ProtonMail

ProtonMail is an end-to-end encrypted email service founded in 2014 by CERN and MIT scientists at the European Organization for Nuclear Research in Geneva. It was built specifically to resist mass surveillance, and its architecture ensures that even Proton's own servers cannot read the contents of your messages. For anyone preparing a crisis exit, email remains a necessary communication channel — account recovery, document sharing, coordination with lawyers or consulates — and ProtonMail is the most accessible way to handle it without linking your real identity.

What makes ProtonMail especially relevant for crisis scenarios is the combination of strong encryption with a user experience that feels like regular email. You don't need to manage PGP keys manually or understand cryptographic protocols. The service handles key generation, key exchange between Proton users, and encrypted storage automatically. Messages between ProtonMail accounts are encrypted end-to-end by default. Messages to external providers can be sent with password-protected encryption, which means your recipient doesn't need a ProtonMail account to read a secure message.

ProtonMail should be one of the first accounts you create when building an anonymous digital identity. It serves as a foundation — many other privacy services accept a ProtonMail address for registration, allowing you to bootstrap an entire anonymous toolkit from a single email account that isn't tied to your real name, phone number, or payment card.

ProtonMail uses a zero-access encryption architecture built on OpenPGP (RFC 4880) with AES-256 and RSA-2048 or higher for key pairs. Your mailbox is encrypted with your private key, which is itself encrypted with your account password and never stored in plaintext on Proton's servers. This means that even if Proton's servers were seized or breached, the attacker would get encrypted blobs — not readable email. Emails between ProtonMail users are encrypted end-to-end automatically using the recipient's public key, with no action required from either party.

For messages to non-Proton recipients, you can enable password-protected encryption, which generates a symmetric key from a shared password and hosts the encrypted message on Proton's servers with a link. TLS is used for all connections in transit, and Proton also supports PGP encryption for external recipients who have their own PGP keys. Forward secrecy is implemented at the TLS layer for connections, though the underlying PGP model does not provide per-message forward secrecy — if your private key is ever compromised, past messages could theoretically be decrypted if the attacker also has the ciphertext.

ProtonMail allows account creation without a phone number or existing email address. During registration, Proton may request a verification method — email, phone, or CAPTCHA — depending on the IP address and current abuse detection signals. When signing up over Tor or a VPN, you'll more frequently see the CAPTCHA or phone verification prompt, but it's still possible to create an account using only a CAPTCHA. The service does not require a real name; you can use any pseudonym.

ProtonMail does log the time of the last login and the total number of messages, but it does not log IP addresses by default. In a 2021 case involving French climate activists, Proton complied with a Swiss court order to log the IP address of a specific account — but this required an active legal process targeting that account, not bulk surveillance. The incident underscored that while Proton cannot read your emails, it can be compelled to log metadata going forward. The mitigation is straightforward: always access ProtonMail through a VPN or Tor, which Proton explicitly supports via their onion site at protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion.

Proton open-sourced its web client, iOS app, Android app, and bridge application between 2019 and 2021. The cryptographic libraries (openpgp.js and gopenpgp) are also open source. The server-side code remains proprietary, which is a common criticism, though the zero-access architecture means the server's role is primarily storage and routing of already-encrypted data. Independent security audits have been conducted by SEC Consult (2019) and Securitum (2021, 2022), with results published publicly. Proton also runs a bug bounty program through HackerOne.

The open-source clients allow independent verification that encryption happens client-side before data reaches Proton's servers. Reproducible builds are available for the Android app via F-Droid. The web client can be self-audited by inspecting network traffic, which is how the security community verified that the client-side encryption claims hold up in practice.

Proton Technologies AG is incorporated in Geneva, Switzerland, and operates under Swiss law. Switzerland is not a member of the EU, the Five Eyes, Nine Eyes, or Fourteen Eyes intelligence-sharing alliances. Swiss privacy law (the Federal Act on Data Protection, or FADP) is among the strongest in the world, and accessing someone's email data requires a Swiss court order — foreign governments cannot directly compel Proton to hand over data.

Proton publishes a transparency report documenting the number of legal requests received and complied with. In 2023, Proton received over 6,000 requests and contested a significant portion in Swiss courts. The company has stated that it cannot comply with requests for email content because the encryption architecture makes content inaccessible to them. Metadata requests (such as the IP logging case) are a different matter and have been complied with when ordered by Swiss authorities. Proton maintains a warrant canary for national security requests.

