Wish this audit had more details about the encryption system implemented and whether the rebuild meets their public encryption implementation specs (https://protonmail.com/security-details). This seems to be more about general web app OWASP type security audit.
Can ProtonMail focus on getting mail right before adding calendar and vpn and whatever else they pump in their newsletter? Their mobile email is atrocious- hello threading email chains? I was hoping to use this as a gmail replacement but it’s not even capable of replacing my spam yahoo account at this point. I support the cause but it seems like they are trying to do too much with too little.
The missing threading on mobile and overall app experience was what made me not switch to protomail. It wasn't the actual missing feature but the fact that when I googled for it I found people requesting this feature several years ago (maybe 2016) up until now and staff doesn't give any answer. So I thought it might not be the most customer focused business.
Proton Mail, if you're listening, the terrible mobile experience is why I'm switching providers. You promised a new mobile app, but it's been years and you've got nothing to show for it.
Heh, I need it in CLI, not Android. Practically the only thing I use VPN for is downloading some torrents, in a Docker container (Rtorrent). That they only now added it in Android makes me glad I left them approx 1,5 years ago.
I agree, UI and usability design look amateurish to me.
It is time for me to look for a better alternative, their speed of improvement in above mentioned areas is just one big disappointment.
Yeah I agree. I was trying to be a protonmail customer, but there was just too much friction.
In addition to the subpar UI, I was trying to import my (admittedly large) gmail mailbox into Protonmail, and it just did not work. I let it run for days, had to restart it, repeated the process for weeks, and after about 4 weeks I just had to give up…
It’s a shame because I really appreciate the security aspects of it, and the fact that they’re a small company / underdog.
The mobile app is so bad, nearly nothing works the way it should. Tap a Notification, you‘re lucky if the right mail opens, try to attach images on iOS? For while it sent HEIV images instead of jpegs, so normal people were out of luck; hope it doesn‘t crash? It does. The UI is also pretty ugly.
But it‘s not only the app that is bad, the web client was quite functional for a while apart from the missing login persistence. Then came the new UI now it just kind of works. Try to move/tag many mails after each other? Now you also have to deal with clicking away success boxes as they start piling up and overlapping the very UI elements you are trying to reach. There are threads but for some reason they are way more cumbersome to use than GMail’s. Everything is gigantic now as well. I haven‘t checked yet but during the beta I could just not find some settings anymore. Hope they got added before launch.
Android user here. I've not used the iOS version so cannot say what the differences are, but it works really well and is highly rated within the Play store. I imagine however that iOS users have higher standards, because let's be honest the majority of apps on the play store are garbage.
> Can ProtonMail focus on getting mail right before adding calendar and vpn and whatever else they pump in their newsletter?
Once companies grow past a handful of employees they usually go from everyone being a generalist who can work on every part of all their product to having specialists who only can deal with some of what the company does.
The various sites that report corporate information put the number of Proton employees in the 160-250 range. They are almost certainly well into the specialist phase. The people working on calendar and VPN and whatever would likely not be able to help with mobile email if they were shifted to that. If mobile email needs more work than those currently working on it can do, Proton needs to bring in more mobile and/or email specialists.
It would only make sense then to stop calendar and VPN work if they do not have sufficient budget to bring in people to help with mobile email and need to lay off people from other projects to free up the money.
> they usually go from everyone being a generalist
Interesting point.
At the same time, I think it won't take long at all for someone who develops a calendar mobile app to switch to working on an email mobile app. -- But maybe you meant the email web client? (Web vs native development?)
I think you're right that a VPN and related Linux kernel and networking is a different type of specialization, yes.
Wow so much hate for the mobile email client. I’ve been a happy user for a couple years now, I’m surprised there is so much distaste. Maybe I’m just not that picky? :)
On this subject, I thought the recent upgrade of the email web client was nice. Maybe we can hope for something similar with mobile soon?
I wanted to like PM and became a visionary subscriber years ago. But I left after painfully discovering that their web client (which was the only option at that time) was just not built for busy inboxes. Even today, many of the original pain points exist.
