Since September 2017 I’ve been a rather satisfied user of the ProtonMail email service. I’d like to explain why I switched and why I think you should do so too.
Before ProtonMail I had been using Roundcube. This the open source webmail solution offered by my website’s hosting provider Antagonist. Just like many other webhosts their email service is included in my hosting package. The problem is that Roundcube sees very little development and is archaic now. Its web interface isn’t responsive, so it’s a pain to use on a smartphone. There are no smartphone apps either. Even on a laptop or desktop, it’s interface is old and clunky. It’s not even a contest between Roundcube and modern free webmail solutions like Outlook.com and Gmail.
But you don’t want to switch to Outlook.com or Gmail either. Those are delivered by unscrupulous companies who lust for your data and privacy. You don’t just use their product, you are the product because they will use your personal data for advertising purposes. In practice the advertising they employ is unobtrusive, but in principle this is unacceptable. No one gets to stick their nose in my emails, whether they are strangers or automated advertisement software!
After some time of considering the alternatives such as getting a VPS and installing SOGo on that, or other smaller paid email services, I arrived at ProtonMail. I chose the paid account because it was possible to associate it with my own custom domain. This way all the emails which are adressed to my existing email address simply get routed to my ProtonMail account. So I didn’t need to change my email adress everywhere. Using my own domain required reading some documentation and changing a few things in the email configuration of my host Antagonist and ProtonMail itself, but was relatively easy.
The greatest advantage of ProtonMail is that it focuses on privacy and good encryption. The encryption employed is both zero-access and end-to-end, as explained here. They can’t search through your data and sell it for advertising purposes. They have a good web interface as well as Android and iOS apps. I’d highly recommend everyone to get a free account with them, or a paid one if you want the custom domains feature. These people rather than Microsoft or Google deserve your financial support.
However, it also has some problems. The most important one is that it’s not completely open source. They do give the impression that all their software is open source on their website’s front page, but they are misleading their customers. Actually only the frontend (graphical user interface) is open source and the backend (the inner workings) is not. Neither are the iOS and Android apps.
The developers claim that they don’t publish everything because it would expose their spam filter to circumvention by the spammers. As others have already pointed out, they should not use this excuse because if their software is properly modularized they can maintain a closed source spam filter while the rest is completely open source. As for the iOS and Android apps, they have already been claiming for years now that those would be open sourced once sufficient code quality had been reached. After several years of waiting this is no longer a credible excuse. I’m not going to assume malice where I can assume negligence, but the communication on their open source strategy is very disappointing.
It is important for their software to be published under a free and open source license so that far more people than just their own developers can analyze it and check for security vulnerabilities. Also, it would allow other parties to host ProtonMail. I think this is an important reason why ProtonMail is holding back with open sourcing their software; if everyone can host it they will lose paying subscribers.
Currently I’m paying Antagonist for the web hosting (including their email service which I don’t use anymore) and ProtonMail for the email. It would be more efficient if Antagonist could install the ProtonMail software so I would have everything hosted with one party. I would probably still donate to ProtonMail so they can keep developing their software.
Apart from the open source issue, I would like to see several important features in ProtonMail. First, a calendar feature would be useful so that I don’t need to use separate software for that. Currently I just use an old-fashioned paper agenda. Second, the ability of the phone apps to synchronize with the phone’s contact list. If you get a new Apple iPhone there is no way to tell the ProtonMail iOS app to place all its contacts in the iOS contacts list (it’s the same on Android). Migrating your phone’s contacts is thus more complicated if you don’t want to use Google or Apple cloud services for that. Finally, the fixed American mm/dd/yyyy date format should be adjustable and preferably default to the date format of the user’s location.