Email encryption made simple with ProtonMail

January 2, 2015

I was glad to see an email from ProtonMail this morning saying that my beta account was ready (^^,) I clicked on the provided link & created my email account. The setup was simple and straightforward. It already filled up my username and I couldn’t change it. It was the same username as I had chosen when signing-up for a beta test months ago.

What is ProtonMail?

Protonmail_logo.smallProtonMail is a web-based encrypted email service. It was started by some folks who met at CERN Research Facility. Talks continued at the MIT Campus and with some guidance from the MIT Venture Mentoring Service they turned their idea into something real.

Email messages are both stored and transferred in an encrypted format. The mechanisms behind ProtonMail rely on open source cryptography, AES, RSA and OpenPGP.

Emails sent to a recipient will self-destruct once they expire. Oh, I so much love this feature. The email deletes itself once the purpose served. One may set the number of hours for the email to live, after which the message deletes itself. In the case of unencrypted emails the messages can be left not to self-destruct. However, if the time isn’t set for encrypted emails, the same will auto-destroy in 4 weeks (set by default, also that’s the maximum life). During my test though the message has been set to auto-destroy in 2 weeks time, when I left the default settings.


PM stands for ProtonMail

When an encrypted email is sent to a non-ProtonMail user, the latter receives a notification with a link to access the encrypted message.


Notification sent by ProtonMail informing recipient of an encrypted email

Upon clicking the link, the person is prompted to enter the password to decrypt the email. One needs to communicate the decryption password to the person.


Upon successful decryption, the message is displayed.


Been a while I wanted a simple to use web-based email encryption facility. ProtonMail came up with what I need.


Keeping in mind that this service is security-centric, I was expecting that web form autocomplete feature is disabled globally. Right now, my browser prompts me to remember encryption & decryption passwords, which makes no sense.