The UI is still clunky, and paging through the inbox is really terrible. Now they will promote their bridge to allow you to use Outlook or whatever, but that's not a solution for some of us.
I assume their need for revenue is what drives the features-before-improvements approach, but I know it is costing them some potential customers.
Nowadays I only use PM for special occasions, such as needing a temporary private email conversation with someone (who also sets up a new temp PM account).
I have found Tutanota to be much better in terms of usability. I can't speak for their security quality compared to PM, but honestly, unless you're only communicating with other local users, your emails are unencrypted at the other end. So the whole encryption topic is moot in many cases.
> the total lack of useful search sent me back to big G.
Just how bad is the search? Google's Gmail search is hot garbage.
I have 1 starred email with the subject "benefits info" that contains some info I reference semi regularly. I can't search and find it, even if I copy the subject and paste it into search.
My partner has similar issues, the search is mostly useless.
* Clarification: it's not that my search results are polluted other emails, that specific email does not show up at all in the results.
Since the data is encrypted at rest, then search within Proton is basically nerfed. It does work, but it's slow as I imagine it's having to download each email to search within it locally. Not sure if there's a good solution for that problem. I still use Proton because I value my privacy and can live with slow searches.
You just need to encrypt the search index alongside the emails. There are databases that have solved this problem.
The hacker's solution would be to put sqlite inside a truecrypt volume I suppose.
Edit: mount it over sshfs if you need end-to-end encryption. And pray that truecrypt and sqlite have optimized their read/write operations well enough.
I would edit my parent post if I could. I have just logged into ProtonMail web app after a few months of not using it, and it seems they have made a big upgrade. I cannot say if it solves all of my previous complaints, but it certainly has improved.
I use ProtonMail and ProtonVPN daily and the upgrade (which came about two months ago) is pretty significant. Namely one of my big complaints was that in the previous version your sessions weren’t preserved and you were always having to log back in. The client still needs some performance enhancements but is otherwise a pretty significant improvement over the old UI.
The packages are pretty good value IMO. For something like 100 euros per year you get secure email, two custom domains, and VPN. For someone who just needs exactly that for their personal websites and daily driver usage it’s great.
I have the same feeling. I simply can not do it with simply just folders and manual sorting, I have become dependant on automatic categorization like Google does.
Reading through this and thinking about my own needs (currently upgrading family members away from Gmail) - it looks like Proton Mail hasn't solved the graceful upgrade path from insecure to secure email.
Really what would be better called for here is a new protocol that can degrade gracefully, but it seems they've only given us a new app. Still it is nice to have people working on the problem.
I don‘t know what exactly it is but the posts on their blog always make me frustrated and angry. The mix of content marketing and technical details is just infuriating. It just feels like they start with an immense heap of bullshit and then start weaving in some nuggets of information.
My only complaint about PM is their spam handling. I continue to get spam, using the same exact body text, and it goes right to my inbox. Even after reporting. Their response is for me to continue reporting spam. This has been going on for months. No point in reporting spam if you will not even block it.
Spam filtering with zero false positives is an unsolved problem. So having some false negatives would tell me that this is a high quality service. Google et al just send job offers, credit card payment due reminders and high value customer queries to spam.
You are correct. However, iluvcommunism is criticizing the fact that ProtonMail isn't improving on filtering out real spam. Getting duplicate spam, again and again, is a waste of time. I would look at the spam folder once a day instead of deleting n-numbers of spam mails in the inbox.
When I moved an old e-mail domain to ProtonMail, the number of spam e-mails hitting my inbox increased dramatically. So it's not even close to as good as its competitors in this regard.
I moved to Tutanota. I now get even more spam :(. Google, Zoho and Yandex handle spam better (IMHO).
Regarding ProtonMail, they will tell you something like this:
Moving the messages to spam will automatically add the address to your blacklist.
And as we all know, spam is always sent from the same address, right? The Blocklist is useless in this context. They just need to improve their spam filter. The rest is fine (IMHO).
All blocklists are useless in some contexts. There's not even a silver-ish bullet against spam. Sender blacklist however is one of the most effective ones, but at some point yeah you might have to create filters to match certain subjects and stuff.
I guess ProtonMail could hire someone to just improve spam filtering, that'd be the only thing that'd rise the filtering quality really.
Gmail has been sending every email from to ubuntu-security-announce@lists.ubuntu.com to spam for me for the last several months. Anyone else? I've been marking every single one of them as 'Not Spam', but to no avail.
(I do realize I can create an explicit filter rule to avoid this, but at this point I just want to see how it plays out.)
Well, I don't expect SPF to pass, because it's forwarded from another address and SPF is stupid and breaks forwarding. In this case, though, the SPF says neutral and even hard fail doesn't cause persistent problems with other messages.
More interestingly, DKIM is "neutral" too. The message body doesn't seem to be modified by the forwarding mail server as far as I can tell... guess this might be canonical's fault after all? It's been going on for months, how am I the only one that's noticed it?
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@canonical.com header.s=20210705 header.b=im31FPsM;
spf=neutral (google.com: XXX is neither permitted nor denied by best guess record for domain of ubuntu-security-announce-bounces@lists.ubuntu.com) smtp.mailfrom=ubuntu-security-announce-bounces@lists.ubuntu.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Better list software and forwarders allow rewriting "from" headers, it's generally better because of SPF/DKIM/DMARC to do so. You can leave the correct `Reply-To` and it should work fine for all list members using anything from this century.
Right now it seems that it's `lists.ubuntu.com` and `canonical.com` in both cases, Canonical could fix SPF and/or DKIM, for the very least for their own e-mails forwarded by their own relay.
It happens to even Google. If it's the same text you might be able to create a manual filter.
In the end the issue might be that some big vendor is sending similar letters that are *not* spam, so some simple bayesian or even a NN can't mark it confidently as spam.
There aren't enough words to describe how difficult the problem of spam really is.
One security aspect that I guess is out of scope for the audit is dealing with the threat model of a compromised server, which can insert a backdoor into the JavaScript code it delivers to the user.
A possible mitigation for this would be to support loading the site as a Secure Bookmark.[0] There might be technical and UX issues with doing this, but it would be interesting to know if it was at least possible to make it available as an option.
Lavabit. Iirc they were asked to compromise thier own server as part of the snowden investigation. Instead they closed up shop. I lost a couple email addresses with the, but was glad to do so rather than explain to legal clients how thier data was on an fbi-controlled sever. Sometimes the only way to win is not to play.
It is also one of the oldest concepts in scifi. I never met a hacker who wasnt also some sort of scifi fan. The people picking hacker groups names all read Hebert long ago. If you are old enough to have used lavabit, you probably know about sandworms.
Deploying via IPFS might also work? Though it'd require having a trustworthy backend storing state ... or I suppose auditing to ensure backend can't inject anything malicious into client layer.
From what I understand, some cryptocurrency DApps like Uniswap[0] are using this route.
Deploying via IPFS might work indeed, but you're then either reliant on a gateway or have to run IPFS yourself locally. I know that Brave now supports IPFS, but for most people a more lightweight solution would be to install the Signed Pages extension for Chrome or Firefox.[0]
I'm not sure if you actually need a trustworthy backend, or rather, if the frontend is encrypting its state before sending it to the backend, then the worst a malicious backend can do is delete or replay your data. By including timestamps and replicating your state to multiple independent backends, that risk can be largely mitigated.
Same here, on Android. But I mostly receive email and almost never send out emails on the phone; so I can see that others might need features that are totally irrelevant for me.
I think that for those of us without busy inboxes it’s not that bad of an experience. The only thing I ask myself is if it’s worth paying for a service such as this if I’m not as busy as other people seem to be.
Several other protonmail accounts have set up auto-forwarding to my protonmail inbox (whether accidentally or maliciously I don't know). PM has a feature that allows me to see who they are, but not remove the forwarding automatically. There does not seem to be any confirmation required to set up the forwarding, or any guard rails at all on the process.
While this is unrelated to the core security of the application from a technical perspective, to me it seems shockingly sloppy and evidence of a severe lack of security mindset within the development organization.
