Swiss-based PGP end-to-end encrypted email provider,ProtonMail, now has an onion address, allowing users to access its service via a direct connection to the Tor anonymizing network ― in what it describes asan active measure aimed at defending against state-sponsored censorship.
The startup, which has amassed more than two million users for its e2e encrypted email service so far, launching out of beta just over a year ago ,says it’s worried about an increased risk of state-level blocking of pro-privacy tools ―pointing to recent movessuch as encryption messaging app Signal being blocked in Egypt , and the UK passing expansivesurveillance legislation that mandates tracking of web activity and can also require companies to eschew e2eencryption andbackdoor products.
The service also sawabump in sign ups after the election of Donald Trump as US president, last fall ― withweb users apparently seekinga non-US based secureemail provider in light of the incoming commander-in-chief’s expansion digital surveillance powers.
“Given ProtonMail ‘s recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this” says c o-founder Andy Yen in a statement on the launch. “Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step.”
Users of the Tor browser can now reach ProtonMail directly using its new onionaddress:https://protonirockerxow.onion
It’s alsowritteninstructions onhow to set up ProtonMail over Tor here .
Users accessing ProtonMail via Tor will have their connections anonymized ― meaning the email servicewon’t be able to see (and thus couldn’t be forced to divulge) theirtrue IP address.
Of course it’s still possible to browse to ProtonMail’s main website via Tor but it points out the directonion address has a few advantages ― such as providing e2e encryption on the Tor level; meaning the encryption applied by Toris present until theconnection reaches ProtonMail’sinfrastructure(vs a non-onion Tor connection not havingTor encryption beyond the last node), therebymaking it hard for an attacker to perform a man-in-the-middle attack ona user’s connection.
The onion site also provides end-to-end authentication, which ProtonMailsays helps mitigate some of the weaknesses with the existing Certificate Authority (CA) system that’s used across much of the Internet ― pointing out thatmanyCAsare trusted by default and some can be under direct government control. For this reasonit’s also using an onion site with HTTPS only ― also as a backup in case Tor itself is ever compromised.
“If someday Tor were to be compromised, enforcing HTTPS adds another layer of security for the end user. Similarly, Tor also provides security in case HTTPS is compromised. The notion of HTTPS being compromised is one that we take seriously, considering that there are hundreds of CAs thatare trusted by default, with many of them under direct government control in high risk countries,” itwrites in a blog about the launch.
“Thus, by using our onion site, your emails are protected by three layers of end-to-end encryption, there’s Tor’s encryption on the outer layer, HTTPS in the middle layer, and PGP as the final layer of defense for the emails themselves.”
Another motivating factor it flags for launching theTor hidden serviceis to bolster itsdefenses against DDoS attacks ― given it’s harder for attackers to determine the physical locationand IP address of the onion site, so itcould offer a workaround for accessing ProtonMail in the event ofa sustained DDoS attack taking its web addressoffline.
ProtonMail suffered a major incident on that front back inNovember 2015, with theemail service going down for more than 24 hours. Yen tells TechCrunch it still gets major DDoS attacks “routinely”, although he reckonsitsdefenses and network are now able to withstand them “without user impact”.
“That said, the resistance of Tor to standard DDoS attacks is something that is interesting to us, particularly since DDoS attacks have continually grown in size over the past year,” he adds, although he emphasizes it is still a “secondary motivation compared to the concerns we have about compromises in the certificate authority system and government mandated blocking”.
ProtonMail’sonion site is described as “experimental” at this point, so it’s warning reliability “may not be as high as our standard site”― even above and beyond the typically slower connectionTor users generally get.
“Even without using Tor, your ProtonMail inbox is still strongly protected with PGP end-to-end encryption , secure authentication (SRP), and optional two-factor authentication . However, ProtonMail definitely hasusers in sensitive situations where the extra security and anonymity provided by Tor could literally save lives,” it adds.