How ProtonMail Tor Access Makes Free Email Secure and Anonymous

Laptop with key
The Tor network hides you and your email use on the internet. ilyast/Getty Images

ProtonMail Tor access gives you secure and anonymous email with three levels of encryption even where ProtonMail is blocked as a regular website.

We Know Who You Are (and Who You Email)

On the internet, you can be identified.

Your IP address, your browser's cookies, your service provider's connections, your DNS server and other technical pieces of information give you away. If you have ever tried to convince a popular streaming service that you are not in the country in which you – well, honestly – actually are, chances are you have plenty of experience with that.

Streaming movies and telenovelas is one thing; secure email communication is another.

ProtonMail offers free, secure email from Switzerland with end-to-end encryption that happens in your browser or phone. You can sign up for the whole shebang anonymously. All this is no good, of course, if you cannot access the ProtonMail website from your location.

This is where the Tor network and Tor Browser come in.

How the Tor Network Anonymizes and Hides You Effectively

The Tor network anonymizes traffic on the internet. Instead of your computer or browser establishing a direct connection to the server (for email or a website, for instance), Tor sends that traffic through a number of relays. Each relay only knows who connected to it directly, and to where.

No party knows all the points in the connection chain. Most importantly, the final server (which serves the web site or emails) does not know you, your location, your IP address, or anything else about you.

Consequently, you cannot be blocked by IP address, country or browser.

How an HTTPS Onion Site Makes ProtonMail Tor Access Even Safer

In addition, Tor includes a system that hides not only the user but also the server. These hidden services are accessible only through Tor. That means a government or other organization cannot easily prevent access to these services; they do not know you are accessing them in the first place.

Instead of a "normal" web address (ending in ".com", for instance), you use what is called an onion address for the hidden web services in the Tor browser. Onion addresses end in ".onion". If you try to access an .onion site from outside Tor using a regular browser such as Google Chrome, all you get is an error.

Since ProtonMail can be accessed as an onion site, its services become all the more difficult to block.

Both email in the ProtonMail system and the Tor network provide end-to-end encryption of traffic. In addition, the ProtonMail onion site uses SSL (Secure Sockets Layer) for another, third, layer of encryption.

How to Get Really Secure Email with ProtonMail Tor Access

To access ProtonMail with a maximum of security and anonymity by leveraging multiple layers of end-to-end encryption and internet traffic obfuscation using Tor with Tor Browser:

  1. Make sure a Tor browser is installed on your computer or device. (See below.)
  2. Open Tor Browser.
  3. Type "https://protonirockerxow.onion/" into the address bar.
  4. Click Enter.
  5. Click the NoScripts button in the Tor Browser address bar.
  6. Select Options from the menu that has appeared.
  7. Go to Whitelist.
  8. Type "https://protonirockerxow.onion/" under Address of web site:.
  1. Click Allow.
  2. Now click OK.
  3. Log in with your ProtonMail user name and password.

Install Tor Browser on Windows for Protonmail Tor Access

To set up secure and anonymous browsing using the Tor network on a computer using Windows:

  1. Download Tor Browser from the Tor Project website.
    • Make sure your browser is accessing the Tor website using an HTTPS connection.
    • Select the Stable Tor Browser in your desired language for Microsoft Windows.
    • If you cannot access the Tor Project website, see below for other download options.
  1. If possible, do verify your Tor Browser download using the accompanying signature file; see below.
  2. Double-click the torbrowser-install-***.exe file you just downloaded.
  3. Select desired language in the Installer Language window.
  4. Click OK.
  5. Click Install to copy Tor Browser to its default location, your Windows desktop.
    • If you do want to keep using Tor Browser, do pick a more standard location, such as "C:\Program Files (x86)\".
  6. Typically, check Add Start Menu & Desktop shortcuts and uncheck Run Tor Browser.
  7. Click Finish.

Install Tor Browser on macOS or OS X for Protonmail Tor Access

To install a copy of the Tor browser on a macOS and OS X machine:

  1. Download Tor Browser from the Tor Project website.
    • Verify your browser has securely established an encrypted HTTPS connection to "torproject.org".
    • Select the Stable Tor Browser in your desired language for Mac OS X.
    • See below if you cannot access the Tor Project website.
  2. If possible, do verify the download using the accompanying signature file; see below.
  3. Open the TorBrowser-***.dmg file you downloaded.
  4. Drag and drop TorBrowser to your Applications folder.

