encrypted email app. That way less Metadata is available and the email as a whole is encrypted more

I just subscribed to ProtonMail Plus since I'm pleased to support your cryptography research. Your company has brought awareness to the general public that unencrypted email is not secure, and made PGP encryption accessible to a non-technical audience (sending from ProtonMail to ProtonMail addresses) - and for this I will be forever grateful.

However I was a little bit disappointed that metadata such as email subject lines is not encrypted, since the subject lines, sender, and recipient were readable in plain-text after I recovered my password using a backup email address, despite the loss of the original encryption key. Metadata reveals more about one's communications than one might initially realize, and is the underpinning of most "dragnet" bulk surveillance programs.

Please consider implementing client-side encryption/decryption of metadata going forward into the future. With the growing computing power of most client devices nowadays (including mobile devices), decryption of metadata on-the-fly to facilitate features such as full-text search should be achievable. The small degradation in performance is a small price to pay for more complete privacy.

Thank you in advance for the consideration, from a ProtonMail Plus user!

The subject line cannot be encrypted. Perhaps a subject line can be included in the email body, and replaced with message number in the subject line. The recipient would receive a message number. Say for example 1542175246. On the Protonmail side, 1542175246 is translated to Financial Document.

Maybe the subject line can be hashed. Ideas? Comments?

Why not put the search on us, with a note that it is resource-consuming? I think Tutanota guys pretty much got the right idea, they have the search turned of by default, and when you want to search, they show a pop-up saying that the search is consuming device resources; something like "Use at your own risk" x)
Another approach might be to leave it as an option, thus leave the current implementation as default, and also have some checkbox in the settings saying "Encrypt metadata (ALERT: resource-consuming e-mail search will be done on client-side)"

I very strongly agree with Oliver (June 12, 2015) who wrote that without encrypting metadata a mail service is not effectively private. I used to be a premium (paying) member of Protonmail because I wrongly assumed that both mail body & metadata were encrypted. Once I learned otherwise, I started treating my PM account like my Gmail account, assuming that if someone wanted badly enough to read my correspondences with my legal clients they could. Sadly (for my relationship with PM), now I have a paid subscription with another email provider that guarantees metadata encryption (also). If PM enhances its product, I'd happily subscribe once more.

@Snape

You probably logged in to the old client (https://app.tutanota.com/#login) which I think is still used as the default.

The new client (https://mail.tutanota.com/login) is the one that has support for search.

@Peter

Wheres the fox hat? I log into Tutanota and see just the same old interface. Nothing like that blog post, which also mentions nothing on when this will all be available.

@SinCabeza Tutanota does have search: https://tutanota.com/blog/posts/first-search-encrypted-data

Yes search is the problem. The sole(?) reason why Tutanota doesn't have search where protonmail does; in that case Tutanota encrypts everything and so searches nothing.

BUT but but, I hear something coming out of research from some academics in India; news of the possibility of searching over encrypted data *without* having to first decrypt. All theory once but now proven? Now if that becomes possible what an interesting world that will be; Will protonmail become redundant? Will Google go bankrupt?

If metadata is a privacy issue,would it not be much better to load a Veracrypt file onto an OwnCloud server in Switzerland or Norway and share the access link and encryption keys with the intended correspondent? That way no metadata is even generated or needed. You just append your new message to your shared correspondence file and let the recipient know to look at the file via Protonmail or an anonymous riseup.net email. I think Protonmail should offer cloud file storage with Veracrypt functionality built in. That would be a major contribution towards security and anonymity

Consider making encrypted metadata opt-in, and advise people if they opt-in they will lose the search funtions.

Search is already NOT working - if you can't find anything than ... privacy must be a balanced thing, unless you are a super terrorist or something.

As we speak, I have only an account for testing with a few mails, and I can't search the body for something so having hundred of payments without the ability to search for specific words and such is a no way for me.

I have to say that since Protonmail has taken this stance on metadata and since they recently came out in favor of Net Neutrality I am seriously thinking that they me be a form of controlled opposition. They lull clients into thinking they are using a secure medium only to be blatantly supporting the spying government agencies through passively continuing to provide them with metadata and acting as a megaphone for invasive government control over the internet. I, for one, am going to start using Scryptmail as they encrypt everything and Sergie doesn't seem to be a USGOV shill.

Yeah, this is serious issue if you care about privacy.

It's the elephant in the room right now.

Why isn't metadata being encrypted?

Is protonmail working on things like calendar integration and a dozen other features while ignoring this major privacy issue?

Here is a suggestion I put forwards in regards to metadata. Phil Zimmermann, creator of PGP, is working with a group of people to create a new protocol that will encrypt metadata too:
https://protonmail.uservoice.com/forums/284483-feedback/suggestions/17699374-dark-mail-alliance-collaboration

+1

Why are you NOT encrypting subject lines -Tutanota does.