Skip to content or view screen version

Proton Mail Down

Crow | 07.11.2015 14:10 | Technology

Protonmail was hit by a DDOS attack and at time of writing it was still down.

On Thursday 5th of November Protonmail suffered two DDOS attacks from two different sources. The first and smaller one is thought to be by the Armada Collective. A ransom of 15 Bitcoin or $6000 was paid by Protonmail but the attack continued. The second attack was so massive it is believed that only a state could be responsible for it.
For those of you that have not heard of Protonmail it is a free fully encrypted email service. It is believed by Proton mail that many dissidents in totalitarian states use it to communicate and that this is the reason for the attack. Proton’s developers insist that the encryption has not been broken and that people’s emails are not in danger of being compromised.
So how safe is Protonmail?
Proton was set up partly in response to the revelations of Edward Snowden by researches in CERN (the home of the Hadron Collider) in Switzerland. Switzerland has very strong privacy laws and is outside (officially at least) of EU and US jurisdiction making it a good choice for server location.
On the technology front it has end to end encryption using public and private keys. For Proton to Proton email exchanges an implementation of PGP (Pretty Good Privacy) is used. PGP is a version of public/private key exchange. The way this works is that you let everyone know your public key. They compose an email and encrypt it with the public key; the public key is like a safe, the key to which is the private key, which you and you alone have. The message can only be decrypted by this private key. In the past it was a bit of difficult process and put many people off. The beauty of Proton is that this is all done for you and the interface is as easy to use as a normal everyday email. The public key is stored on their servers. The private key is also stored at Proton but it is encrypted by your mailbox password when you create your account so they have no access to either the password or your encrypted emails.
For communication between Proton and another email account, for example, Google, you have to create a password for that message and somehow convey it to the recipient. This obviously less secure; do you really want to send sensitive information via a service such as Google? The answer for most people would be – no. The obvious thing to do is to sign up for Proton. This is easy enough and doesn’t require you to provide a phone number or another email account. Because of the demand it can take up to two weeks to get an account but considering the benefits it is worth the wait. Unfortunately at the moment the site is still inaccessible. To keep up to date on Proton’s status follow this link