Connect with us

Hi, what are you looking for?


Email Security

ProtonMail Launches Tor Hidden Service

Encrypted email provider ProtonMail announced this week the launch of a Tor hidden service whose role is to help combat the censorship and surveillance efforts of totalitarian governments.

Encrypted email provider ProtonMail announced this week the launch of a Tor hidden service whose role is to help combat the censorship and surveillance efforts of totalitarian governments.

ProtonMail developers pointed out that using Tor has several advantages, including extra layers of encryption for communications, protection for the user’s real IP address, and the possibility to bypass censorship mechanisms.

On the downside, accessing the service over Tor will have a negative impact on performance, and the hidden website is still experimental so it may not be as reliable as the regular site.

The new onion website, set up with the aid of the Tor Project, can be accessed at https://protonirockerxow.onion. The URLs of hidden services are encryption key hashes, which makes them appear as a string of 16 random characters. However, ProtonMail hashed millions of encryption keys until it found a hash that made at least some sense in an effort to help users identify phishing attacks.

The hidden service is only accessible over HTTPS and it uses a certificate from Digicert, the company that also issued an onion SSL certificate to Facebook. Detailed instructions on how to access the service over Tor have been made available by ProtonMail.

ProtonMail over Tor

“Since our onion site is still experimental, we are not making any recommendations yet regarding the use of ProtonMail’s onion site,” ProtonMail developers said in a blog post. “Even without using Tor, your ProtonMail inbox is still strongly protected with PGP end-to-end encryption, secure authentication (SRP), and optional two-factor authentication. However, ProtonMail definitely has users in sensitive situations where the extra security and anonymity provided by Tor could literally save lives.”

ProtonMail has been around since 2014, but it only became available to the public in March 2016. The service can be accessed via a desktop web browser or the iOS and Android mobile apps.

Advertisement. Scroll to continue reading.

ProtonMail is currently the largest encrypted email service, with more than 2 million users. Its popularity continues to increase as governments try to prevent citizens from using encrypted communications tools and attempt to expand their surveillance powers.

Related Reading: ProtonMail Suspects State-Sponsored DDoS Attack

Related Reading: More Than 1 Million Users Access Facebook Over Tor

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...