ProtonMail, the privacy-focused email business, has launched a Tor hidden service to combat the censorship and surveillance of its users.
The move is designed to counter actions "by totalitarian governments around the world to cut off access to privacy tools" and the Swiss company specifically cited "recent events such as the Egyptian government's move to block encrypted chat app Signal, and the passage of the Investigatory Powers Act in the UK that mandates tracking all web browsing activity".
Speaking to The Register, ProtonMail's CEO and co-founder Andy Yen said: "We do expect to see more censorship this year of ProtonMail and services like us."
First launched in 2014 by scientists who met at CERN and had become concerned by the mass-surveillance suggested by the Edward Snowden revelations, ProtonMail is engineered to protect its users' communications by using client-side encryption through users' browsers, meaning ProtonMail's servers never have access to any plaintext content.
Combined with Switzerland's strong privacy laws, the freemium service has increasingly been seen as a popular destination for spooked citizens. It has faced enormous DDoS attacks by assumed nation-state adversaries, and following the election of Donald Trump, sign-ups at the service doubled.
Users can navigate to the Tor network through: https://protonirockerxow.onion
Today, ProtonMail is announcing the introduction of a Tor hidden service, or onion site, which will allow users to directly connect to their encrypted email accounts through the Tor network at the URL https://protonirockerxow.onion, which ProtonMail said it expended "considerable CPU time" to generate for the sake of finding a hash that was more human readable and less prone to phishing.
Additionally, the onion site also has a valid SSL certificate issued to Proton Technologies AG by DigiCert. This is a reasonably novel innovation as the classical Certificate Authority system isn't compatible with Tor, where onion addresses are self-generated rather than purchased from a registrar.
Yen told The Register: "The problem is, if you act as your own CA, you run the issue of not trusting that certificate authority by default." As such, ProtonMail reached out to the Tor Project, which suggested it get in touch with DigiCert, who had previously provided the CA service for Facebook.
"Given ProtonMail's recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this." said Yen. "Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step."
In the coming months, the Tor Project stated it would be "making additional security and privacy enhancements to ProtonMail, including finishing some of the leftover items from our 2016 Security Roadmap". ®