ProtonMail is a new email service developed by a group from MIT and European research center CERN. It promises to bring secure, encrypted email to the masses and keep sensitive information away from prying eyes.
“We guarantee only the sender and receiver can read the messages,” said Andy Yen, a co-founder of ProtonMail. “We have zero access to user data.”
Not only has its platform has been successful, its crowdfunding campaign on Indiegogo has already surpassed its $160,000 goal within three days and has, so far, raised $197,130 from 4,250 backers. The campaign started on June 17th. Their servers are currently at maximunm, but additional funds raised will go towards increasing their capacity. You can request an account and go onto the waiting list here.
In my opinion, this looks to be the best solution to mass collection of emails by intelligence agencies.
- They do not collect user data such as IP addresses or times of activity
- The servers are in Switzerland, which means any government trying to get access to the little data ProtonMail says it collects would have to work through Swiss digital privacy laws, some of the toughest in the world.
- They are not accepting investors so ProtonMail’s focus remains on privacy and security without corporate interests interfering with that.
- You can send encrypted email to non-ProtonMail users, including Hotmail, Gmail and Yahoo accounts.
- They use only the most secure implementations of AES, RSA, along with OpenPGP. They are open-source meaning there are no ‘backdoors’ in the code.
- Hardware is contained in secure datacentres also used by Swiss banks.
- They run special routines on our servers to ensure that the code running on our systems is not illicitly changed without our knowledge in the event of a server compromise.
- Full details on their security implementations can be found here.
I am on the waiting list and currently awaiting my own free account. I would urge everyone who is concerned about online privacy to do the same. While it is not completely secure, it is the best service currently available, and the creators have been very upfront about the strengths, and weaknesses, of their service.
We know that the NSA collects encrypted emails simply because they are encrypted, arguing that if you want to hide the contents of your email then there must be something worth reading. This email service prevents that from happening.
However, the greatest weakness lies in keyloggers; the contents of your emails are most vulnerable when you are typing them into the email message in an unencrypted form. If the NSA or GCHQ want to read your emails, then they will need to carry out a personalised attack, with the most likely to be the installation of a keylogger to retrieve your account password, decryption key and emails. We know that they use this tactic. It may be hard to prevent this, but you can take heart knowing that they have wasted their time and resources on an innocent citizen fighting back. If you want some information, including a time-consuming, but effective, method for combating keyloggers, then look here. There are also anti-keylogging softwares available, but no-one can vouch for their integrity or effectiveness.