Secure email service ProtonMail announced a safer way to send end-to-end encrypted emails from desktop clients such as Outlook, Apple Mail, and Thunderbird via the new "Bridge" application.
Some email users prefer to use desktop applications over web services because of the higher performance, while others believe that email web apps have gotten good enough that there’s no reason to use a native desktop application anymore. However, for those who are serious about securing their communications, desktop clients may still be the best (or safest) choice.
Browser encryption has long been criticized by cryptography experts because it’s easier for attackers to hack a server or intercept the communications and then change the code the user receives in the background, breaking or bypassing their encryption in the process. The user wouldn’t know because typically changes to a web app happen silently in the background.
Desktop apps, on the other hand, may require manual action from users when they receive an update. Desktop apps can receive malicious updates, too, but the general consensus is that it’s much easier for an attacker to exploit a web app.
ProtonMail Bridge is an application that you run in the background on your PC. Its purpose is to encrypt and decrypt ProtonMail emails as they are sent from or received in the desktop email clients.
The Bridge connects to ProtonMail’s servers via an application programming interface (API) that supports end-to-end encryption. The Bridge communicates with the desktop clients via the standard IMAP and SMTP protocols.
The search functions of the desktop clients will work as expected, because the emails are decrypted and stored locally on the machine as they are being received. ProtonMail’s integration with desktop clients will also allow users to easily drag and drop emails from one account to another, as a simpler way to import and export email data.
To use the Bridge app, ProtonMail’s paid users only need to add their accounts to it as well as to the email client they intend to use, and then configure the email settings (password, ports, etc) on those clients. The company said that for now only Outlook, Apple Mail, Thunderbird are supported, but in theory any IMAP client should work.