ProtonMail has been operational since 2014, making it one of the longest-running encrypted email services. It has never suffered a major data breach exposing user emails. The 2021 French IP logging incident damaged trust in some privacy circles, but it also demonstrated that the encryption architecture worked as designed — the French authorities received an IP address, not email contents. Proton responded by updating its privacy policy to be more explicit about what it can and cannot protect against, and by emphasizing VPN and Tor usage.

The service is widely used by journalists, activists, and whistleblowers in authoritarian regimes. It has been endorsed by the Electronic Frontier Foundation, and its cryptographic approach has been validated by multiple independent researchers. Proton's decision to expand into VPN, Drive, Calendar, and Pass has raised questions about scope creep, but the core email service remains focused and well-maintained with a team of over 400 employees.

ProtonMail is designed to feel like Gmail. The web interface is clean and modern, with folders, labels, search, and filters. Composing, reading, and organizing email works exactly as you'd expect from any mainstream email provider. The encryption is invisible to the user — there are no key management steps, no manual encryption toggles for Proton-to-Proton messages, and no terminal commands. For someone migrating from Gmail or Outlook, the transition is smooth.

The Proton Bridge application extends compatibility to desktop email clients like Thunderbird, Apple Mail, and Outlook by decrypting mail locally via IMAP/SMTP. Mobile apps for iOS and Android are polished and regularly updated. The free tier provides 1 GB of storage and one email address, which is sufficient for a crisis communication setup. Proton also offers a simplified onboarding flow that walks new users through importing existing email and setting up two-factor authentication.

ProtonMail is accessible via web browser on any operating system, with dedicated apps for iOS (iPhone and iPad) and Android. Desktop users on Windows, macOS, and Linux can use the web interface directly or install Proton Bridge to integrate with native email clients. The Bridge application is available for Windows, macOS, and Linux. All platforms have feature parity for core email functionality — sending, receiving, encryption, and search all work identically.

The Proton web client also has a dedicated Tor onion address, which provides an additional layer of anonymity when accessing your inbox from a browser configured to route through Tor. Mobile apps can be obtained from the App Store, Google Play, or F-Droid (for Android users who want to avoid Google services entirely). Calendar and contact encryption sync across all platforms through the same account.

ProtonMail's free tier is genuinely usable for crisis purposes — 1 GB of storage, 150 messages per day, and one email address. No payment information is required to use the free tier, which means you can maintain a fully anonymous email account indefinitely at no cost.

For paid plans (which unlock custom domains, more storage, and Proton VPN), Proton accepts Bitcoin and cash payments mailed to their Geneva office. Cash is the most anonymous option — Proton publishes a mailing address where you can send euros, US dollars, or Swiss francs in an envelope with your account username written on a slip of paper. Bitcoin payments go through BitPay, which does not require identity verification on Proton's end. These options make it possible to upgrade your account without creating any financial link to your real identity.

Start by accessing ProtonMail's signup page through a VPN or Tor Browser to avoid associating your real IP with the new account. Navigate to proton.me/mail and click "Create a free account." Choose a username that has no connection to your real name, existing usernames, or identifiable patterns. Set a strong, unique password — at least 20 characters generated by a password manager. When prompted for a recovery method, skip it entirely or use another anonymous ProtonMail address if you already have one. Recovery methods create links between accounts, so omit them if you're building a clean identity.

During registration, you'll likely encounter a CAPTCHA or verification prompt. Complete the CAPTCHA if offered — it requires no personal information. If you're prompted for phone or email verification and you don't have an anonymous option, try registering again from a different Tor exit node or VPN server, as verification requirements vary by IP reputation. Once your account is created, immediately enable two-factor authentication in Settings > Security using an authenticator app like Aegis (not SMS, which is tied to a phone number).

After your account is active, test it by sending an encrypted message to another ProtonMail address to confirm end-to-end encryption is working. If you need to email someone on Gmail or another provider, use the "Password-protected email" option in the compose window — this generates a link the recipient can open with a shared password. Bookmark the Proton onion address for future access through Tor. Your ProtonMail address is now the foundation for registering with other privacy tools — use it as your email when signing up for VPNs, messaging apps, and other services in your anonymous identity stack.