Home » Featured » ProtonMail Adds Tor Support with a New Onion Site and SSL Certificate
Click Here To Hide Tor

ProtonMail Adds Tor Support with a New Onion Site and SSL Certificate

In a press release from the Swiss-based, privacy-oriented email provider ProtonMail, the organization acknowledged the growing need for secure communications. But, beyond that, they recognized the increasing need to bypass “state sponsored censorship.” But the announcement served as a much greater purpose than a mere recognition. They announced ProtonMail became Tor-accessible, with its own .onion, both to increase user privacy and to allow users in countries with national censorship to access ProtonMail, even if the government blocked access to the website.

ProtonMail is both private and secure at its core, the service’s co-founder, Andy Yen, explained in a blog post. This evolvement simply expanded upon the pre-existing security features provided by ProtonMail. “We realize that censorship of ProtonMail in certain countries is not a matter of if, but a matter of when,” the announcement explained. (For examples, see the recent Tor ban in Turkey and the Signal update that implemented censorship bypassing mechanisms.)

Tor accessibility enhances the service’s privacy and allows an entire selection of users to access the email service where they once could not.


“Tor applies extra encryption layers on top of your connection, making it more difficult for an advanced attacker to perform a man-in-the-middle attack on your connection to us. Tor also makes your connections to ProtonMail anonymous as we will not be able to see the true IP address of your connection to ProtonMail,” he wrote in the blog post.

ProtonMail also acquired an HTTPS certificate from the certificate authority DigiCert, adding an additional layer of security. Developers explained that despite sounding redundant, the additional layer of security HTTPS provided could prove essential in the right circumstances. For instance, they explained, if the Tor network ever faced a major security vulnerability that a bad actor (or government) exploited, HTTPS served as a failsafe. The inverse situation shared the same argument. If the green indicator in the URL bar ever changed to a color that was not green, HTTPS’s safety no longer existed and then the Tor network served, too, as a fallback security net. Though two years later than the first company (Facebook) that obtained an SSL certificate for a .onion website, the certificate still marked a milestone for ProtonMail.

Additionally, regarding the SSL certificate, the announcement mentioned how the green bar prevented classic phishing attacks. With .onion URLs often being seemingly nonsensical, phishing is often one of the biggest threats to .onion explores. (This is another reason for the DeepDotWeb market list; the links are accurate and up-to-date.)

“ProtonMail’s .onion SSL certificate has Extended Validation so you will get the green bar in your browser, and it provides an additional layer of protection against phishing because you can be certain that the onion site you are connecting to belongs to us.” (ProtonMail)

The post also thanked Roger Dingledine of the Tor project for helping worth the .onion work.

ProtonMail comes recommended by many but the hidden service, according to their announcement, lacked the final touches. But they recommended reading more about the service on their website: ProtonMail.com.


  1. It doesn’t really make sense.

    If you try to sign up with them, you will be redirected to the normal domain.

    And you have to provide a e-mail address or even a mobile number to receive a confirmation code.

    Sometimes you even only can use a mobile number or a donate button depending on how fucked the TOR exit node is.

    And since Switzerland has a data retention of at least (!) 6 months the writing in the blog post is totally shit.

    “Tor also makes your connections to ProtonMail anonymous as we will not be able to see the true IP address of your connection to ProtonMail.”

    The Government still could contact the provider where ProtonMail is hosted and ask for access logs.

  2. when your use tutanota or protonmail relay good email, because hotmail sucks microsoft thinks im hacking or spammer, because im do nothing and then im banned 4 times. no more hotmail

  3. WTF
    they require javascript to be enabled :/
    javasctipt +TOR = BAD idea :/

    i think i will stick with Sigaint

  4. This is good, this bypasses the TOR out-proxies and keeps you within the TOR network.

    But until a month ago, there was a Login password, and an Encrypted Email Password that allegedly guaranteed your email could only be read by you. Now the Encrypted Email Password has been removed for new accounts, what’s up with that?

  5. Hotmail, Yahoo, Google Mail, Apple and other big ones.

    All of them “sucks” in terms of privacy.
    And if you use TOR, they will annoy you with Captchas or verification shit.

    Here is a decent list for providers with “.onion” access.


    @jgndfo, you still could use Tails (on a DVD!) or a VM Box like Whonix, Qubes OS and so on.

  6. Tor mail + Java required = bullshit

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *