Proton Pass
Proton Pass is an open-source, end-to-end encrypted password manager from Swiss privacy company Proton AG. It encrypts all fields including usernames and URLs, not just passwords. Available as browser extensions, desktop apps, and mobile apps with a generous free tier offering unlimited passwords and devices. Premium features include built-in 2FA authenticator, unlimited email aliases via SimpleLogin integration, dark web monitoring, and secure vault sharing.
Score generated by AI agents based on publicly cited evidence and reviewed by the project maintainer. Not independently validated.
Score History
Timeline events are AI-curated from public reporting. Score trajectory is derived from documented events.
Proton Pass launched as a minimal viable product: browser extensions and mobile apps only, no desktop clients, no sharing, no passkeys, no offline mode, and no export functionality. The underlying Proton AG infrastructure was healthy — no VC investors since CRV's exit in 2021, open-source commitment, Swiss jurisdiction — but the product itself had notable D1 and D4 gaps from missing features. The free tier was generous from day one (unlimited passwords and devices), keeping monetization pressure low.
Proton Pass rapidly addressed launch gaps: open-sourced under GPLv3 with published Cure53 audit, added vault sharing, credit card storage, password history, and the Windows desktop app with offline mode. Passkey support arrived for all users including free tier. The product was maturing fast, closing the feature gap with established competitors. Export was added but remained restricted to paid users, and format compatibility issues persisted. The SimpleLogin integration deepened with Pass Plus gaining premium alias features.
The Proton Foundation's establishment as controlling shareholder in June 2024 structurally locked in the company's mission-driven governance. Pass Monitor launched with dark web monitoring, macOS and Linux desktop apps completed platform coverage, the Family plan expanded household adoption, and Proton joined the FIDO Alliance's passkey portability effort. The Spanish activist data disclosure drew criticism but reflected legal compliance rather than voluntary cooperation. D3 and D4 both improved as the non-profit structure and passkey interoperability work reduced extraction and lock-in risks.
Proton Pass reached feature parity with leading competitors across most dimensions: file attachments, emergency access, biometric auth, and Secure Links for non-user sharing. The CEO's political controversy and the journalist account suspension introduced minor governance concerns, but the Foundation structure and ongoing privacy advocacy (Apple antitrust suit, $5M+ in lifetime fundraiser donations) kept the overall posture healthy. The product remains stable at a low enshittification score with no signs of extraction pressure.
Alternatives
Fully open-source, offline-first password manager with zero subscription fees or cloud dependency. Hard switch — requires manual sync setup and has a steeper learning curve. Best for users who want complete control over their vault with no reliance on any company's servers.
Open-source password manager with an exceptionally generous free tier (unlimited passwords, unlimited devices) and the strongest data portability in the category. Easy switch — supports direct import from Proton Pass. At $20/year for Premium, it's comparable in price. Less polished UI but fully functional and backed by published security audits.
Polished commercial password manager with strong family/team sharing features. Moderate switch — Proton Pass export format is not natively recognized, requiring a workaround via CSV. At $36/year it costs more than Proton Pass Plus. Note: 1Password has raised $920M+ in VC funding and is pursuing an IPO, introducing long-term extraction risk.
Dimensional Breakdown
Summaries below were written by AI agents based on the cited evidence. They are editorial interpretations, not independent research findings.
Dimension History
Timeline (41 events)
ProtonMail Indiegogo crowdfunding campaign launches
ProtonMail launched its Indiegogo crowdfunding campaign seeking $100,000 to fund development of an end-to-end encrypted email service. The campaign raised over $550,000 from more than 10,000 backers, setting a new record for software projects in the technology category on Indiegogo.
PayPal freezes $251,721 in ProtonMail crowdfunding donations
PayPal froze ProtonMail's account containing $251,721 in crowdfunding donations without prior notice. A PayPal representative questioned whether ProtonMail was legal and whether they had government approval to encrypt emails. The funds were released within 24 hours after public backlash, but the incident demonstrated centralized payment processor risks for privacy-focused companies.
ProtonMail raises $2M seed from CRV and FONGIT
ProtonMail secured a $2M seed round from Charles River Ventures (CRV) and Fondation Genevoise pour l'Innovation Technologique (FONGIT). CRV took a small minority stake. This was the company's only venture capital round, and CRV later sold its stake to FONGIT in 2021.
ProtonMail open-sources web client code
ProtonMail released its web client source code publicly with version 2.0, making the entire frontend open source. This was an early commitment to transparency that would extend across all Proton products over the following years, enabling independent security verification.
ProtonMail suffers major DDoS attack, pays $6,000 Bitcoin ransom
ProtonMail was hit by a sophisticated DDoS attack that took the service offline for six days. Under pressure from collateral damage to other companies sharing their ISP, ProtonMail paid 15 BTC (~$5,850) to the Armada Collective. The attacks continued from a second, more sophisticated group. ProtonMail subsequently declared it would never pay another ransom.
ProtonMail exits beta, opens public registration
ProtonMail launched version 3.0, leaving beta after nearly two years of invitation-only access. The release included a redesigned web client and public beta versions of iOS and Android apps, making encrypted email widely accessible for the first time.
Proton VPN launches with free tier and Secure Core
Proton launched ProtonVPN with both free and paid tiers, featuring a Secure Core architecture that routes traffic through multiple encrypted tunnels across different countries. The service expanded Proton's privacy ecosystem beyond email for the first time.
Proton receives ~€2M EU Horizon 2020 grant for ProtonSuite
The European Commission awarded Proton AG approximately €1.9M through the Horizon 2020 research program to develop 'the most secure collaboration suite in the world.' The grant funded development of Proton Drive and other ecosystem products without giving the EU any equity or governance control.
CRV sells venture capital stake in Proton to non-profit FONGIT
Charles River Ventures (CRV), Proton's only venture capital investor, transferred its minority stake to FONGIT, a Swiss non-profit foundation. This removed the last VC shareholder from Proton's cap table, eliminating external pressure for exit-driven returns.
ProtonMail discloses French climate activist's IP address to police
ProtonMail complied with a Swiss legal order to log and provide the IP address of a French climate activist to Swiss authorities, who shared it with French police via Europol. The activist was subsequently arrested. Proton updated its privacy policy, removing language that had implied IP addresses were never logged. CEO Andy Yen stated Proton was unaware the request related to climate activists.
Proton wins Swiss court ruling: email is not telecommunications
Switzerland's Federal Administrative Court ruled that email providers are not telecommunications providers under Swiss law, exempting them from telecom-specific data retention requirements. Proton had challenged the Swiss government's attempt to reclassify email services under stricter surveillance rules.
Proton co-founds Coalition for Competitive Digital Markets
Proton, along with Open Xchange and Element, founded the Coalition for Competitive Digital Markets (C4DM) to advocate for stronger interoperability provisions in the EU's Digital Markets Act. The coalition lobbied for rules against pre-installed app abuse, bundling, and self-preferencing by Big Tech gatekeepers.
Proton acquires SimpleLogin email alias service
Proton acquired SimpleLogin, a French open-source email aliasing service with over 100,000 users and two million aliases created. SimpleLogin continued operating as an independent service while its technology was later deeply integrated into Proton Pass as the email alias feature.
ProtonMail rebrands to Proton with unified ecosystem
ProtonMail rebranded to simply 'Proton,' unifying Proton Mail, Proton VPN, Proton Calendar, and Proton Drive under a single brand, account, and subscription. The rebrand included new logos, a visual redesign, and the proton.me domain, signaling the shift from a single email product to a full privacy ecosystem.
Proton Drive exits beta with end-to-end encrypted cloud storage
Proton Drive launched publicly as a web app on September 22, 2022, followed by mobile apps in December. The zero-knowledge encrypted cloud storage service added another pillar to Proton's privacy ecosystem, funded in part by the EU Horizon 2020 grant.
Proton Pass enters beta for Lifetime and Visionary users
Proton launched a beta version of Proton Pass, its end-to-end encrypted password manager, to Lifetime and Visionary subscribers. The beta was available as browser extensions for Chrome, Firefox, and Brave, plus mobile apps for iOS and Android. Proton Pass differentiated itself by encrypting all fields including usernames and URLs, not just passwords.
Proton Pass launches globally with freemium model
Proton Pass launched to the general public with a free tier offering unlimited passwords on unlimited devices, and a paid Pass Plus tier at $2.99/month (billed annually). The launch was criticized for missing features common in competitors: no desktop apps, no passkey support, no sharing, and no offline mode. Reviews noted it was a promising but incomplete v1.0.
