Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

ProtonMail Launches Tor Hidden Service

Encrypted email provider ProtonMail announced this week the launch of a Tor hidden service whose role is to help combat the censorship and surveillance efforts of totalitarian governments.

Encrypted email provider ProtonMail announced this week the launch of a Tor hidden service whose role is to help combat the censorship and surveillance efforts of totalitarian governments.

ProtonMail developers pointed out that using Tor has several advantages, including extra layers of encryption for communications, protection for the user’s real IP address, and the possibility to bypass censorship mechanisms.

On the downside, accessing the service over Tor will have a negative impact on performance, and the hidden website is still experimental so it may not be as reliable as the regular site.

The new onion website, set up with the aid of the Tor Project, can be accessed at https://protonirockerxow.onion. The URLs of hidden services are encryption key hashes, which makes them appear as a string of 16 random characters. However, ProtonMail hashed millions of encryption keys until it found a hash that made at least some sense in an effort to help users identify phishing attacks.

The hidden service is only accessible over HTTPS and it uses a certificate from Digicert, the company that also issued an onion SSL certificate to Facebook. Detailed instructions on how to access the service over Tor have been made available by ProtonMail.

ProtonMail over Tor

“Since our onion site is still experimental, we are not making any recommendations yet regarding the use of ProtonMail’s onion site,” ProtonMail developers said in a blog post. “Even without using Tor, your ProtonMail inbox is still strongly protected with PGP end-to-end encryption, secure authentication (SRP), and optional two-factor authentication. However, ProtonMail definitely has users in sensitive situations where the extra security and anonymity provided by Tor could literally save lives.”

ProtonMail has been around since 2014, but it only became available to the public in March 2016. The service can be accessed via a desktop web browser or the iOS and Android mobile apps.

ProtonMail is currently the largest encrypted email service, with more than 2 million users. Its popularity continues to increase as governments try to prevent citizens from using encrypted communications tools and attempt to expand their surveillance powers.

Advertisement. Scroll to continue reading.

Related Reading: ProtonMail Suspects State-Sponsored DDoS Attack

Related Reading: More Than 1 Million Users Access Facebook Over Tor

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.