Gmail vs ProtonMail: Which is More Secure?
Which email provider is more suited for the paranoid user?
Revelations of broad NSA surveillance and the constant flurry of data breaches have led many of us to become more security conscious. There are now more options than ever to communicate securely with encrypted messaging apps, and security mechanisms such as password managers and two-factor authentication have become commonplace.
Read more: The Motherboard Guide to Not Getting Hacked
But many users still don't know how to keep their email secure. Is it better to stick to a popular service such as Gmail or turn to niche, security-first providers like ProtonMail, which are marketed to the most paranoid among us?
Each have their pros and cons, but for the vast majority of users, Gmail is the better choice.
The first thing you need to consider and assess is what you're worried about and what you are trying to protect exactly. This is what cybersecurity experts call "threat modeling." The answer to these questions will determine which email provider is best suited for your needs.
Are you worried about the US government using its legal powers to read your emails?
If your concern is the government accessing your email using a legal warrant request, ProtonMail is the best choice for you. Google's parent, Alphabet, is a US-based corporation and regularly responds to legal requests to turn over consumer data. Google complies with tens of thousands of search warrants and subpoenas every year, according to its transparency report (it also has a userbase that is many orders of magnitude larger than ProtonMail's.)
ProtonMail, on the other hand, is based in Switzerland, so the US government could potentially have a harder time serving legal requests to the company.
"We believe that comprehensive security can only be achieved through a combination of technology and legal protections and Switzerland provides the optimal combination of both," ProtonMail writes on its website. The company is headquartered there because Switzerland is not a part of the European Union nor the US and has strong privacy laws. "There are no such things as National Security Letters and all surveillance requests MUST go through the courts," the company added, referring to secret subpoenas that do not require judicial approval and cannot be disclosed by companies.
That being said, Switzerland has an agreement with the United States that compels it to collaborate when confronted with legitimate legal requests. This means that the US government, working with the Swiss government, can compel ProtonMail to turn over data. According to ProtonMail's own transparency report, the company has on several occasions retained or turned over data to the US government, but it is clear that the company takes such requests very seriously.
Are you worried about hackers getting into your email account?
If your main worry is that hackers could gain access to your email, then you should rely on Gmail. To be clear, for a majority of users, the threat of hackers trying to break into their emails looking for a way to make a quick buck is more real than the threat of a government investigating them as part of a crime. With the proliferation of phishing attempts and the threat of hackers obtaining your password via hacks of other services, this is what the average consumer should be worried about.
Google has one of the best teams of security engineers in the world. Moreover, the company has several strong security mechanisms for users to protect their account.
At the very least, users can and should add two-factor authentication to their accounts, making it harder for hackers to phish their password and gain access. But what really makes Gmail a better option than ProtonMail in this regard, though, is its new optional "Advanced Protection" service, an even stronger set of security features that make it extremely hard for anyone to hack into your account. "Advanced Protection" requires the use of physical tokens or security keys, which make phishing attacks virtually impossible to pull off.
ProtonMail's account security is not bad, as users can set two-factor on their accounts as well, and the service offers the option of setting two separate passwords. But ProtonMail does not support the use of physical security keys. For high-risk users who face sophisticated phishing attacks often designed to circumvent two-factor authentication, this is a risky trade off that makes Gmail a clearly superior option.
But what about end-to-end encryption?
One of the selling points of ProtonMail is that it makes end-to-end encryption, a mechanism that makes messages readable just by the sender and the receiver, easy to use. That is a clear advantage ProtonMail has on Gmail, where it's tedious and hard to use end-to-end encryption technologies such as PGP. But ProtonMail's built-in encryption only works between ProtonMail users, and there are many fewer ProtonMail users than Gmail users. ProtonMail allows you to send encrypted messages to people who don't use ProtonMail, but it's not exactly email—instead, it's a link to an encrypted message that can be decrypted with a password: "Upon sending the message, a generic message is delivered into the recipient's mailbox, providing them with a unique link to open the encrypted message the ProtonMail user has sent. In addition, this message contains the subject of the message, and the unique password hint if the ProtonMail user has designated one."
At the end of the day, if you really want to use end-to-end encryption, you might as well set that up with software such as GPGTools on your computer, which works independently from Gmail or any other provider you use. You'll still need your penpal to have and know how to use PGP though.
To sums things up: If Google, and in turn the US government, are not part of your threat model, then ProtonMail has nothing more to offer in terms of security than Gmail itself. The only differentiator in that case is end-to-end encryption and you can do that in Gmail with some effort. On the other hand, Gmail has a team of elite cybersecurity engineers working to keep its billion users secure, and better built-in protections to keep hackers out of your account.
Correction: an earlier version of this story stated that ProtonMail required two passwords by default. That is not the case. Originally, ProtonMail required two passwords, but now it only requires one by default.
UPDATE, October 23, 9:56 a.m. ET: After we published this story, ProtonMail published a response, listing the advantages ProtonMail has on Gmail, and claiming ProtonMail is a better choice.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
Get six of our favorite Motherboard stories every day by signing up for our newsletter.