ProtonMail is a secure email service designed to protect your inbox and identity. So how exactly is ProtonMail different from a “regular” email provider like Gmail? And, more importantly: Is it time to make the switch?
What Is ProtonMail?
While all major email services claim to respect your privacy, ProtonMail goes further than most in a bid to protect you. That’s what makes it different from the big email providers like Google’s Gmail and Microsoft’s Outlook.com.
ProtonMail is one of a handful of so-called secure email providers that shun the traditional webmail route of plentiful free storage and integrated services in favor of heightened privacy and security features. Unlike with Gmail, you’ll have to pay to unlock many of these additional bells and whistles. Google profits off its free Gmail service by showing you ads, while ProtonMail doesn’t have any ads.
Google and Microsoft use standard good security practices like two-factor authentication and securing the connection between your browser and their servers. ProtonMail goes further still by not logging identifying information, storing data on the server in a manner that’s useless to third parties, and better facilitating private conversations between users.
While ProtonMail sounds like an upgrade over Gmail, it does come with some caveats. The free plan is limited—for example, it only offers 500 MB of storage. Many of the features that make Gmail so useful aren’t possible in ProtonMail due to the emphasis on privacy and security. For example, it won’t automatically crawl through your email and add events to your calendar.
Deciding between a traditional provider like Google and a secure provider like ProtonMail is a case of weighing up convenience and privacy. If you want an email service with all the conveniences of Gmail, ProtonMail isn’t it.
ProtonMail Prioritizes Data Protection and Secure Messaging
ProtonMail encrypts all data on the server so that it is rendered useless to anyone without the key to decrypt it. In the case of a security breach, data swiped from ProtonMail’s servers wouldn’t be of any use. Not even ProtonMail can read your email.
This isn’t the case with standard webmail providers like Gmail, which only encrypts data between your browser and its servers. Google will use AI to “read” your email for services like the Google Assistant to make useful suggestions at opportune moments. Gmail can tell what you’re doing and when you’re doing it based on the contents of your inbox, and that’s become a feature that many users rely upon.
In addition to providing encryption on the server, ProtonMail also makes it easy to send encrypted messages between users. All communications between ProtonMail users are automatically end-to-end encrypted so that not even ProtonMail’s employees can read them. ProtonMail also facilitates the use of Pretty Good Privacy, or PGP, which allows you to “lock” email contents so that only recipients with the key can open them.
ProtonMail even allows you to send password-protected, self-destructing messages to users of any webmail platform. In essence, this is a bit of a trick, since the recipient must click on a link to open the message, but it works well enough, and it’s not something that Gmail or Outlook provides.
Using PGP inside of Gmail is possible but difficult, with browser extensions like Mailvelope and FlowCrypt making it easier to manage. Unlike with ProtonMail, which explicitly supports the feature, working with PGP inside of Gmail is much less streamlined and borderline unusable on mobile.
ProtonMail’s Servers Are Located in Switzerland
In addition to not being able to read the email stored on their servers, ProtonMail is based in Switzerland, where privacy laws are notoriously strict. This means that ProtonMail can’t be forced to hand over data to authorities in the U.S. Switzerland is not part of the Five Eyes intelligence-sharing agreement that exists between the U.S., Canada, Australia, the United Kingdom, and New Zealand.
By comparison, Google is located in the U.S. and may be forced by law to turn over information on its users. (And in the U.S., emails are considered “abandoned” after 180 days, so the government can request them without a warrant.) This includes inbox contents, metadata, IP addresses, and more. This information can then be shared with other members of the Five Eyes allegiance.
Because Google stores data in an unencrypted format on their servers, you don’t need decryption keys to make use of it. The entire contents of your inbox could be handed over to authorities and used against you. If Google experiences a data breach and user data is leaked, there’s no safety net in place to prevent that data from being used.
In the case of Gmail, identifying information like your IP address, real name, cell phone number, and locations from which you have logged in are all stored alongside the contents of your inbox.
ProtonMail Knows Very Little About You
ProtonMail doesn’t require that you provide any identifying information to create an account. You only need to supply a username (the email address you will be using) and a password. You can link a recovery email if you want, but you don’t have to.
On top of this, ProtonMail logs very little about its users. No IP addresses are stored, and tracking is not used to follow users from one site to the next. Metadata is discarded so that it’s harder to link an email to a point of origin. ProtonMail attempts to make you as anonymous as possible, though you should never assume complete anonymity online.
Google is the web’s largest advertising company. It’s responsible for a huge amount of the tracking that takes place across the web. Tools like Google Analytics help website owners monitor traffic, while Google’s advertising arm monitors your web usage to provide “relevant” advertising that you’re more likely to click on.
Google also runs many other popular services. Tracking users removes the need to keep logging in when moving from Google Maps to YouTube or from Gmail to Google Drive.
ProtonMail Is Completely Open Source
ProtonMail is open source, too. You can hop on GitHub and download the code for the ProtonMail webmail application. You can deploy it on your own server if you know how—or simply comb through the codebase looking for bugs or potential security flaws. ProtonMail also uses well-established open-source cryptography techniques including AES, RSA, and OpenPGP.
Having an open-source codebase has two main benefits. The first is that the code can be audited by anyone. ProtonMail states that they do not include backdoor access for law enforcement or security agencies to use. Don’t believe it? Download the source code and have a look for yourself.
The other upside to open-source code is that anyone can try and break ProtonMail’s security. This “crowdsourced” approach to security exposes any potential weaknesses in a way that closed-source applications do not.
Google also uses open-source technologies, but the Gmail codebase is ultimately closed. Closed-source code isn’t inherently insecure, but it can’t be tested quite in the same way that open-source code can.
Gmail Sacrifices Privacy for Features
On the flipside, Gmail comes with bags of features not seen in ProtonMail. Gmail can be used on virtually any device using virtually any mail app, including basic iPhone and Android mail apps.
Due to the way that ProtonMail handles encryption, you can’t connect your smartphone’s default mail app to your account and use it as is. To access ProtonMail on mobile, you’ll need to download the Android or iPhone app or log in via the webmail interface.
Gmail is also completely free, with a whopping 15GB of space available to anyone who needs it. This space is shared among your other Google services, and you can buy more for relatively little. Google doesn’t wall off features behind paywalls (unless you’re a Business user). Free accounts get everything: corporate-grade spam filters, optional experimental features, mail aliases, the lot.
ProtonMail is fairly limited by comparison. The free account is limited to 500MB of space and 150 messages a day. Features that are free with Gmail, like custom filters and an autoresponder, require a premium €4/month account. You get three labels, three folders, and a single address (no custom domains) for free.
This isn’t necessarily a bad thing, but decades of free webmail and massive space allocations have convinced many of us that email isn’t a service we should be paying for.
Gmail is also deeply integrated with Google’s other services. Google Assistant can check your inbox for relevant information about upcoming trips or purchases you have made. This enables all manner of interesting and genuinely useful AI-powered features.
ProtonMail is an email service first and foremost, although the company also provides a VPN service and has encrypted calendar and file storage apps in development. There’s no shared pot-of-cloud storage, no machine-learning AI to get your boarding pass ready at the airport gate, and no companion search engine, map, or video-hosting service.
Should You Ditch Gmail for ProtonMail?
By now, you’ve probably already made up your mind about switching to a secure email service like ProtonMail or staying with Gmail. Ultimately, there’s no right answer. Most of Google’s users will never have their data handed over to authorities, and many will happily trade privacy for convenience.
But if you’re looking for an email service that does go the extra mile in protecting you, ProtonMail is a solid option.
Trying to break free from the Big G? Learn what you can do to remove Google from your life.