Fighting Censorship with ProtonMail Encrypted Email Over Tor

As part of our efforts to continue protecting user privacy, we are launching a Tor hidden service to combat censorship and surveillance of ProtonMail users.

In the past two years, ProtonMail has grown enormously, especially after the recent US election, and today we are the world’s largest encrypted email service with over 2 million users. We have come a long way since our user community initially crowdfunded the project. ProtonMail today is much larger in scope than what was originally envisioned when our founding team met at CERN in 2013.

As ProtonMail has evolved, the world has also been changing around us. Civil liberties have been increasingly restricted in all corners of the globe. Even Western democracies such as the US have not been immune to this trend, which is most starkly illustrated by the forced enlistment of US tech companies into the US surveillance apparatus. In fact, we have reached the point where it simply not possible to run a privacy and security focused service in the US or in the UK.

At the same time, the stakes are also higher than ever before. As ProtonMail has grown, we have become increasingly aware of our role as a tool for freedom of speech, and in particular for investigative journalism. Last fall, we were invited to the 2nd Asian Investigative Journalism Conference and were able to get a firsthand look at the importance of tools like ProtonMail in the field.

Recently, more and more countries have begun to take active measures to surveil or restrict access to privacy services, cutting off access to these vital tools. We realize that censorship of ProtonMail in certain countries is not a matter of if, but a matter of when. That’s why we have created a Tor hidden service (also known as an onion site) for ProtonMail to provide an alternative access to ProtonMail that is more secure, private, and resistant to censorship.

Tor Hidden Service for Encrypted Email

Starting today, it is also possible to connect to ProtonMail directly through the Tor network using our new onion site. In order to use our onion site, you need to first set up Tor on your computer. Instructions for using ProtonMail encrypted email with Tor can be found here. After Tor is properly set up, ProtonMail’s onion site can be visited at the following URL:

https://protonirockerxow.onion

We would like to give a special thanks to Roger Dingledine and the Tor Project for creating the Tor software and also providing insightful comments and suggestions regarding ProtonMail’s onion site implementation.

Tor Email Privacy

There are several reasons why you might want to use ProtonMail over Tor. First, routing your traffic to ProtonMail through the Tor network makes it difficult for an adversary wiretapping your internet connection to know that you are using ProtonMail. Tor applies extra encryption layers on top of your connection, making it more difficult for an advanced attacker to perform a man-in-the-middle attack on your connection to us. Tor also makes your connections to ProtonMail anonymous as we will not be able to see the true IP address of your connection to ProtonMail.

Tor can also help with ProtonMail accessibility. If ProtonMail becomes blocked in your country, it may be possible to reach ProtonMail by going to our onion site. Furthermore, onion sites are “hidden” services in the sense that an adversary cannot easily determine their physical location. Thus, while protonmail.com could be attacked by DDoS attacks, protonirockerxow.onion cannot be attacked in the same way because an attacker will not be able to find a public IP address.

Note, it is also possible to visit ProtonMail via Tor at our regular site, https://protonmail.com, but there are several advantages to using the onion site. First, onion site connections provide true end-to-end encryption on the Tor level, meaning that the extra encryption that Tor applies is present until your connection reaches our infrastructure, whereas a non-onion Tor connection does not have Tor encryption beyond the last node. Secondly, Tor also provides end-to-end authentication, with helps to mitigate some of the weaknesses with the existing Certificate Authority system that is used to secure most of the Internet (more about this later).

Using Tor does come with some downsides however. Tor connections typically are much slower than a standard internet connection, so performance will suffer as a result. ProtonMail’s onion site is still considered to be experimental, so its reliability may not be as high as our standard site.

Since our onion site is still experimental, we are not making any recommendations yet regarding the use of ProtonMail’s onion site. Even without using Tor, your ProtonMail inbox is still strongly protected with PGP end-to-end encryption, secure authentication (SRP), and optional two-factor authentication. However, ProtonMail definitely has users in sensitive situations where the extra security and anonymity provided by Tor could literally save lives.

