12

There is a service called ProtonMail that encrypts email on the client, stores encrypted messages on their server and sends it encrypted in some fashion (depending on what email service the recipient uses).

My question here is how do they manage to search through my data if it's encrypted when they get it?

I'm confused how they do this in a scalable fashion so it doesn't break when I have a couple of thousand emails stored.

techraf
  • 9,141
  • 11
  • 44
  • 62
Minlingo
  • 123
  • 5

3 Answers3

7

According to their support page, it doesn't search in the body of the mail:

At this time ProtonMail does not search the body of your email messages. This is due to the fact that they are encrypted on our servers, and therefore we currently do not have a means to search them.

Instead, it searches in these non-encrypted fields:

  • Recipient email addresses
  • Sender email addresses
  • Subjects
  • Date s message was sent/received
  • Folder (Location)
  • Attachments (only yes/no, not the name of the attachment)
Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65
  • 1
    that seems to be not true: I send a link to Slashdot to someone. Then I search for Slashdot and get all mails with slashdot.org URLs. Try it yourself – Sybil Oct 25 '18 at 06:32
  • 1
    @Ivanov you are probably not using the in-browser app, proton mail apps and "proton bridge" allow for local decryption of message bodies for search. This does not appear to be so with the cloud in-browser service... I'm too lazy to test though. See my new answer: https://security.stackexchange.com/a/197779/191437 – Shwaydogg Nov 16 '18 at 03:49
  • How come they can decrypt the message so that you can read it, but are unable to decrypt the message in order to search it? I'm seriously considering switching to ProtonMail, but this missing search feature is kind of a deal-breaker... – Radu Murzea Feb 11 '20 at 10:43
  • @RaduMurzea: the decryption is done by your browser: ProtonMail doesn't know your decryption key. They can't decrypt it, so they can't read it. – Benoit Esnard Feb 11 '20 at 13:34
4

The above responses are out-of-date. It is now possible to search message content to easily find the email you're looking for, all without giving ProtonMail access to your messages.

To search your messages' contents while still keeping them private, we create a local index of your emails and store it using your browser’s web storage. When you perform a search, the app goes through the index of your downloaded emails and highlights all matches. Because the index is created in your browser, no one (not even Proton) has access to it, unless they have physical access to your browser device. More details on how this works can be found here: https://protonmail.com/support/knowledge-base/search/

Currently, message content search is available on mail.protonmail.com to everyone with a paid subscription (i.e. Plus, Professional, Visionary or Lifetime plan).

Mathieu
  • 141
  • 3
2

ProtonMail does not offer searching message body of emails in its cloud service, but on its mobile apps and as the Benoit Esnard points out. However, on apps that run locally it can locally decrypt your emails and fully search them locally.

Since the end of 2017 ProtonMail has also delivered a product called ProtonMail Bridge. Essentially, it's a little local email server on your local computer that is a bridge between local email applications: Outlook, Thunderbird or Applemail and the ProtonMail servers.

The Bridge essentially acts like a local email server (using the IMAP and SMTP protocols) and interacts with email clients also installed locally on your desktop computer. As a result, all encryption and decryption occur locally and thus the benefits of end-to-end encryption remain. The Bridge communicates with ProtonMail’s encrypted email server via our API, which supports end-to-end encryption, while email clients can communicate directly with the Bridge via standard IMAP and SMTP. In this way, standard email clients which do not natively support end-to-end encryption can support encryption without modification. Another way to think of it is that the ProtonMail Bridge translates end-to-end encrypted email data into a language that any email client can understand, thus “bridging” the gap between ProtonMail’s end-to-end encryption and your standard email client.

-Source/read more here.

Tutanota a competitor, claims to be the "first to enable search on encrypted data" However I'd add the asterisk, the first cloud email service to provide encrypted search, message body included, without requiring an application be installed locally and not to mention not every email has to be decrypted (as would occur with ProtonMail Bridge).

How does Tutanota's secure search of encrypted data work? Tutanota's secure search approach searches the data locally on the client, giving the server zero access. Here's how it works:

From Tutanota:

  1. The data is indexed.
  2. The search index is encrypted and stored locally on the client.
  3. The search index is searched according to the user's search queries.
  4. The code for Tutanota's search is published as open source so anyone can check it.

Related article complaining about proton mail lack of full search and threading.

Disclaimer I do not work or have an association with either company and I haven't used either. I was researching encrypted mail for future use and came across this thread and the articles I quoted. Much respect to both companies/products, for their efforts to bring user-friendly encrypted email to the masses!

Shwaydogg
  • 121
  • 3
  • Hi and welcome to information security. Your answer is very through, although it would profit if it were more concise and to the point of the OP's question. – Marcel Nov 16 '18 at 06:49