ProtonMail's new tool encrypts your top secret email contacts

By Brittany Roston/Nov. 21, 2017 7:21 pm EST

ProtonMail, the encrypted email service for individuals who are concerned about data privacy and security, has just announced a new encrypted contacts manager that secures your potentially sensitive contact details. The feature is most useful for those with contacts they must keep secure, such as journalists who don't want their sources exposed to potentially prying eyes.

The new manager tool is called ProtonMail Contacts, and it is billed as the world's first-ever encrypted contacts manager...at least the first with digital signature verification and zero access encryption. The new features arrive with version 3.12 of the ProtonMail service, and they're the result of more than a year of effort.

To put it simply, the new tool keeps a user's contact details secure using zero-access encryption. Only the user can decrypt the contact fields and read what they contain; ProtonMail itself doesn't even have that ability. You'll know if your contacts are encrypted due to a lock symbol displayed with the contacts' details section.

ProtonMail specifically cites journalists as one potential type of user who will benefit from this new feature. Any data added in the contact's notes field will also be encrypted, making it possible to keep more than just name/address info on a contact.

The only exceptions to this are the email addresses themselves, which are not protected with zero-access encryption. The reason for that, says ProtonMail, is the fact that it must know the email addresses regardless because it is the platform delivering the mail to them. The email addresses can't be encrypted in this manner because of email filtering, as well.

To help ensure that someone can't tamper with a contact to potentially foil the user, ProtonMail has also introduced digital signature verification. With this, the company explains, users get a "cryptographic guarantee that nobody ... has tampered with your contacts." Should someone tamper with contact details, the user will see a notification alerting them to a verification or decryption error.

SOURCE: ProtonMail