Encrypted Email Service Providers

EQ Admin

EQ Forum Admin
Staff member
-Our front end code is audited,
-Our back end is also audited,

I think I need to change these categories a bit. Create a new feature line for "Code is Open Source", and drop the "public" from the audit lines?

As is, some providers are open source (anyone can view the source) and some services have 3rd party audits but others can't confirm for themselves.
 

EQ Admin

EQ Forum Admin
Staff member
Or keep the public / open source as is, and create a secondary listing for 3rd party audit?
 

EQ Admin

EQ Forum Admin
Staff member
@ProtonMail I think this is a false claim, unless you consider the "competing" services to be Gmail and not the other encrypted email service providers.

Anonymous
No tracking or logging of personally identifiable information.
Unlike competing services, we do not save any tracking information. We do not record metadata such as the IP addresses used to log into accounts. We also have no way to scan encrypted messages to serve targeted advertisements. To protect user privacy, ProtonMail does not require any personally identifiable information to register.
 

EQ Admin

EQ Forum Admin
Staff member
I added Company HQ, Data Center Locations, and Legal Jurisdiction.

I'm curious to see how much overlap there is within a service (legal vs. HQ, etc)
 

ProtonMail

Email Service Provider
Hi there, we are still noticing a couple of errors on the ProtonMail column.

Specifically:

Company HQ - Geneva, Switzerland
Regenerate RSA keys - Yes
OpenPGP compatibility - Yes
PGP Standard - Yes
Front-end public audit - Yes
Back-end public audit - Yes
Free storage quota - 1GB

It would be great if these could be corrected as we would love to recommend this site and guide to our 500,000 users when the information is correct.

Best,
ProtonMail
 

EQ Admin

EQ Forum Admin
Staff member
Thank you for the quick responses, it's appreciated. I see you noticed the additional rows being added. Please fee free to suggest more feature rows.

Company HQ - Geneva, Switzerland
Free storage quota - 1GB

These two are updated.

Front-end public audit - Yes
Back-end public audit - Yes

According to your web site there has been an independent 3rd party audit.

I added a new row for "3rd Party Audit" and changed "public" to "open source" in the rows above to make them more clear.

That allows ProtonMail to show there has at least been a 3rd party audit (vs. closed source and no audit at all), and allow the services with open source published code to have that feature listed.

Regenerate RSA keys - Yes

Can you please detail the procedure? I don't see how to do this in my account. I'm using ProtonMail v1.16 and this is what I see:

ProtonMail Keys and Security.jpg


PGP Standard - Yes

I checked this one for the moment. I think it could use a "more info" link.

OpenPGP compatibility - Yes

Can ProtonMail as of v1.16 detect if another service, such as Whiteout Mail, is the recipient mail hosting and send an encrypted email message directly instead of turning outside messages into a "Secure Reply" notification email + link that can be clicked?
 

EQ Admin

EQ Forum Admin
Staff member
I received the following updates from Oliver at Whiteout :

Data Center Locations: Germany
Legal Jurisdiction Germany
Zero-Knowledge Systems Yes
AES-256 encrypted storage Yes
Encrypted Mailbox Yes
Encrypted Metadata No
Encrypted Attachments (more info) Yes
Encrypted Contacts No
RSA 4096 Keys (more info) No
Own RSA Keys Yes
Regenerate RSA Keys
OpenPGP compatibility (more info) Yes
PGP Standard Yes
Two Factor Authentication (MFA) Yes
Frontend Audit (open source) Yes
Backend Audit (open source) No
3rd Party Audit Yes
HIPAA Compliant Email not certified
Do Not Track No
Secure Reply Yes
Expiring Emails (more info) No
Disposable Email Addresses No
Session Expiration No
Free Storage Quota "Bring your own storage" with our free client option
Multilingual Interface No
Compose HTML Email No
Search Email Yes
Spam filtering Yes
Custom Folders / Labels No
Draft Email No
Android App Yes
iOS App Yes
IMAP Mail Server Yes
Import contact list No
 

EQ Admin

EQ Forum Admin
Staff member
Where did "PGP Standard" originate from? Was this used to mean the system supports PGP encrypted emails between users on the same system, but not sending/receiving encrypted emails to/from other email services?