ProtonMail’s Onion Site – Technical Details

In implementing ProtonMail’s onion site, we took a few additional precautions to ensure the highest level of security to protect against advanced threats.

HTTPS with Tor

As an added security feature, we have decided to offer our onion site with HTTPS only. To accomplish this, we partnered with SSL Certificate provider Digicert to provide a valid certificate for https://protonirockerxow.onion. Previously, Digicert issued the first-ever onion SSL certificate to Facebook and we’re glad that Digicert was able to do the same for ProtonMail.

ProtonMail’s .onion SSL certificate has Extended Validation so you will get the green bar in your browser, and it provides an additional layer of protection against phishing because you can be certain that the onion site you are connecting to belongs to us. For extra security, you can also manually verify the SSL certificate for protonirockerxow.onion with the following SHA256 hash.

Fingerprints

SHA-256

57:EE:4B:D5:5C:2C:31:A5:54:32:61:B8:B5:B7:AB:DA:1E:CB:EB:0D:71:13:17:AD:A1:04:49:2D:D6:B3:29:42

SHA-1

CB:9D:60:2C:01:A4:B2:BC:B5:7F:E7:CB:8A:EB:BA:58:45:03:51:C2

While HTTPS is not strictly necessary for onion sites, we decided to make it mandatory for ProtonMail for several reasons:

First, we will likely take advantage of the ability to keep the location of onion sites secret by hosting protonirockerxow.onion away from our current infrastructure in an undisclosed location and country. In this situation, HTTPS adds an additional encryption layer to protect the traffic between the onion front end and our core infrastucture. HTTPS also allows us to continue enforcing the usage of secure cookies, which improves user security.

Secondly, we believe in security in depth. For this reason, we don’t believe HTTPS is entirely redundant for onion sites. If someday Tor were to be compromised, enforcing HTTPS adds another layer of security for the end user. Similarly, Tor also provides security in case HTTPS is compromised. The notion of HTTPS being compromised is one that we take seriously, considering that there are hundreds of CAs (Certificate Authorities) that are trusted by default, with many of them under direct government control in high risk countries.

Thus, by using our onion site, your emails are protected by three layers of end-to-end encryption, there’s Tor’s encryption on the outer layer, HTTPS in the middle layer, and PGP as the final layer of defense for the emails themselves.

Tor Phishing Resistance

Onion site addresses are 16-character hashes of encryption keys that typically look like this: 3ens52v5u7fei76b.onion. The problem is that there is no good way to differentiate between

3ens52v5u7fei76b.onion

and

3lqpblf7bsm532xz.onion

as to the human eye, both are equally unrecognizable. This opens up a phishing risk because a phishing site can trivially be created and unless the 16-character random URL is checked carefully each time, users cannot be certain they are visiting the correct onion site. From a usability standpoint, it is not really realistic to expect users to perform this check every single time.

To bypass this problem, we used ProtonMail’s spare CPU capacity to generate millions of encryption keys and then hashed them, using a “brute force” approach to find a more human readable hash for our onion address. The end result, after expending considerable CPU time, is the following address which is much more resistant to phishing:

protonirockerxow.onion

as it can be easily remembered as:

proton i rocker xow

Thus, to be sure that you are visiting ProtonMail’s official onion site (as opposed to some phishing site), make sure the onion site has the correct domain name, and also has a valid SSL certificate issued to Proton Technologies AG.

What’s Next?

You can find a more simplified and condensed version of all of this on the following webpage we have created to give the 30-second summary of ProtonMail’s Tor support:

In the coming months, we will be hard at work making additional security and privacy enhancements to ProtonMail, including finishing some of the leftover items from our 2016 Security Roadmap. Moving forward in 2017, we will be putting added focus on making ProtonMail more censorship resistant, and providing our user community with the tools required to connect securely to ProtonMail, even from compromised locations.

Best Regards,
The ProtonMail Team