For comparison, gmail sends a confirmation code to the destination inbox that must be entered into the source email account.
So, the audit found (among other minor things) a pretty standard XSS vulnerability (on page 7) and lots of usages of `.innerHTML` which has been considered an insecure coding practice for eons.
While errors always happen and it is a good thing they found them during beta, I would definitely not say "the final report was overwhelmingly positive, and the audit uncovered no major issues or security vulnerabilities" (blog post).
Quite the opposite: XSS is the major attack vector of a web app for encrypted mail as it most probably enables access to plaintexts.
Am I misunderstanding the report here?
disclaimer: i work for a competitor and we discovered less severe attack vectors in the past but even then sent out notices to all users informing them about the timeframe of the vulnerability and such.
> Prior to their release, the source code of both the new ProtonMail and Proton Calendar underwent an extensive security audit. We are happy to announce the final report was overwhelmingly positive, and the audit uncovered no major issues or security vulnerabilities.
This report was done before the release of the new software, and important issues fixed. What they said was accurate given there was only one medium severity finding, and no highs or critical. For example, the site now returns a CSP preventing inline JS so this wouldn't work anymore even if they didn't fix the underlying XSS.
The fact that exploiting this required the user to intentionally right click and show the image in a new tab (since it already renders it inline w/o xss) is why it was categorized that way since it's unlikely someone would do this by default.
Most companies never disclose anything like this, so them disclosing there was a vulnerability found in a report they paid for and then published isn't really a strike against them and I'm fine with this language. It's a little marketing speak but I don't agree it's inaccurate for them to say so
Oh, yes, I did, sorry! I thought this was found in production code.
I do support them publishing this and like I said: The code is audited to find exactly these kinds of errors, so I am not at all trying to shame them here. Their process worked, they found and fixed the vulnerabilities.
OTOH, not having a proper CSP preventing inline JS, the innerHTML usages and that XSS together does not go too well with the overall extremely positive sound of the headlines. All those three are in the 101 of secure web app development.
Aaand, with the numbers of users they have, tons of them will right click and open in a new tab every hour. Its also easily exploitable: send an image with very small text. However, being in a different tab i am unsure how much info you would be able to steal, but sessions/tokens would be possible I guess.
The linked site is very low on info high on outrageous claims. It is not the same as gmail and protons response to that paper are accurate imo. The fact is web clients are inherently insecure but you can run your own client entirely afaik (https://github.com/ProtonMail/proton-mail). I don't think anybody has evidence of wrong doing but the service is proprietary so...
I am a long time ProtonMail customer, but I admit to switching back to Gmail every few months, then a while later switching back. I mostly use Apple's Calendar.
Because of the nature of their encryption, you can only search using email subject lines with their web clients. I run the Proton Bridge on my laptop just in case I need to search my email. Since most cellphones now have a lot of storage, I really wish the ProtonMail web client would optionally maintain a search index in local device storage (as an option). This would allow me to search my emails on any device. Or, they could make the Bridge available on iOS and Android - this would allow the use of any email clients on mobile and fix search.
PM iOS App works fine for me and frankly it’s nice.
We need more people using end-to-end encrypted communication, for these technologies to be useful. They are not effective if only one side wants to encrypt.
I think we should generally also support privacy products.
75 comments
[ 0.20 ms ] story [ 137 ms ] threadVery glad to see the security audit in any case.
In addition to the subpar UI, I was trying to import my (admittedly large) gmail mailbox into Protonmail, and it just did not work. I let it run for days, had to restart it, repeated the process for weeks, and after about 4 weeks I just had to give up…
It’s a shame because I really appreciate the security aspects of it, and the fact that they’re a small company / underdog.
But there’s just too much friction.
But it‘s not only the app that is bad, the web client was quite functional for a while apart from the missing login persistence. Then came the new UI now it just kind of works. Try to move/tag many mails after each other? Now you also have to deal with clicking away success boxes as they start piling up and overlapping the very UI elements you are trying to reach. There are threads but for some reason they are way more cumbersome to use than GMail’s. Everything is gigantic now as well. I haven‘t checked yet but during the beta I could just not find some settings anymore. Hope they got added before launch.
Once companies grow past a handful of employees they usually go from everyone being a generalist who can work on every part of all their product to having specialists who only can deal with some of what the company does.
The various sites that report corporate information put the number of Proton employees in the 160-250 range. They are almost certainly well into the specialist phase. The people working on calendar and VPN and whatever would likely not be able to help with mobile email if they were shifted to that. If mobile email needs more work than those currently working on it can do, Proton needs to bring in more mobile and/or email specialists.
It would only make sense then to stop calendar and VPN work if they do not have sufficient budget to bring in people to help with mobile email and need to lay off people from other projects to free up the money.
Interesting point.
At the same time, I think it won't take long at all for someone who develops a calendar mobile app to switch to working on an email mobile app. -- But maybe you meant the email web client? (Web vs native development?)
I think you're right that a VPN and related Linux kernel and networking is a different type of specialization, yes.
On this subject, I thought the recent upgrade of the email web client was nice. Maybe we can hope for something similar with mobile soon?
(How many emails do you get per day?)
The UI is still clunky, and paging through the inbox is really terrible. Now they will promote their bridge to allow you to use Outlook or whatever, but that's not a solution for some of us.
I assume their need for revenue is what drives the features-before-improvements approach, but I know it is costing them some potential customers.
Nowadays I only use PM for special occasions, such as needing a temporary private email conversation with someone (who also sets up a new temp PM account).
I have found Tutanota to be much better in terms of usability. I can't speak for their security quality compared to PM, but honestly, unless you're only communicating with other local users, your emails are unencrypted at the other end. So the whole encryption topic is moot in many cases.
The whole complaint above is about the web UI and mentions that the bridge isn't an option/solution for everyone.
That and the total lack of useful search sent me back to big G.
Just how bad is the search? Google's Gmail search is hot garbage.
I have 1 starred email with the subject "benefits info" that contains some info I reference semi regularly. I can't search and find it, even if I copy the subject and paste it into search.
My partner has similar issues, the search is mostly useless.
* Clarification: it's not that my search results are polluted other emails, that specific email does not show up at all in the results.
The hacker's solution would be to put sqlite inside a truecrypt volume I suppose.
Edit: mount it over sshfs if you need end-to-end encryption. And pray that truecrypt and sqlite have optimized their read/write operations well enough.
Maybe I'll reevaluate switching again, thanks!
The packages are pretty good value IMO. For something like 100 euros per year you get secure email, two custom domains, and VPN. For someone who just needs exactly that for their personal websites and daily driver usage it’s great.
Really what would be better called for here is a new protocol that can degrade gracefully, but it seems they've only given us a new app. Still it is nice to have people working on the problem.
Does Autocrypt meet that definition?
https://autocrypt.org/
Sadly, for the last 3 years, ProtonMail has resisted implementing it (unlike Posteo, for example), using FUD tactics to justify themselves:
https://github.com/ProtonMail/WebClient/issues/120
When I moved an old e-mail domain to ProtonMail, the number of spam e-mails hitting my inbox increased dramatically. So it's not even close to as good as its competitors in this regard.
I moved to Tutanota. I now get even more spam :(. Google, Zoho and Yandex handle spam better (IMHO).
Regarding ProtonMail, they will tell you something like this:
And as we all know, spam is always sent from the same address, right? The Blocklist is useless in this context. They just need to improve their spam filter. The rest is fine (IMHO).All blocklists are useless in some contexts. There's not even a silver-ish bullet against spam. Sender blacklist however is one of the most effective ones, but at some point yeah you might have to create filters to match certain subjects and stuff.
I guess ProtonMail could hire someone to just improve spam filtering, that'd be the only thing that'd rise the filtering quality really.
(I do realize I can create an explicit filter rule to avoid this, but at this point I just want to see how it plays out.)
More interestingly, DKIM is "neutral" too. The message body doesn't seem to be modified by the forwarding mail server as far as I can tell... guess this might be canonical's fault after all? It's been going on for months, how am I the only one that's noticed it?
