SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

ProtonMail Debuts Encrypted Contacts Manager

November 27, 2017

The new contacts manager is available to all of ProtonMail’s 5 million users around the world.

The development and launch of this feature was driven by the feedback that the company received from many of its users in the investigative journalism space. “Last year, we had the unique opportunity to meet with many of our users in the field at the Second Asian Investigative Journalism Conference in Kathmandu, Nepal, and one message that we heard over and over again was the need for better ways to protect sources,” says ProtonMail co-founder Dr. Andy Yen, “the new encrypted contacts manager today is the result of over one year of research and development into how we can best meet the needs of the thousands of activists, journalists, and dissidents who rely on ProtonMail to protect their privacy.”

In addition to protecting sensitive contact details with zero-access encryption (meaning that ProtonMail itself cannot decrypt the data, and cannot reveal the private contact details to third parties), ProtonMail’s new contact manager also utilizes digital signatures to verify the integrity of contacts data. This provides a cryptographic guarantee that nobody (not even ProtonMail), has tampered with the contacts data.

“Combining encryption with digital signatures provides powerful protection that guarantees not only the privacy, but also the authenticity of the contacts saved in ProtonMail, and reduces the need to trust ProtonMail, as even we cannot access or change this information without your knowledge,” says Dr. Yen. In line with standard company practice, the software behind ProtonMail’s encrypted contacts manager is fully open source.

What is an Encrypted Contacts Manager?

ProtonMail’s new contact manager uses zero-access encryption in order to protect the details of your contacts. Zero-access encryption means that the protected contact fields are encrypted in such a way that only you are able to decrypt and read them, not even ProtonMail can read them. In their new encrypted contacts manager, the protected contact details are shown within an area with a lock icon.

ProtonMail-Encrypted-Contacts-lock-icon

The addition of encrypted contact fields brings many security benefits. For example, if you are a journalist with a confidential source, it is very important to protect the phone number or address of that source. Using the notes field in contacts, you can also add other information about the contact that will be protected with zero-access encryption. In order to do email filtering, we do not use zero-access encryption for email addresses – doing so also does not significantly improve privacy because as an email service, we necessarily must know who you are emailing in order to deliver the message.

Digitally Signed Contacts

The new ProtonMail Contact does more than just protect contact data fields with zero-access encryption. They also utilize digital signatures to verify the integrity of contacts data. Digital signatures are used for all contact fields, including the email address itself, and are denoted by the icon.

The concept of digital signatures is technically complex, and is explained in more detail here, but in more simple terms, what digital signature verification does is provide a cryptographic guarantee that nobody (not even ProtonMail) has tampered with your contacts. Thus, you can be absolutely sure that the contacts data is precisely what you entered.

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement