Encryption of all metadata
If Protonmail is to be serious about privacy, I don't understand why all metadata isn't kept solely in encrypted form. I just signed up for Scryptmail and any data is kept in encrypted form, unreadable for any third party.
I don't see why it would be necessary to keep for instance the senders or subject titles in encrypted form when Protonmail doesn't support POP3 or IMAP.
The problem is that otherwise e-mail is inherently insecure, because if for instance a governmental entity wants to see your account, while they won't have access to the content of your e-mails, they can see what you're talking about (through the subjects), and most of all who you are talking to. So they can just go to the providers of the people you're talking to, and obtain all your info via proxy.
I think if Protonmail doesn't become a true zero knowledge service then it provides more or less a false sense of security.
We have given this quite a bit of thought, but at the present moment, it is not clear the advantages would outweigh the disadvantages.
The biggest problem is search. Encrypting all metadata would break metadata search entirely on the web client as there is still no efficient way to handle search of encrypted data within a browser.
Secondly, metadata encryption’s value from a privacy standpoint is also somewhat dubious. Because we ultimately must deliver the message to the recipient, we must know who the recipient is. At the current time, there still isn’t any proven and viable way to work around this.
Metadata encryption is an area of continued research for us, and when the opportunity arises and the technology for doing this matures, we will definitely implement it in ProtonMail.
-
Aiah commented
I very strongly agree with Oliver (June 12, 2015) who wrote that without encrypting metadata a mail service is not effectively private. I used to be a premium (paying) member of Protonmail because I wrongly assumed that both mail body & metadata were encrypted. Once I learned otherwise, I started treating my PM account like my Gmail account, assuming that if someone wanted badly enough to read my correspondences with my legal clients they could. Sadly (for my relationship with PM), now I have a paid subscription with another email provider that guarantees metadata encryption (also). If PM enhances its product, I'd happily subscribe once more.
-
nucleartell commented
@Snape
You probably logged in to the old client (https://app.tutanota.com/#login) which I think is still used as the default.
The new client (https://mail.tutanota.com/login) is the one that has support for search.
-
Snape commented
@Peter
Wheres the fox hat? I log into Tutanota and see just the same old interface. Nothing like that blog post, which also mentions nothing on when this will all be available.
-
nucleartell commented
@SinCabeza Tutanota does have search: https://tutanota.com/blog/posts/first-search-encrypted-data
-
SinCabeza commented
Yes search is the problem. The sole(?) reason why Tutanota doesn't have search where protonmail does; in that case Tutanota encrypts everything and so searches nothing.
BUT but but, I hear something coming out of research from some academics in India; news of the possibility of searching over encrypted data *without* having to first decrypt. All theory once but now proven? Now if that becomes possible what an interesting world that will be; Will protonmail become redundant? Will Google go bankrupt?
-
K. Lindstrom commented
If metadata is a privacy issue,would it not be much better to load a Veracrypt file onto an OwnCloud server in Switzerland or Norway and share the access link and encryption keys with the intended correspondent? That way no metadata is even generated or needed. You just append your new message to your shared correspondence file and let the recipient know to look at the file via Protonmail or an anonymous riseup.net email. I think Protonmail should offer cloud file storage with Veracrypt functionality built in. That would be a major contribution towards security and anonymity
-
Anonymous commented
Consider making encrypted metadata opt-in, and advise people if they opt-in they will lose the search funtions.
-
Anonymous commented
Search is already NOT working - if you can't find anything than ... privacy must be a balanced thing, unless you are a super terrorist or something.
As we speak, I have only an account for testing with a few mails, and I can't search the body for something so having hundred of payments without the ability to search for specific words and such is a no way for me.
-
wary commented
I have to say that since Protonmail has taken this stance on metadata and since they recently came out in favor of Net Neutrality I am seriously thinking that they me be a form of controlled opposition. They lull clients into thinking they are using a secure medium only to be blatantly supporting the spying government agencies through passively continuing to provide them with metadata and acting as a megaphone for invasive government control over the internet. I, for one, am going to start using Scryptmail as they encrypt everything and Sergie doesn't seem to be a USGOV shill.
-
buggy commented
Yeah, this is serious issue if you care about privacy.
It's the elephant in the room right now.
Why isn't metadata being encrypted?
Is protonmail working on things like calendar integration and a dozen other features while ignoring this major privacy issue?
-
anon commented
Here is a suggestion I put forwards in regards to metadata. Phil Zimmermann, creator of PGP, is working with a group of people to create a new protocol that will encrypt metadata too:
https://protonmail.uservoice.com/forums/284483-feedback/suggestions/17699374-dark-mail-alliance-collaboration -
J. commented
+1
-
n/a commented
Why are you NOT encrypting subject lines -Tutanota does.
-
n/a commented
Why does Protonmail not encrypt meta data? It should and quickly.
-
anon commented
Here is a related suggestion posted by the ProtonMail Team themselves, that looks like it would do the job of hiding all metadata and deserves support: https://protonmail.uservoice.com/forums/284483-feedback/suggestions/7158454-implement-http-www-techopedia-com-definition-169
-
Pop commented
Encrypted metadata is THE thing that ProtonMail is lacking.
Along with a way to ensure that the client hasn't been tampered with. (Having it be loaded from the server every time, all the time, is not ideal)
-
JM commented
Agree with this too
-
Richard commented
I agree that encryption of all metadata is a must since to many of the state sponsored threats are less worried about what is being said as they are about who is talking to who ProtonMail could even do this easily by having its servers understand that an email from protonmail to protonmail does not even need to be sent out but could be delivered inside the server so that an unencrypted version of metadata never needs to be released online. There was an artical published about a reporter that emailed a Tibetan monk which set off an attack on his email be a suspected Chinese agency if protonmail mail supported this and they both had protonmail accounts there would be no way to know that they were even communicating.
-
Mick commented
Supporting DIME should be a priority for the protonmail. Otherwise the users should direct themselves to other solutions like postdeo/riseup.net.. or other services like scryptmail/mailfence.com - who either support metadeta encryption or working to achieve it soon.
-
fabian commented
Absolutely! Please join Dark Mail Alliance to provide Meta-Data encryption with mails leaving the Protonmail infrastructure when Protonmail users need to communicate with people outside of ProtonMail-Ecosystem
Please also Implement PGP-Support, as many users outside of Protonmail rely on PGP for end to end encryption. Warn users about their exposure of MetaDate being intercepted or Endusers foreign account is using a less secure service where privacy can't be guaranteed (making users aware, when they are exposing themselves by employing a practice that is less secure than what we learned to enjoy, expect and rely on within this exceptional service!)