In the latest update of ProtonMail, users can now take advantage of the full (Pretty Good Privacy) PGP support and address verification tools, for added security. In order to allow others to more easily find your public encryption key to send you a secure message, the email service has also launched its own public key server. Bringing PGP support to the service is important because it now allows users to securely email non-ProtonMail users.
With address verification, users are more protected against (Man-in-the-Middle) MITM attacks. In the past, it was possible for an attacker to intercept communications if ProtonMail was ever compromised. From there, they could engage in communications with others using a fake public encryption key, which the attacker had the private key to, allowing them to read the messages. With address verification, users can opt to trust the public keys used in the emails they receive if they know it’s a legitimate email.
The saved public key is then assigned to the contact in the encrypted contact feature that was introduced in ProtonMail previously. If an attacker decides to send you an email under someone else’s name, you’ll now be able to verify the sender with address verification. ProtonMail describes this as an advanced feature and most casual users don’t need to worry about it.
The other new feature, and probably the most notable, is PGP encryption which means that ProtonMail users can finally send encrypted communications to non-ProtonMail contacts. To accompany this feature, the email service has also launched its own public key server so non-ProtonMail users can find your public key details, allowing them to send you an encrypted message.
In the announcement, Andy Yen of ProtonMail wrote the following about PGP encryption:
“PGP, because it is built on top of email, is therefore also a federated encryption system. Unlike other encrypted communications systems, such as Signal or Telegram, PGP doesn’t belong to anybody, there is no single central server, and you aren’t forced to use one service over another. We believe encrypted communications should be open and not a walled garden. ProtonMail is now interoperable with practically ANY other past, present, or future email system that supports the OpenPGP standard, and our implementation of this standard is also itself open source.”
ProtonMail admits it still has a long way to go before it makes privacy accessible to everyone and plans to attempt to do this over the coming months and years.
Let us know in the comments whether you use ProtonMail and let us know what you think about it. Do you think others should switch too?
Image via Person Centered Tech