Proton Privacy: A Review to Determine its Full Potential
An analysis of the Proton ecosystem
Proton is one of the largest privacy companies in the world with a central suite including email, VPN, drive storage, and calendar. In this review I’ll cover the privacy & security of Proton, what I love about each service, but also what drives me a little crazy about the ecosystem.
Proton Mail 📧
I’d argue Proton Mail is the most developed service. Against Gmail you’re getting a quality interface, mostly consistent between devices, several advanced features, and advanced search functionality.
Techlore Dispatch is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Desktop is web-based, likely similar to how most people use Gmail. iOS and Android have native apps that I think are overall solid. (though I have gripes I’ll cover soon) The free plan is generous, the UI is solid, there are attractive privacy & security features; and just to top it off, switching from Gmail is easy to do with Proton’s native features to migrate from Google. Despite the overall positivity, I have some gripes:
You have to use THEIR clients - unless:
You’re on desktop, and…
You pay Proton to use their bridge, which I don’t think should be paywalled. Without these two things, you’re locked into Proton’s clients. Yes, you’re limited to only their mobile clients.
Proton’s themes look great - but as someone who switches between light and dark theme automatically, it’s silly for Proton to not have a system theme option for desktop.
No email templates. Most emails we receive can be responded to with ~5 copy/paste templates, and it’s unfortunate to not have template functionality, especially when it’s offered by one of their competitors - Tutanota.
Their iPad app has no optimization for the iPadOS ecosystem, it’s just a blown up version of the iOS app. I’d argue it’s nicer to use the web client on an iPad than the actual app.
My final major complaint is how Proton Mail handles multiple accounts on web. To switch between accounts, you leave the main UI to enter the account switcher, then select a different account, which is inconvenient. All accounts should just be listed in one place like the mobile apps. It’s actually more convenient to play with the URL than to use the formal account switcher.
Despite my complaints, I enjoy Proton Mail. It looks nice, it’s functional, and I think it’s pretty low sacrifice all things considered, which is impressive given there’s a lot going on behind the scenes to make this a private & secure experience - the extent of which we’ll cover soon.
Proton VPN 🔐
Alongside Proton Mail, there’s Proton VPN; we’ll keep this short because it’s just a VPN and there’s not much to cover. In our VPN Toolkit, it performs well, offering one of the most trustworthy VPNs on the market from a privacy & security standpoint. Usability-wise, the clients are okay, there’s no real custom DNS support for things like NextDNS, and I just generally feel like since they released WireGuard there’s been little evolution.
It’s these reasons I probably wouldn’t go out of my way to buy Proton VPN; if you see me using it - it’s likely because I’m paying for the Proton ecosystem and just using the VPN to save money. I don’t find the user experience better than the other VPNs we suggest, all of which offer similar if not better privacy & security, with more attractive features, cheaper prices, better speeds, and better clients. The one selling point of Proton is the generous free plan, which is one of the only free VPNs we feel comfortable recommending. Regardless, it’s great to have access to this VPN if you’re already paying for the Proton ecosystem!
Proton Drive 🗄️
Moving to Proton Drive, this seems great - as it presents itself as a perfect Google Drive replacement…but it’s not.
It delivers on the privacy & security, but the usability is more comparable to an SD card online, than an actual cloud provider. Because:
There’s no collaboration or document editing, which is fine - but compared to Google Drive, that’s a huge loss. (In Proton’s defense, most cloud providers don’t offer this.)
No desktop clients, meaning you can’t directly sync with your local file system. Proton said there’d be desktop clients before 2023, but here we are several months into 2023 with nothing.
Proton advertises no max file sizes, but after extensive testing, this is not true. Why this happens is because web based applications have limitations, especially with a zero knowledge provider like Proton Drive that has to decrypt and encrypt every file. (especially on low power devices, which are a lot more common than people think) Even the browser you’re using can impact your ability to download/upload certain files. To do some quick testing, I uploaded a 1GB, 4GB, & 12GB file, and the 1GB file failed on Safari and Brave on an iPhone 13 mini (a modern high powered device) and the larger download failed on Firefox for Android. So Proton simply cannot guarantee no max file sizes for as long as people still try to use the web, there will be limitations as to what people can realistically download/upload. The sad thing is even if Proton releases native clients, this doesn’t 100% solve the problem…what happens if you upload a file via your native application and send it to a family member who has to download via the web? In my view, Proton has to cater to the lowest denominator, or stop advertising no max file sizes. Their website says “Proton Drive has no size limit on shared files. If you can upload it, you can share it.” This is highly misleading. Another area says “Your recipients can download your file, regardless of its size or format, using the secure link.” - if you cannot guarantee it, stop advertising it!
Proton doesn’t integrate Drive with the ecosystem. Why when I send an email, and click attach file, can I not directly attach a Proton Drive file? And why is there no way to just email a file to a contact directly in Proton Drive? It feels like they rushed out Drive, without making it a fully-featured product to the user. Proton has hinted they plan on making this better, but I have to ask why they publicly released it when it still feels like a beta service.
If your needs are to just upload a few documents and share them with some contacts, great - this is all you need. But don’t mistake Proton Drive as competitive to Google Drive. (at least in its current state!)
Proton Calendar 📆
Proton Calendar’s next, and similar to Mail I think it’s solid. And unlike Drive, Calendar is somewhat integrated into Proton’s ecosystem, where if someone emails you an invite, you can directly add it to your calendar - bravo. My general complaint with the calendar is speed, it can feel slow - though I try to be understanding that this is all zero knowledge and much more complicated to run at fast speeds than what Google’s doing. The applications are nice, though can feel limited and a bit clunky to use. There’s even internal collaboration via shared calendars with other Proton users! So not bad - I have the fewest complaints with the calendar, it mostly just works, at least for my needs.
