TLS is the security mechanism used in the HTTPS communication protocol that prevents hackers and your ISP from seeing what information you submit to websites (like your credit card number or address) and is responsible for encrypting most of the internet, including your connection to our blog right now. However, TLS is only implemented between endpoints of an HTTP channel. For example, as you’re reading our blog, HTTPS is using TLS to encrypt your connection between your device and our server.

This works fine if you are connecting to a website, but it’s insufficient if you’re sending an email. When you use a standard email provider, such as Gmailor Hotmail, all traffic toward it, including emails sent to you, will be protected in transit by TLS. The same is true in reverse; Emails you send from a standard email provider are also encrypted using TLS and sent to your recipient’s email provider . However, all TLS-protected traffic is decrypted once it arrives at these companies’ servers, including your emails. Most companies will then re-encrypt your messages while they are stored on their servers – using keys they control. This means that the company can decrypt and access the content of your messages at any time.

Services that use end-to-end encryption eliminate this possibility because the service provider does not actually possess the private key required for decryption. With Proton Mail or any other E2EE service, your private key is only available on your device, making E2EE much more secure and private.