As security and privacy became many people's concern, more people are seeking for products that can deliver those to them.
In order to meet such demands, the end-to-end encrypted email client ProtonMail has added a zero-access encrypted contacts manager that also digitally signs the contact information inside them.
Starting version 3.12 for ProtonMail's web client, the feature is a security benefit especially to those with a strong need to keep sources confidential. Journalists, for example. Although it's worth mentioning that any email addresses stored in the contacts manager are not encrypted.
The security layer here, only applies to phone numbers and addresses, and they are shown within an area with a lock icon.
In addition to that, ProtonMail also utilize digital signatures to verify the integrity of contacts data. Digital signatures are used for all contact fields, including the email address itself, and are denoted by the tick icon.
Using the notes field in contacts, you can also add other information about the contact that will be protected with zero-access encryption. In order to do email filtering, we do not use zero-access encryption for email addresses — doing so also does not significantly improve privacy because as an email service, we necessarily must know who you are emailing in order to deliver the message."
What this means for security-concerned individuals is that, ProtonMail adds "cryptographic guarantee that nobody (not even ProtonMail) has tampered with your contacts".
So if an attacker wanted to intercept the communications between users and a sensitive contact, one way to do it, according to ProtonMail, would be by secretly changing the email address or phone number tje users have saved for that contact, such as changing [email protected] to [email protected].
Because ProtonMail contacts are digitally signed, an attempt to tamper with contacts would lead to the following error:
Initially, ProtonMail‘s zero-access encrypted email service exited beta in March 2016. The company offered both a free end-to-end encryption email client with limited storage and feature. For paid users, ProtonMail added capacity and capabilities.
The digital signature verification for contacts feature is available for all users. However, the end-to-end encryption contact fields is initially available for paid users only.
Both features' technologies are open-sourced by ProtonMail.