The creators of encrypted email service ProtonMail have set up a server that’s only accessible over the Tor anonymity network as a way to fight possible censorship attempts in some countries.
ProtonMail was created by computer engineers who met while working at the European Organization for Nuclear Research (CERN). The service provides end-to-end encrypted email through a web-based interface and mobile apps, but the encryption is performed on the client side, and the ProtonMail servers never have access to plaintext messages or encryption keys.
On Thursday, Proton Technologies, the Geneva-based company that runs ProtonMail, announced that it has set up a Tor hidden service, or onion site, to allow users to access the service directly inside the Tor anonymity network.
A Tor hidden service is a website that can only be accessible from within the Tor network. It is set up in such a way users don’t know the real Internet Protocol address of the server, and the server can’t see the real IP addresses of the users, offering two-way privacy.
Inside the Tor network, hidden services can be accessed using .onion addresses, where the address names are actually cryptographic hashes. This means that .onion addresses are supposed to look random, but owners of hidden services can spend computing power to generate a large number of hashes in hopes of obtaining one that is easier to remember.
For example, ProtonMail’s new Tor service can be reached at protonirockerxow.onion, while Facebook has been accessible over Tor at facebookcorewwwi.onion since 2014.
The ProtonMail team chose to set up this onion website primarily as a defense against any online censorship or surveillance efforts that might target the service in the future.
Such incidents are common. Just recently, the Egyptian and UAE governments, which have strict control over the internet in their countries, started blocking people from using the Signal end-to-end encrypted messaging app for Android and iOS.
“Recently, more and more countries have begun to take active measures to surveil or restrict access to privacy services, cutting off access to these vital tools,” the ProtonMail team said in a blog post. “We realize that censorship of ProtonMail in certain countries is not a matter of if, but a matter of when. “
A Tor hidden service also has other benefits. For one, because no one can discover its real IP address, it can’t be targeted in distributed denial-of-service (DDoS) attacks, which means that it can serve as a failover if the internet-accessible ProtonMail servers get attacked.
The email service has suffered such attacks before. In November 2015, it came under fire by a series of massive DDoS attacks that caused disruptions for over a week. The attackers asked the company for US$5,500 to stop, but even after Proton Technologies paid, they continued to hit the service.
Another benefit is increased privacy. Because Tor uses multiple layers of encryption, there is no way for someone monitoring a user’s internet connection to tell whether he or she is accessing ProtonMail. On the other end, ProtonMail will not see the user’s real IP address, so there will be no way to tie a visit to a real identity.
Tor itself provides multiple layers of encryption, but on top of that, the ProtonMail hidden service is also protected by HTTPS. The company has managed to obtain a certificate for its .onion address from DigiCert, even though the .onion TLD does not exist on the open Internet. DigiCert has issued such a certificate before for Facebook’s Tor hidden service.