Install Onion Browser (a Browser Using Tor and Onion) on iOS

On iOS, download and install Onion Browser for accessing ProtonMail through Tor.

(As a less anonymous and still secure alternative, you can use the ProtonMail app.)

Install Orbot and Orfox (for Using Tor and Onion) on Android

On Android, download and install both Orbot for connecting to the Tor network and Orweb as the accompanying browser for accessing ProtonMail through Tor.

(As a less anonymous but still secure alternative, you can use the ProtonMail app.)

Alternative Tor Browser Download Locations

If you cannot download Tor Browser from the Tor Network web site, do examine the following options:

Advanced: Verify the Tor Browser Download for a Maximum of Security

All anonymous and encrypted traffic passes through the Tor browser. It, then, is one place where your security and anonymity can be compromised: if you get a version modified maliciously to send a copy of the sites you visit, the emails you read and the replies you send to a hacker, Tor's whole purpose is defeated.

As a precaution, the Tor developers digitally sign the browser with a key only they posess. You can verify that signature to ensure, to a high degree, that you received the browser you wanted and not a hacked copy.

Unfortunately, this verificaion can get a tad involved and tricky as you need even other applications and possibly the command line; by no means is it impossibly difficult, however.

To verify your Tor Browser download's signature using Windows:

  1. Make sure Gpg4win is installed.
  2. Open Kleopatra from the Start menu.
  3. Select Settings | Configure Kleopatra from the menu.
  1. Now open the Directory Services section.
  2. Click New.
  3. Enter "pool.sks-keyservers.net" over "keys.gnupg.net" in the Server Name column for the new entry.
  4. Click Enter.
  5. Click OK in the Configure – Kleopatra window.
  6. Click Lookup Certificates on Server in the toolbar.
  7. Enter "0x4E2C6E8793298290" (without the quotation marks) under Find:.
  8. Click Search.
  9. Make sure "Tor Browser Developers (signing key)" is selected.
  10. Click Import.
  11. Now click OK in the Certificate Import Results – Kleopatra window.
  12. Download the sig file that is listed alongside the browser download you chose to the same folder where you saved the .exe file.
  13. Press Windows-R.
  14. Type "cmd" under Open:.
  15. Click OK.
  16. Open the folder to which you downloaded both the tor browser and the signature file.
  17. Type '"C:\Program Files (x86)\GNU\GnuPG\gpg2.exe" --verify torbrowser-install-6.5_en-US.exe.asc torbrowser-install-6.5_en-US.exe'.
    • This is only an example assuming the 6.5 version of Tor browser and Gpg4win installed under C:\Program Files (X86)\GNU\GnuPG; do adapt the folders and file names for your situation.
  18. Click Enter.
  19. Verify the output includes Good signature from "Tor Browser Developers (signing key) ".

To verify your Tor Browser download on macOS or OS X:

  1. Make sure GPG Suite is installed on your macOS or OS X machine.
  2. Open GPG Keychain in your Applications folder.
  3. Click Lookup Key in the toolbar.
  4. Enter "0x4E2C6E8793298290" (not including the quotation marks) under Search.
  5. Click Search.
  6. Check "Tor Browser Developers (signing key)".
  7. Click Retrieve key.
  8. Now click OK under Import results.
  9. Download the sig file that is listed alongside the browser download you chose.
  10. If the downloaded sig file ends in .asc.txt:
    1. Click on the ".asc.txt" file with the right mouse button.
    2. Select Rename from the menu that has appeared.
    3. Remove ".txt" from the ".asc.txt" extension so the file name ends in only ".txt"
    4. Hit Enter.
    5. Click Use .asc.
  11. Select the TorBrowser-***.dmg file in Finder.
  12. Select Finder | Services | OpenPGP: Verify Signature of File from the menu.
  13. Check the file has been signed by Tor Browser Developers under Verification Results.
  14. Click OK.

(Protonmail Tor Access tested with Tor Browser 6.5)