Proton Expands Its Privacy Ecosystem With a Password Manager

Proton Expands Its Privacy Ecosystem With a Password Manager

On Thursday, Proton announced one of the biggest new additions to its growing suite of privacy-focused apps: Proton Pass, an end-to-end encrypted password manager.

ProtonMail launched as an end-to-end encrypted email service only a year after the Edward Snowden surveillance leaks, becoming one of the de facto privacy applications on the web. During the past few years the company has gone through a growth spurt, rolling out a host of new features to populate an expanding privacy ecosystem — including a VPN, an encrypted cloud Drive, and a calendar. Last year, it changed its name, becoming simply “Proton,” presumably to signify its offerings beyond email.

The company says that the password application, now in a limited beta for select customers, will hopefully “be a milestone for password managers” and has been designed with strong encryption by SimpleLogin, a security company Proton acquired last year. At the same time, the company also announced it had surpassed 100 million registered users worldwide.

To get a better perspective on Proton’s recent changes and its ambitions for the future, Gizmodo sat down with Proton’s CEO, Andy Yen, to discuss what the company’s been up to and where it’s headed in the future.

First, what’s new at Proton?

Proton Pass is probably the most consequential new feature that Proton has released in quite some time. Now in beta, Pass is only available right now to Lifetime and Visionary Proton users, and even then on an invite-only basis. That said, Yen says the company has planned a general launch of the app “later this year,” meaning it will soon be available to all users.

“A password manager has been one of the most common requests from the Proton community ever since we first launched Proton Mail,” Yen wrote. “Proton Pass is not just another password manager. It’s perhaps the first one built by a dedicated encryption and privacy company, leading to tangible differences in security.”

To get more technical details about those distinct protections, Proton has provided a rundown of the password manager’s security model, which you can read about on its website.

Pass isn’t the only thing that Proton has rolled out lately, however. The company has announced a number of new features this year. Some of those include:

  • The ability for non-ProtonMail users to sign up for Proton Drive. This allows anyone to sign up with whatever third-party email they happen to be using (Gmail, Yahoo, etc.), which decouples the company’s cloud storage feature — and, really, its privacy ecosystem — from people who are subscribed to its mail service.
  • The launch of Proton’s VPN browser extension. A small, convenient little addition, Proton says the extension “provides similar protection” to its full VPN service, but only encrypts your browser’s HTTP connection.
  • The company also recently introduced a “kill switch” feature for its VPN, which stifles all outgoing and incoming connections outside of the VPN service and stops your device from connecting to the internet when the app is not active. Kill switches like this are considered additional protection.

Andy Yen on the past and future of Proton and privacy

Speaking with Gizmodo, Proton’s Yen said that the growth of consumer interest in privacy services over the past several years has generated more competition in his industry but it has also helped drive business to Proton.

“Back when we started, end-to-end encryption, abbreviated E2EE, was something that spies or crazy people were using — it was barely something most people had heard about,” Yen tells me. That changed in the intervening years — as an ever-compounding slew of privacy scandals drew attention to the dangers of surveillance capitalism and government spying. Today, the average consumer is much more well versed in services like E2EE, said Yen.

The demand for privacy is so high today that major tech companies who were once major data retailers have rebranded themselves as privacy guardians. Meta, which was infamously embroiled in the Cambridge Analytica scandal and has been tied to other disturbing data-mining episodes, has since and promised features like E2E encrypted messaging — in a bid to make itself seem more friendly to users. Apple, meanwhile, has made privacy one of the core tenets of its brand — famously rolling out a new tagline: “Privacy. That’s Apple,” despite glaring violations.

For Yen, these efforts don’t cut a lot of ice. “Big Tech is not going to be incentivized — from a business model perspective — to deliver the level of privacy that users really expect,” he said. “No matter what Zuck says, nothing can change the fundamental fact that he makes money by selling your data.”

Companies like Apple are merely shifting their business priorities from selling data to mining it for themselves, Yen claimed. “When Apple says, ‘We care about privacy,’ what they actually mean is ‘nobody can abuse your data — except for us.’ That’s Apple’s business model: they say, ‘we’re going to disable third-party trackers and ads so that we can mine your data and sell you ads, so that we can build our own ad business.’ So their privacy plan is nothing more than a cynical ploy to increase the walls of their walled garden to generate more profit.”

Yen said that while companies like Google claim to offer free services but actually make the user the product, Proton and other privacy-protecting companies are more upfront with users about a transaction taking place. “I believe our model is just more honest: we tell you ‘The internet isn’t free’ and, if you want to have more services, you can pay the cost of a cup of coffee per month but also have the assurance that your data belongs to you and is private and secure.”