This article was last updated 2 years ago

Being one of the world’s largest encrypted email service provider, ProtonMail today announced the addition of Tor’s hidden services to its platform. Tor has been integrated by ProtonMail in order to combat censorship and surveillance of its users. It currently has over 2 million users which are expected to further shoot up due to the new Tor’s extension.

For those of you unknown to Tor, it is a non-profit organization that has built an open and free network to allow users to browse the web anonymously. Commonly used by journalists and activists, this browser is a much-needed aid in internet-censored regions.

The Tor hidden service, also known as the onion site for ProtonMail, will now offer much more secure and private mailing system that is resistant to censorship. Since the service is available on an onion site, the users will have to set up Tor on their PCs in order to access the same. This move from the company comes on the heels of the recent U.S elections, whose outcome caused a massive surge in the service.

Once you setup Tor on your PC, you get direct access to onion sites as it will route your traffic using inbuilt algorithms. You also have the option to download Tor browser if you don’t wish to set up Tor; the browser itself has inbuilt support for Tor.

Though Tor setup by default disables Javascript but for the ProtonMail’s onion site you will need the support of Java. Hence, users have to press the ‘NoScript’ button and then select ‘Temporarily allow all this page’ while logging into ProtonMail’s website. Similarly, on Android, users need to enable Javascript by uninstalling the NoScript plugin entirely. After Javascript is enabled, you will instantly get logged in.

The addition of Tor to ProtonMail will allow routing of the traffic from the mailing service through the Tor network. Hence, it will save you from intruders hacking your mail via wiretapping your internet connection. The extra layers of encryption will be added by Tor to your mail network, which in turn will make it difficult for attackers to track your mails. This will even safeguard you from man-in-the-middle attacks. Tor’s key feature of keeping up the anonymity has also been applied to the service as no one will now be able to view the IP address of your connection to ProtonMail.

Moreover, one can use the mailing space in unsupported regions as it will be still available through the onion site. The Tor addition has been named hidden services, as nobody can deny access to anybody tracking your physical location. Though the service provider has launched a new Tor enabled website, it is still possible to visit the regular site without the Tor setup.

Though Tor extension offers much of the benefits, the speed of your connection will massively be affected. Tor connections work on much slower pace compared to standard connections, though we are yet to witness the working of ProtonMail’s onion site. It is still experimental in nature as the official blog for the news states,

Our onion site is still experimental, we are not making any recommendations yet regarding the use of ProtonMail’s onion site. Even without using Tor, your ProtonMail inbox is still strongly protected with PGP end-to-end encryption, secure authentication (SRP), and optional two-factor authentication.

Furthermore, the onion website comes with added security features such as HTTPS-only in partnership with SSL Certificate provider Digicert. The green bar seen in the browser is a proof against ProtonMail’s .onion SSL certificate has Extended Validation.

Though HTTPS is not compulsory for onion sites, ProtonMail has taken a step further so as to keep the location of its site secret by hosting the onion site away from current infrastructure in an undisclosed location and country. Secondly, if Tor is compromised someday,  HTTPS will function as an additional layer of security. Thus, the onion site has three layers of security – with Tor’s encryption being the first of them, HTTPS at second place, with PGP at last.

The fraudulent e-mail practice has also been kept in mind by the team as they’ve used spare CPU capacity to generate millions of encryption keys. It has then devised a much more readable and easy to memorize address for their onion site, that’s resistant to phishing. Further, it will be adding more security features in coming months along with completing the incomplete goals of the past year.

Tor Project’s Executive Director Shari Steele commented on integrating with the mailing service as under,

Tor is an invaluable tool for protecting online freedom and guarding against state surveillance and censorship,We are always glad to see the increased adoption of Tor, and this appears to be a good example of how Tor onion services can be utilized for the public benefit.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.