Last month, I decided to switch over to ProtonMail, a privacy-first email provider that keeps its servers in countries with strong privacy protections like Switzerland so that it “cannot be forced to hand over data in cases of US or EU civil litigation.” It uses end-to-end encryption, meaning that only the people sending and receiving messages can read them, and it was founded by former CERN and MIT scientists, so the implication is that it’s basically the Fort Knox of email providers. It’s the email provider of choice for Elliot, the hacker protagonist on Mr. Robot.
Documents leaked by Edward Snowden in 2013 showed that popular email providers including Google, Yahoo, and Microsoft were cooperating to share user data with the National Security Agency. The service, whose privacy claims have been independently audited, says it has about 2 million users.
ProtonMail pitches itself as the secure alternative to Gmail, but I found it so frustrating and limiting that it was hard to get real work done.
ProtonMail’s most glaring problem is its hamstrung search function. You can search by sender, recipient, and subject line but not by the actual contents of the message. Before going without this feature, I had no idea how often I used it in Gmail to pull up conversations containing a certain keyword. It’s a crucial research tool that, in ProtonMail, I simply don’t have access to.
Email is so fundamental that it’s difficult to power through the weaknesses of a poor product.
That’s not the only issue. ProtonMail is clunky to a degree that makes me realize all the things I appreciate about Gmail. Its software is currently on version 3.12.23, according to a technical-looking notification in the corner of the screen, which sounds very advanced — but in reality its conversation nesting forces you to hunt through minimized replies each time you open a conversation, an extraordinarily time-consuming process if you ever move between threads. Things that aren’t spam end up in my spam folder and vice versa. You have to pay €5 per month to get rid of a signature that says “Sent with ProtonMail Secure Email.”
I’m not the only person to complain. A ProtonMail user by the handle Eclectic griped back in 2016 that the clumsy nesting and lack of a search function comprised a “deal killer.” “I won't use them until they add this feature,” wrote a user by the name of Brian. “Searching keywords in the message body is imperative for this product to be able to compete with gmail,” wrote yet another. And when I reached out to the company, it didn’t sound like a fix is imminent.
“Unfortunately, you can't search for the message content, you're correct,” wrote a faceless entity called the ProtonMail Team. “This is because the messages are encrypted and we can't access them so we can go through the content.”
I asked whether it might be possible to decrypt a user’s messages inside the webmail client to make the inbox searchable, but ProtonMail Team demurred, saying that the company was looking into it. ProtonMail Team did suggest, though, that I could set up a desktop email client like Thunderbird to download my messages and sort them locally. That would only take a few minutes for a Mac or Windows user, but I use Linux, and ProtonMail hasn’t released its encryption software for Linux yet.
And in any case, ProtonMail Team cautioned, storing the messages locally is “not as secure as our servers.”
There’s irony in that. According to ProtonMail itself, the very encryption that makes the service secure is also preventing its users from enjoying basic features, like search, that people who use less secure providers have access to. To me, that reads like a metaphor for much of digital security: a seemingly endless series of safeguards and precautions which, though they often make regular tasks circuitous or impossible — ever tried to join a group chat in Signal? — and might not even protect you against a powerful foe.
It’s worth noting that the lack of a robust search feature isn’t the only criticism of ProtonMail. Whether it provides better security depends largely on what sort of threats you’re worried about. While ProtonMail might provide some advantages to people who are concerned about government snooping, Google’s vast expertise and computing infrastructure arguably mean that it’s better equipped to defend against garden-variety hackers.
Open or secure software often lack features, either because their developers lack resources or because of design constraints. Linux is crummy at audio, and a lot of common software isn’t compiled for it. The secure browser Tor is infuriatingly slow. Open source office suite LibreOffice is glitchy and prone to crashes.
But email is so fundamental that it’s difficult to power through the weaknesses of a poor product. Even under the best of circumstances, switching email providers is an aspirational enterprise that eventually starts to feel suspiciously like having two email accounts. It’s even more frustrating when you have to start making security concessions just to be able to search your inbox.