Security Experts:

ProtonMail Launches Tor Hidden Service

Encrypted email provider ProtonMail announced this week the launch of a Tor hidden service whose role is to help combat the censorship and surveillance efforts of totalitarian governments.

ProtonMail developers pointed out that using Tor has several advantages, including extra layers of encryption for communications, protection for the user’s real IP address, and the possibility to bypass censorship mechanisms.

On the downside, accessing the service over Tor will have a negative impact on performance, and the hidden website is still experimental so it may not be as reliable as the regular site.

The new onion website, set up with the aid of the Tor Project, can be accessed at https://protonirockerxow.onion. The URLs of hidden services are encryption key hashes, which makes them appear as a string of 16 random characters. However, ProtonMail hashed millions of encryption keys until it found a hash that made at least some sense in an effort to help users identify phishing attacks.

The hidden service is only accessible over HTTPS and it uses a certificate from Digicert, the company that also issued an onion SSL certificate to Facebook. Detailed instructions on how to access the service over Tor have been made available by ProtonMail.

ProtonMail over Tor

“Since our onion site is still experimental, we are not making any recommendations yet regarding the use of ProtonMail’s onion site,” ProtonMail developers said in a blog post. “Even without using Tor, your ProtonMail inbox is still strongly protected with PGP end-to-end encryption, secure authentication (SRP), and optional two-factor authentication. However, ProtonMail definitely has users in sensitive situations where the extra security and anonymity provided by Tor could literally save lives.”

ProtonMail has been around since 2014, but it only became available to the public in March 2016. The service can be accessed via a desktop web browser or the iOS and Android mobile apps.

ProtonMail is currently the largest encrypted email service, with more than 2 million users. Its popularity continues to increase as governments try to prevent citizens from using encrypted communications tools and attempt to expand their surveillance powers.

Related Reading: ProtonMail Suspects State-Sponsored DDoS Attack

Related Reading: More Than 1 Million Users Access Facebook Over Tor

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.