Proton Pass open-sourced under GPLv3, publishes Cure53 audit
Three weeks after public launch, Proton open-sourced all Proton Pass code under the GPLv3 license and published the results of an independent security audit by Cure53. The audit, conducted May-June 2023, found a moderate number of issues, most limited in severity. All were resolved except one medium-severity Android platform limitation.
Proton Pass adds secure vault sharing feature
Proton Pass introduced end-to-end encrypted vault sharing, allowing users to share passwords and sensitive information with other Proton Pass users. Free users could share with up to two people; paid subscribers with up to nine per vault.
Proton Pass memory cleartext bug disclosed by researchers
Security researchers reported that Proton Pass retained passwords in cleartext form in memory for up to 30 minutes after the PIN lock was activated. The issue had been identified in the Cure53 audit but was reintroduced in a subsequent release. Proton confirmed the bug and pushed patches, noting the severity was low since exploitation required physical device access.
Proton Pass launches Windows desktop app with offline mode
Proton Pass released a native Windows desktop application, one of the most requested community features. The app included offline mode (for paid subscribers) protected by Argon2 encryption, allowing access to passwords without an internet connection. This addressed a major gap compared to competitors like 1Password and Bitwarden.
Proton Pass adds passkey support for all users including free tier
Proton Pass rolled out passkey support across all platforms, making it available to both free and paid users. Unlike competitors that restricted passkeys to paid tiers, Proton offered FIDO2-based passwordless authentication at no cost. The implementation was open-source and based on the open FIDO standard.
Proton acquires Standard Notes encrypted note-taking app
Proton acquired Standard Notes, an end-to-end encrypted note-taking app with over 300,000 users. The acquisition was Proton's second after SimpleLogin. Standard Notes remained open source, independently operated, and honored existing subscriptions. Both companies shared values of E2E encryption, open source, and independence from venture capital.
Proton Pass launches Pass Monitor with dark web monitoring
Proton Pass introduced Pass Monitor, a security suite with four features: dark web monitoring for credential leaks, weak/reused password alerts, inactive 2FA identification, and Proton Sentinel account protection. Password Health and Inactive 2FA were available to free users; Dark Web Monitoring and Sentinel required a paid plan.
Proton Mail discloses Catalan activist recovery email to Spanish police
Proton complied with a Swiss legal order to provide the recovery email address associated with a ProtonMail account linked to Tsunami Democratic, a Catalan pro-independence movement. Spanish police, investigating events from the 2019 Catalonia protests as a terrorism case, used the recovery email to identify the activist through Apple's iCloud records.
Proton Pass launches macOS and Linux desktop apps
Proton Pass released native desktop applications for macOS and Linux, completing platform coverage across all major operating systems. The Linux version supported Debian and RedHat-based distributions including Ubuntu, Fedora, and CentOS, reflecting Proton's commitment to open-source platforms.
Proton restructures business plans with price increase for new subscribers
Proton restructured its business tiers, renaming plans (Pass Business became Pass Professional, Proton Business became Proton Business Suite) and raising prices for new subscribers. Existing customers retained their pricing until plan changes. Pass Essential remained at $4.99/user/month and Pass Professional at $6.99/user/month.
Proton Foundation established as controlling shareholder
Proton co-founders Andy Yen, Jason Stockman, and first employee Dingchao Lu donated shares to the newly established Proton Foundation, a Swiss non-profit, making it the primary shareholder. The Foundation's board of trustees included Tim Berners-Lee and privacy scholar Carissa Veliz. Swiss foundations cannot have shareholders and are legally bound to their stated purpose, blocking hostile takeovers.
Proton Docs launches as encrypted Google Docs alternative
Proton launched Proton Docs, an end-to-end encrypted real-time collaborative document editor integrated into Proton Drive. Every keystroke, cursor movement, and document was encrypted in real time. Proton explicitly pledged that documents would never be used to train AI models. The feature was available free through Proton Drive.
Proton Pass introduces Secure Links for sharing with non-users
Proton Pass launched Secure Links, allowing paid users to share credentials with people who don't have Proton Pass accounts via encrypted, expiring links. Links could be set to auto-expire after 1-30 days, limited to a set number of views, and revoked at any time. The feature expanded sharing beyond the Proton ecosystem.
