ProtonMail: How Google almost put us out of business

Firm suddenly disappeared from search results for 'secure email' queries - but only on Google

Google downgraded secure email provider ProtonMail in its search results, causing a 25 per cent drop in its income, according to CEO Andy Yen.

Yen said that in spite of ProtonMail's growing profile and an increased interest in encrypted email in general, the company's search positioning had dropped inexplicably in Google's page rankings, making it virtually invisible to people looking for secure email providers. The company consulted a number of SEO experts who could find nothing amiss, and no obvious reason why Google should punish the firm.

"For nearly a year, Google was hiding ProtonMail from search results for queries such as 'secure email' and 'encrypted email', wrote Yen in his blog.

"This was highly suspicious because ProtonMail has long been the world's largest encrypted email provider."

The company first became aware of the issue (which only affected Google results and not those of other search engines) in November 2015.

"All throughout spring 2016, we worked in earnest to get in touch with Google. We created two tickets on their web spam report form explaining the situation. We even contacted Google's president EMEA strategic relationships, but received no response nor improvement," Yen said.

At that time the EU was looking into anti-trust behaviour by Google, which controls 90 per cent of the search market in Europe. The EU authorities concluded that Google was favouring its own price comparison service over those of rivals in search results and, separately, that it had abused its dominant position by imposing restrictions on Android device makers. (The deadline for Google to respond to the latter case has been extended to November 3rd by the EU.)

Yen suspected that something similar might be happening to ProtonMail.

"In August, with no other options, we turned to Twitter to press our case," Yen said. "This time though, we finally got a response, thanks in large part to the hundreds of ProtonMail users who drew attention to the issue and made it impossible to ignore."

That response came from the former head of the webspam team at Google, Matt Cutt, who said that an unspecified problem had been fixed. Cutt no longer works for Google and no further information was forthcoming.

Once the changes had been made, ProtonMail saw an immediate improvement in its search rankings (see diagram).

Yen said that ProtonMail had lost around 25 per cent of its income as a result of its search downgrading, forcing it to draw on its emergency funds to pay staff. The company had already suffered a financial hit following an enormous DDoS attack last year which it blamed on state actors. In this case, though, Yen said the firm lacked evidence to firmly apportion blame.

"Google is very tight-lipped about anything to do with search, and it is not really in their nature to give out much information," Yen told Computing.

"After they fixed the issue, we didn't press them too hard for more details, they did acknowledge though that they fixed something," he added.

"At this point, we don't have any conclusive indication about whether this was intentional or unintentional. Software bugs do occur, so this could have been just a mistake, although we have not heard of any other cases like this so it's strange for a bug to only impact us," he said.

"Intentional or not, it is a pretty clear demonstration of a real world impact that Google's search monopoly can have. It might seem theoretical, but the financial losses we suffered were all too real."

Computing's Enterprise Security & Risk Management Summit returns on 24 November. Entrance is FREE to qualifying IT leaders and computing professionals, but places are going fast, so register now.