However, like the rest of Proton’s ecosystem, there are some feature parity issues that will be outlined later.
Privacy & Security 🕵️
To set the scene for privacy & security: what Proton is trying to do is difficult. Email, Calendar, and Contacts are legacy technologies that were never designed to have modern protections. But despite these limitations, Proton has found ways to close the gap:
First, Proton physically cannot read your emails - they’re stored with zero knowledge encryption. This is even court-proven in the infamous case where Proton handed over an IP address - which they stated in a 2014 blog post they could be forced to do. It fascinates me that the privacy community interpreted this as a negative, as Proton proved in an incident they couldn’t hand over anything outside an IP. People who got mad over this had unrealistic expectations for what Proton, or what any private email could give them.
If you email someone else that uses Proton, you’ll have E2EE - end of story. If the other user doesn’t use Proton, you have two options:
The first is Proton’s password feature, where you send someone a password protected email, then use a secure communication method to send the password. I use this all the time as it’s very user friendly.
The second option is PGP, which Proton supports beautifully. The problem with PGP is the other person also needs to use it. But it’s awesome Proton directly offers this in their ecosystem.
So to address concerns that Proton is only E2EE for other Proton users, that’s not true. There are three options to use Proton Mail with E2EE, two of which don’t require the other user to use Proton.
Third, Proton overall offers a private signup process. They even have a Tor site you can use to register, offering a whole new level of privacy when registering.
Fourth, aside from Proton knowing little about you, and giving you tools to communicate securely, there are some nice-to-haves:
They safely proxy images in your emails
They block trackers in your emails
They offer U2F (though I do wish this was supported in mobile)
And they now own SimpleLogin, meaning you gain instant access to a phenomenal aliasing tool to protect your email.
And finally, Proton is open source, which is a huge selling point from a transparency perspective.
So, no Proton is not perfect - but they do a great job at offering better protection than almost all email providers, and they’re not given enough credit for that. People have unrealistic expectations for what an email provider can give them, and Proton has surpassed mine. If you’re looking for a more private & secure email experience, they have it - if you need more protection, then you shouldn’t be using email in the first place.
Feature Parity 🙈
Now while privacy & security is Proton’s strength, let’s talk about their weakness: feature parity. What is feature parity? It’s releasing features consistently across clients so users get a similar experience on every device. I wanted to share some timelines of what Proton has done:
Proton released a new, much improved interface in June 2021 for the web client
But this didn’t hit their Android app until around January 2022
Then their iOS app kept the old interface until April 2022
Meaning it took Proton 10 months to roll out a new UI across their ecosystem.
Proton Calendar was released for web to the public in June 2021
Then the Android app was released to the public in April, 2022
Then the iOS app was released in November, pretty much December 2022
Meaning it took Proton about 18 months to roll out their calendar to all users. 18 months!
Proton Drive left beta for web in September 2022
Proton Drive for mobile, both iOS and Android was surprisingly released in the same month, in December 2022
This might seem like their best rollout so far - only taking 3 months to roll out to all devices. But as we covered, there are still no desktop clients, so this is still rolling out as we speak. (8 months in!)
And these aren’t isolated incidents - this is part of their culture. Their CEO stated this directly to me in an AMA. And to speak to this:
A month ago Proton released a new customizable toolbar on iOS, with no Android support - meaning this is now an exclusive feature for iOS users.
A month before that, Proton released scheduled email sending for the web and iOS, once again excluding Android.
Proton even did the same thing with their new enhanced tracking protection, (a privacy feature!) only releasing it for web and iOS, excluding Android - meaning in some ways you’re actually less safe on the Android app.
And even when things seem consistent, they never really are. Proton Calendar seems similar, but Android has a widget and iOS doesn’t - that’s a core feature just entirely missing from one of two mobile clients. Similarly, Proton Mail on Android has quick actions to deal with emails without needing to open the app - but on iOS that’s missing. Recently, Proton did a poll asking their community if they wanted new document, or photo features, and a top comment is neither, just release desktop clients for Proton Drive. People are tired of the inconsistency, especially when Prootn advertises this ‘privacy ecosystem’, that’s not a coherent, central experience, but rather 4 services doing their own thing.
After scripting this, Proton just released Proton Pass, a password manager, in beta, with a missing client - why are they releasing new services when their current services aren’t up to industry standards?
In my eyes there’s no excuse given they have over 400 employees - yes, 400. I think more people need to talk about this - because I know that people coming from the Google suite will notice these problems. If Proton figures this problem out, I think it’ll really elevate their service and make them an even better sell to Google users.
I want to like everything about Proton, and there’s a lot I like, but it’s far from perfect. I think Proton Mail and Proton Calendar are their most robust offerings, Proton VPN is fine, but feels neglected, and Proton Drive feels like it should’ve never been released in its current state. Regarding their integration, and the general approach Proton has taken to development - I would expect better from one of the largest companies in the privacy space.
Now what Proton knocks out of left field is privacy & security. They’re not perfect, but they almost universally offer some of the most well-built programs in each respective service in the industry…
Proton Mail crushes most of the competition from a safety & usability perspective…
as does the VPN…
and we’ll…ignore Drive.
Individually, these services do very well, but I’d love to see some better integration across their clients, and especially between each respective service. I think it’d elevate the Proton offering and take them to a whole new level!
If you’re looking to switch to the Proton suite and you enjoyed this review, we have an optional affiliate link you can use to purchase Proton, and it will also help support what we do here at Techlore, we greatly appreciate everyone who goes through the kickback link:
Check out the video on it below for more visuals and details:
Odysee Mirror | PeerTube Mirror
Techlore Dispatch is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.