Skip to content

How can we improve Proton Mail or Calendar?

← Proton Mail & Calendar

Encryption of all metadata

If Protonmail is to be serious about privacy, I don't understand why all metadata isn't kept solely in encrypted form. I just signed up for Scryptmail and any data is kept in encrypted form, unreadable for any third party.

I don't see why it would be necessary to keep for instance the senders or subject titles in encrypted form when Protonmail doesn't support POP3 or IMAP.

The problem is that otherwise e-mail is inherently insecure, because if for instance a governmental entity wants to see your account, while they won't have access to the content of your e-mails, they can see what you're talking about (through the subjects), and most of all who you are talking to. So they can just go to the providers of the people you're talking to, and obtain all your info via proxy.

I think if Protonmail doesn't become a true zero knowledge service then it provides more or less a false sense of security.

2,072 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Olivier shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Under review  ·  AdminProton (Admin, Proton) responded  · 

We have given this quite a bit of thought, but at the present moment, it is not clear the advantages would outweigh the disadvantages.

The biggest problem is search. Encrypting all metadata would break metadata search entirely on the web client as there is still no efficient way to handle search of encrypted data within a browser.

Secondly, metadata encryption’s value from a privacy standpoint is also somewhat dubious. Because we ultimately must deliver the message to the recipient, we must know who the recipient is. At the current time, there still isn’t any proven and viable way to work around this.

Metadata encryption is an area of continued research for us, and when the opportunity arises and the technology for doing this matures, we will definitely implement it in ProtonMail.

Show previous admin responses (2)

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • n/a commented  ·   ·  Report

    Why does Protonmail not encrypt meta data? It should and quickly.

  • Pop commented  ·   ·  Report

    Encrypted metadata is THE thing that ProtonMail is lacking.

    Along with a way to ensure that the client hasn't been tampered with. (Having it be loaded from the server every time, all the time, is not ideal)

  • JM commented  ·   ·  Report

    Agree with this too

  • Richard commented  ·   ·  Report

    I agree that encryption of all metadata is a must since to many of the state sponsored threats are less worried about what is being said as they are about who is talking to who ProtonMail could even do this easily by having its servers understand that an email from protonmail to protonmail does not even need to be sent out but could be delivered inside the server so that an unencrypted version of metadata never needs to be released online. There was an artical published about a reporter that emailed a Tibetan monk which set off an attack on his email be a suspected Chinese agency if protonmail mail supported this and they both had protonmail accounts there would be no way to know that they were even communicating.

  • Mick commented  ·   ·  Report

    Supporting DIME should be a priority for the protonmail. Otherwise the users should direct themselves to other solutions like postdeo/riseup.net.. or other services like scryptmail/mailfence.com - who either support metadeta encryption or working to achieve it soon.

  • fabian commented  ·   ·  Report

    Absolutely! Please join Dark Mail Alliance to provide Meta-Data encryption with mails leaving the Protonmail infrastructure when Protonmail users need to communicate with people outside of ProtonMail-Ecosystem

    Please also Implement PGP-Support, as many users outside of Protonmail rely on PGP for end to end encryption. Warn users about their exposure of MetaDate being intercepted or Endusers foreign account is using a less secure service where privacy can't be guaranteed (making users aware, when they are exposing themselves by employing a practice that is less secure than what we learned to enjoy, expect and rely on within this exceptional service!)

  • TA commented  ·   ·  Report

    +1 (out of votes)
    +1 for DIME support

    I would be very happy if ProtonMail published more details on their security in a user-friendly format... I just don't have the time to read source.

    SECURE! SWISS! SECURE! SWISS! ... is just too much marketing and not enough serious security! Thank you!

  • LauMol commented  ·   ·  Report

    I agree with this. I hope they start to look into it soon.

  • Anonymous commented  ·   ·  Report

    I totally agree with this, i wonder why they don't do it

1 3 Next →

Proton Mail & Calendar: New feature

Categories

Feedback and Knowledge Base

(thinking…)