Messages are encrypted at all times
Messages are stored on ProtonMail servers in encrypted format. They are also transmitted in encrypted format between our servers and user devices. Messages between ProtonMail users are also transmitted in encrypted form within our secure server network. Because data is encrypted at all steps, the risk of message interception is largely eliminated.
Zero Access to User Data
Your encrypted data is not accessible to us
ProtonMail’s zero access architecture means that your data is encrypted in a way that makes it inaccessible to us. Data is encrypted on the client side using an encryption key that we do not have access to. This means we don’t have the technical ability to decrypt your messages, and as a result, we are unable to hand your data over to third parties. With ProtonMail, privacy isn’t just a promise, it is mathematically ensured. For this reason, we are also unable to do data recovery. If you forget your password, we cannot recover your data.
Open Source Cryptography
Time-tested and trusted encryption algorithms
We use only secure implementations of AES, RSA, along with OpenPGP. Furthermore, all of the cryptographic libraries we use are open source. By using open source libraries, we can guarantee that the encryption algorithms we are using do not have clandestinely built in back doors. ProtonMail’s open source software has been thoroughly vetted by security experts from around the world to ensure the highest levels of protection.
Incorporated in Switzerland
All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and corporations. As ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.
Hardware Level Security
Full disk encryption and storage in secured datacenters
We have invested heavily in owning and controlling our own server hardware at several locations within Switzerland so your data never goes to the cloud. Our primary datacenter is located under 1000 meters of granite rock in a heavily guarded bunker which can survive a nuclear attack. This provides an extra layer of protection by ensuring your encrypted emails are not easily accessible to any third parties. On a system level, our servers utilize fully encrypted hard disks with multiple password layers so data security is preserved even if our hardware is seized.
No tracking or logging of personally identifiable information
Unlike competing services, we do not save any tracking information. By default, we do not record metadata such as the IP addresses used to log into accounts. As we have no way to read encrypted emails, we do not serve targeted advertisements. To protect user privacy, ProtonMail does not require any personally identifiable information to register.
Self Destructing Messages
With ProtonMail, emails are no longer permanent
You can set an optional expiration time on ProtonMail’s encrypted emails, so they will be automatically deleted from the recipient’s inbox once they have expired. This technology works for both emails sent to other ProtonMail users, and encrypted emails sent to non-ProtonMail email addresses. Similar to SnapChat, we’ve added a way for you to have ephemeral communication.
SSL Secured Connections
Swiss SSL to secure your connection
We use SSL to secure communication between our server and your computer. Message data between our server and your computer is already sent encrypted, but we use SSL to add another layer of protection and to ensure that the web page your browser loads is not tampered with by a third party intercepting your traffic in a MITM (Man in the Middle) attack.
Our SSL certificate authority (CA) is QuoVadis Trustlink Schweiz AG, a leading Swiss SSL certificate issuer. Using a Swiss based CA ensures that our CA’s SSL infrastructure is not under the control of US or EU government agencies. To allow extremely security conscious users to further verify that they are in fact connecting to our server, we have also released the SHA1 and SHA-256 hash for our SSL public key.
Securely communicate with other email providers
Even your communication with non-ProtonMail users can be secure
We support sending encrypted communication to non-ProtonMail users via symmetric encryption. When you send an encrypted message to a non-ProtonMail user, they receive a link which loads the encrypted message onto their browser, which they can decrypt using a passphrase that you have shared with them. You can also send unencrypted messages to Gmail, Yahoo, Outlook and others, just like regular email.
Easy to Use
Comprehensive Security for Everyone
We created ProtonMail because we found that none of the existing secure email services available today are sufficiently secure. However, a secure service like ProtonMail cannot improve the security landscape if it is so difficult to use, nobody can use it. From the start, we designed ProtonMail with a strong emphasis on usability. As a result, ProtonMail is very easy to use. There is nothing to install, and no encryption keys to manage, if you can use Gmail, Thunderbird, or Outlook, you can use ProtonMail.
Facebook is going to start fact-checking, labeling, and burying fake news and hoaxes in its News Feed, the company said Thursday.
The decision comes after Facebook received heated criticism for its role in spreading a deluge of political misinformation during the US presidential election, like one story that falsely said the Pope had endorsed Donald Trump.
To combat fake news, Facebook has teamed up with a shortlist of media organizations, including Snopes and ABC News, that are part of an international fact-checking network led by Poynter, a nonprofit school for journalism in St. Petersburg, Florida.
Starting as a test with a small percentage of its users in the US, Facebook will make it easier to report news stories that are fake or misleading. Once third-party fact-checkers have confirmed that the story is fake, it will be labeled as such and demoted in the News Feed.
A company representative told Business Insider that the social network will also use other signals, like algorithms that detect whether a story that appears fake is going viral, to determine if it should label the story as fake and bury it in people’s feeds.
“We’ve focused our efforts on the worst of the worst, on the clear hoaxes spread by spammers for their own gain, and on engaging both our community and third party organizations,” Facebook News Feed chief Adam Mosseri said in a company blog post on Thursday.
A team of Facebook researchers will also review website domains and send sites that appear to be fake or spoofed (like “washingtonpost.co”) to third-party fact-checkers, a Facebook representative said. Of the 42 news organizations that have committed to Poynter’s fact-checking code of ethics, Facebook is starting out with the following four: Snopes, Factcheck.org, ABC News, and PolitiFact.
The Associated Press will also be a fact-checking partner.
“We are only involved to the extent that Facebook relies on the list of signatories to our code of principles as a starting point for the organizations it chooses to verify,” a Poynter representative told Business Insider. “Facebook is the only organization certifying third party fact-checkers on its platform.”
Facebook has given its four initial fact-checking partners access to a tool that will let them label stories in the News Feed as fake, a Facebook spokesperson said. The person said Facebook is not paying the organizations to fact-check.
Cracking down on ads for fake news
The websites that Facebook determines to be fake news organizations or spoofed domains will also not be able to sell ads on the social network. Owners of fake-news sites can make thousands of dollars per month through internet ads.
Facebook has repeatedly said that it’s not a media company, but rather an open technology platform that relies on media publishers and its users to share accurate information.
“We do not think of ourselves as editors,” Patrick Walker, Facebook’s head of media partnerships, said during a recent journalism conference in Dublin. “We believe it’s essential that Facebook stay out of the business of deciding what issues the world should read about. That’s what editors do.”
Politicians such as President Barack Obama and former Secretary of State Hillary Clinton have recently expressed concern about the prevalence of misinformation on social media, with Obama calling it a “dust cloud of nonsense” and Clinton calling it “an epidemic.”
Facebook CEO Mark Zuckerberg has meanwhile gone so far as to say that it’s “pretty crazy” for some to suggest that fake news on Facebook could have swayed the election in favor of either candidate.
But after facing significant backlash for its denial to fact-check stories on its network, Zuckerberg now calls Facebook a “new kind of platform” with a responsibility to “build a space where people can be informed.”
“Facebook is a new kind of platform different from anything before it. I think of Facebook as a technology company, but I recognize we have a greater responsibility than just building technology that information flows through,” the Facebook founder said in a Thursday post.
“While we don’t write the news stories you read and share, we also recognize we’re more than just a distributor of news. We’re a new kind of platform for public discourse — and that means we have a new kind of responsibility to enable people to have the most meaningful conversations, and to build a space where people can be informed.”