(edited to fix formatting)Right now it seems that it's `lists.ubuntu.com` and `canonical.com` in both cases, Canonical could fix SPF and/or DKIM, for the very least for their own e-mails forwarded by their own relay.
In the end the issue might be that some big vendor is sending similar letters that are *not* spam, so some simple bayesian or even a NN can't mark it confidently as spam.
There aren't enough words to describe how difficult the problem of spam really is.
A possible mitigation for this would be to support loading the site as a Secure Bookmark.[0] There might be technical and UX issues with doing this, but it would be interesting to know if it was at least possible to make it available as an option.
[0] https://coins.github.io/secure-bookmark/
https://www.cbc.ca/news/business/lavabit-founder-fought-9-mo...
https://en.wikipedia.org/wiki/Sandworm_(hacker_group)
Use PFS..
From what I understand, some cryptocurrency DApps like Uniswap[0] are using this route.
[0] https://github.com/Uniswap/uniswap-interface
I'm not sure if you actually need a trustworthy backend, or rather, if the frontend is encrypting its state before sending it to the backend, then the worst a malicious backend can do is delete or replay your data. By including timestamps and replicating your state to multiple independent backends, that risk can be largely mitigated.
[0] https://github.com/tasn/webext-signed-pages
While this is unrelated to the core security of the application from a technical perspective, to me it seems shockingly sloppy and evidence of a severe lack of security mindset within the development organization.
For comparison, gmail sends a confirmation code to the destination inbox that must be entered into the source email account.
While errors always happen and it is a good thing they found them during beta, I would definitely not say "the final report was overwhelmingly positive, and the audit uncovered no major issues or security vulnerabilities" (blog post).
Quite the opposite: XSS is the major attack vector of a web app for encrypted mail as it most probably enables access to plaintexts.
Am I misunderstanding the report here?
disclaimer: i work for a competitor and we discovered less severe attack vectors in the past but even then sent out notices to all users informing them about the timeframe of the vulnerability and such.
> Prior to their release, the source code of both the new ProtonMail and Proton Calendar underwent an extensive security audit. We are happy to announce the final report was overwhelmingly positive, and the audit uncovered no major issues or security vulnerabilities.
This report was done before the release of the new software, and important issues fixed. What they said was accurate given there was only one medium severity finding, and no highs or critical. For example, the site now returns a CSP preventing inline JS so this wouldn't work anymore even if they didn't fix the underlying XSS.
The fact that exploiting this required the user to intentionally right click and show the image in a new tab (since it already renders it inline w/o xss) is why it was categorized that way since it's unlikely someone would do this by default.
Most companies never disclose anything like this, so them disclosing there was a vulnerability found in a report they paid for and then published isn't really a strike against them and I'm fine with this language. It's a little marketing speak but I don't agree it's inaccurate for them to say so
Oh, yes, I did, sorry! I thought this was found in production code.
I do support them publishing this and like I said: The code is audited to find exactly these kinds of errors, so I am not at all trying to shame them here. Their process worked, they found and fixed the vulnerabilities.
OTOH, not having a proper CSP preventing inline JS, the innerHTML usages and that XSS together does not go too well with the overall extremely positive sound of the headlines. All those three are in the 101 of secure web app development.
Aaand, with the numbers of users they have, tons of them will right click and open in a new tab every hour. Its also easily exploitable: send an image with very small text. However, being in a different tab i am unsure how much info you would be able to steal, but sessions/tokens would be possible I guess.
Is this just conspiracy theories, or is there something to actually be concerned about?
Because of the nature of their encryption, you can only search using email subject lines with their web clients. I run the Proton Bridge on my laptop just in case I need to search my email. Since most cellphones now have a lot of storage, I really wish the ProtonMail web client would optionally maintain a search index in local device storage (as an option). This would allow me to search my emails on any device. Or, they could make the Bridge available on iOS and Android - this would allow the use of any email clients on mobile and fix search.
We need more people using end-to-end encrypted communication, for these technologies to be useful. They are not effective if only one side wants to encrypt.
I think we should generally also support privacy products.