Proton Wallet launches for Bitcoin self-custody
Proton released Proton Wallet, a self-custody Bitcoin wallet integrated into the Proton ecosystem. Motivated by PayPal's 2014 freezing of ProtonMail's crowdfunding donations, the wallet allowed users to send Bitcoin via email addresses. Over 100,000 users joined during early access.
Proton Pass adds Identities feature and desktop biometric auth
Proton Pass launched Identities, allowing users to store and auto-fill personal data like name, address, and phone number in web forms. The feature was available to all users including free tier. Paid users also received biometric authentication on desktop via Windows Hello and Touch ID on macOS.
Proton joins FIDO Alliance Credential Exchange Protocol effort
Proton joined the FIDO Alliance's effort to develop a Credential Exchange Protocol enabling passkey portability between password managers. This initiative, alongside competitors including 1Password, Bitwarden, and Dashlane, aimed to eliminate passkey vendor lock-in and establish an open standard for credential migration.
Proton Pass launches Family plan for six users
Proton launched the Proton Pass Family plan at $4.99/month (billed annually), providing six full Pass Plus accounts with shared admin controls. Each family member got private vaults plus shared family vaults. The plan was competitively priced at under $1 per user per month.
Venak Security publishes disputed memory vulnerability claims
Security firm Venak Security published claims about memory protection vulnerabilities in Proton Pass and Proton VPN, alleging 500 million accounts were at risk. Proton published a detailed rebuttal explaining that the claims were false: Proton Pass must hold decrypted data in memory while in active use, and VPN traffic uses separate session keys rotated every two minutes, not the static keys Venak described.
CEO Andy Yen sparks political controversy with pro-Republican post
Proton CEO Andy Yen praised the Republican Party and Trump's appointment of Gail Slater to head DOJ antitrust on X (formerly Twitter). The post was made from Proton's official social media accounts, prompting backlash from the privacy community. Proton deleted the post and stated official accounts cannot express personal political opinions, maintaining the company is 'politically neutral.'
Proton Pass adds file attachments for paid subscribers
Proton Pass introduced file attachments, allowing paid users to attach files up to 100MB each to any vault item. Storage limits varied by plan: 10GB for Pass Plus/Pro, 50GB for Family, and 500GB for Unlimited. Files were end-to-end encrypted and could be shared via Secure Links or vault sharing.
Proton joins antitrust class action against Apple's App Store practices
Proton filed papers to join an existing class-action antitrust lawsuit against Apple, alleging the App Store's 30% commission, restrictions on alternative payment methods, and censorship of privacy-oriented apps constitute anti-competitive practices. Proton pledged to donate any damages received to democracy and human rights organizations through the Proton Foundation.
Proton launches Emergency Access for account recovery
Proton introduced Emergency Access, allowing paid users to designate up to five trusted contacts who can gain access to their Proton data (emails, passwords, files) either immediately or after a custom waiting period. Unlike Google's inactive account manager, Proton's system didn't rely on inactivity detection, giving users explicit control.
Proton suspends journalist accounts after CERT alert
Proton suspended email accounts belonging to security journalists who had published research in Phrack magazine documenting intrusions into South Korean government systems. A CERT (unnamed) alerted Proton that the accounts were being misused. After public outcry, Proton reinstated the accounts but did not disclose which CERT made the alert, raising transparency concerns.
Proton Lifetime Fundraiser raises $1.27M for digital rights organizations
Proton's 2025 Lifetime Account Charity Fundraiser generated $1.27 million for digital rights and privacy organizations, bringing the total donated over eight years to more than $5 million. Over 100,000 tickets were sold to more than 50,000 participants. Recipients included Privacy International, Freedom of the Press Foundation, Tor, and GrapheneOS.
Evidence (40 citations)
D1: User Value Erosion
D2: Business Customer Exploitation
D3: Shareholder Extraction
D4: Lock-in & Switching Costs
D5: Twiddling & Algorithmic Opacity
D6: Dark Patterns
D7: Advertising & Monetization Pressure
D8: Competitive Conduct
D9: Labor & Governance
D10: Regulatory & Legal Posture
Scoring Log (3 entries)
Initial scoring with alternatives