ProtonMail and Anonymity

Peter Lebbing peter at
Sun Sep 1 15:18:36 CEST 2019

Hello Stefan,

On 01/09/2019 14:14, Stefan Claas via Gnupg-users wrote:
> Also interesting.

If you post URL's to this mailing list, could you please provide a short
description of what can be found at the URL? This prevents the situation
that people should visit the URL to know if they want to visit the URL,
and helps a lot when searching the archives.

In this case, since it's a scientific paper, I think the following would
be a good way to share it (I used the BibTeX citation to quickly get all
the relevant fields). But at least include a short description, please.


A scientific paper by Nadim Kobeissi published in 2018 in the Cryptology
ePrint Archive, titled "An Analysis of the ProtonMail Cryptographic

ProtonMail is an online email service that claims to offer end-to-end
encryption such that "even [ProtonMail] cannot read and decrypt [user]
emails." The service, based in Switzerland, offers email access via
webmail and smartphone applications to over five million users as of
November 2018. In this work, we provide the first independent analysis
of ProtonMail's cryptographic architecture. We find that for the
majority of ProtonMail users, no end-to-end encryption guarantees have
ever been provided by the ProtonMail service and that the
"Zero-Knowledge Password Proofs" are negated by the service itself. We
also find and document weaknesses in ProtonMail's "Encrypt-to-Outside"
feature. We justify our findings against well-defined security goals and
conclude with recommendations.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list