To clear up some consistent confusion I did the following:

I removed the row "PGP Standard".

I'm now using "OpenPGP Compatibility" to mean the system supports PGP encrypted emails sent to other users within the same service.

I added "3rd Party Interoperability" to mean the service supports sending & receiving encrypted email to & from other encrypted email service providers.
 

EQ Admin

EQ Forum Admin
Staff member
Can ProtonMail as of v1.16 detect if another service, such as Whiteout Mail, is the recipient mail hosting and send an encrypted email message directly instead of turning outside messages into a "Secure Reply" notification email + link that can be clicked?

If I send an email from ProtonMail to Whiteout mail, I receive a "Secure Reply" style email notification, not a prompt to decrypt an email with a known pin or key saved in my contacts:

ProtonMail 3rd party inter-op.jpg
 

EQ Admin

EQ Forum Admin
Staff member
Update from @Tutanota (I'll check these today):

ata Center Locations: Germany
Legal Jurisdiction Germany
Zero-Knowledge Systems Yes
AES-256 encrypted storage - AES-128 storage
Encrypted Mailbox Yes
Encrypted Metadata Yes
Encrypted Attachments (more info) Yes
Encrypted Contacts Yes
RSA 4096 Keys (more info) - RSA 2048 Keys
Own RSA Keys No
Regenerate RSA Keys No
OpenPGP compatibility (more info) No, but planned
PGP Standard No
Two Factor Authentication (MFA) No, but planned
Frontend Audit (open source) Yes
Backend Audit (open source) No
3rd Party Audit Yes
HIPAA Compliant Email not certified
Do Not Track - What do you mean by this? We do not track our users at all, we do not log/store ip addresses.
Secure Reply Yes
Expiring Emails (more info) No
Disposable Email Addresses No
Session Expiration No
Free Storage Quota 1 GB
Multilingual Interface Yes
Compose HTML Email No
Search Email No
Spam filtering Yes
Custom Folders / Labels Yes
Draft Email No
Android App Yes
iOS App Yes
IMAP Mail Server No
Import contact list No
 

SCRYPTmail

Email Service Provider
why people like to put encrypted metadata?! it's clearly misleading as the way 99% of providers handle new emails it is impossible to encrypt recipient and sender
 

EQ Admin

EQ Forum Admin
Staff member
it's clearly misleading as the way 99% of providers handle new emails it is impossible to encrypt recipient and sender

Can you reply with a detailed post that describes everything SCRYPTmail does for encrypted metadata (the requirements to get a green check mark for this feature) and I'll link to it as the "more info" ?
 

EQ Admin

EQ Forum Admin
Staff member
Can you please detail the procedure? I don't see how to do this in my account. I'm using ProtonMail v1.16 and this is what I see:

In @ProtonMail, resetting your password will also change your keys. A side effect is that all existing email becomes unencrypted.

Step #3) You will then be shown a warning message that will inform you that resetting your Mailbox Password is permanent, and will render all encrypted messages in your inbox, permanently unencrypted.
 

SCRYPTmail

Email Service Provider
In @ProtonMail, resetting your password will also change your keys. A side effect is that all existing email becomes unencrypted.
How it is possible? if you resetting password, is it mean you forgot old pass? If this is true, how they can decrypt messages?

Ps. right now it said:
You will then be shown a warning message that will inform you that resetting your Mailbox Password is permanent, and will render all encrypted messages in your inbox, permanently encrypted.
which doesn't make too much sense either
 

EQ Admin

EQ Forum Admin
Staff member
I fixed the last word when I was quoting because I thought there was a typo. They corrected me. If I understand correctly, if you reset your @ProtonMail password, you lose access to existing emails. They become permanently encrypted.

I'll test this out later tonight or tomorrow to clear up the action & result questions.
 
Top